It is absolutely the right of a private property owner to control and monitor access to its property.
Further, this data is actually useful: if something happens, you know who the last people to open the door were. Further, as a grantee of privileged access, you know that. You know you can't just say it must have been one of the 200 others with the common key. So it's more invisible prevention than measurable solving.
This lets administrators be more permissive about delegating access while simultaneously increasing security. For example, I work in a couple of the concert halls on campus. Students have always held keys to interior doors, but University policy was that students could not have unsupervised access to exterior doors, probably for insurance reasons.
This meant that if the boss wanted to leave the hall operational while not present, student staff would have to prop doors open. If the hall was locked, he'd have to drive all the way out to campus even if he didn't need to be there for the event. Now that we have an audit-trail-producing card reader system, administration is fine with granting students card access to exterior doors. We are both more efficient (because we don't waste supervisor time) and more secure (because students can lock doors and reopen them when necessary.)
In the past, when students have gone missing, their last contact was not with humans but with the access control system. It provided better "last known location" data that improved investigations. It can validate alibis (demonstrating that you were at a building across campus) and provide evidence in discipline proceedings (the alleged rapist says he wasn't there that night, but his ID swiped into the dorm a few seconds behind the alleged victim, etc.)
Access control logs introduce truth into otherwise ambiguous situations. It matters less what you think, who you like more, or what you want to be true because there is a record you can check. Whether it's "should we keep the library open later?" or "when exactly did this kid go missing?"
You also almost never have to interact with the access control system unless you hold privileged access as part of a job, research assignment, etc. Students who live off campus and don't study at the libraries can go months without pulling out their IDs. It's not like you need to swipe your card to walk down a public street. But when you are accessing university services, it seems only reasonable that the university gets to know that you're doing so.
This isn't a question of whether they should be allowed to log. This is a request to them to not log. By making it public, more people may back the request and the university can make a decision keeping in mind the opinions of students and scholars.
Again, because you seem to misunderstand this piece in many comments, this isn't about whether MIT can legally log. It's about whether they should. RMS is telling them they shouldn't not that they are legally constrained to not do so.
>Yeah, it is inconceivable that someone could ever steal or clone an ID card.
My school uses iCLASS smartcards. It's not a matter of cloning a serial number; you would need to break the RSA implementation or steal the school's private keys to produce a functioning duplicate.
If you steal a card from someone who lives in a dorm, they'll know as soon as they try to enter the dorm. The card you stole will be deactivated minutes later.
>"how do we keep constant tracking information from being abused in cases when the people being tracked are relatively honest?"
In cases of malevolent surveillance, there's usually a reason to oppose it. Insurance companies might charge extra to customers with higher risk profiles, like those who buy cigarettes and junk food. A right-wing government might try to disadvantage those who are gay, atheist, left-leaning, anti-war, etc. A left-leaning government might try to disadvantage Christian groups, people advocating conservative policy, etc. Any malevolent actor with access to surveillance data might blackmail people who are having affairs or end careers by sharing jokes in poor taste made among friends. Etc, etc.
How do you abuse door access data? What can MIT do with the fact that you entered a building at a certain time?
Those are a lot of hypotheticals. As RMS said in his article:
> Such claims must be put to the test. The NSA claimed that surveilling everyone in the US was vital for preventing terrorism. When it had to give details, it became clear that the supposed benefit did not exist.
And indeed, when RMS pressed the MIT police chief for actual evidence of the claimed benefits, he dodged the question.
No, it's asking them to prove a positive. CSAIL has been using the card system for 10 years now. If logging card access has all the pubic safety benefits that proponents claim it has, it should be possible to point to "criminals that have been caught, and/or property recovered." RMS asked the MIT police chief for this data, in aggregate (i.e. no personal details requested), and the MIT police chief dodged the question.
OK, how about comparing the rate of property crime in buildings using traditional, non-electronic locks, with buildings using electronic locks that track access?
The point here is that so far no evidence has been put forward to support all the hypothetical public safety benefits for which we're being asked to give up our privacy. That's troubling.
It is my privacy, and just because a private building owner can legally violate that privacy doesn't mean that they should or must[1], or that the users of that building shouldn't question the stated reasons that their privacy is being violated (particularly in the case of universities, which usually respect their community members' opinions more than a typical private organization).
[1] For this reason, your assertion that secretly entering a private building is a crime is not universally true.
Just because the owner has a legal right to keep tabs on people, and that doing so doesn't infringe on constitutionally protected rights, doesn't mean privacy isn't being violated or that (s)he is above criticism.
You do not get to enter a building that someone else owns while keeping that fact secret from the building owner. That's a crime.
Nobody is saying that it should be "kept a secret". Only that it shouldn't be on record, especially electronically. You know, like people do everywhere buildings have regular keys.
Another use for logging would be to account for people during emergencies. Firefighters, for instance, would probably find it useful to know that three people are apparently still in the building.
Employers can also demand you pee in a cup for them. Many employers consider that degrading to employees, and that making such demands of employees supports a counterproductive Drug War.
Employers can also paint the walls puke green and pipe in Muzak. They can hire the low bidder to make lunch out of pink slime. They can keep the offices at uncomfortable temperatures.
So, yes, they can also track you like tagged livestock. But they can also choose not to.
>Further, this data is actually useful: if something happens, you know who the last people to open the door were. Further, as a grantee of privileged access, you know that. You know you can't just say it must have been one of the 200 others with the common key. So it's more invisible prevention than measurable solving.
That's a big "if", though, and in the article, Stallman points out that MIT isn't able to actually show that it's a realistic reason to encourage this sort of surveillance.
I feel like there's a middle ground here -- for example, card readers could store a hash of an on-card identifier, one that the security staff do not have access to in normal student records. In exceptional circumstances, you could de-blind the logs and see if a single person was in the building at a given time or not, but there wouldn't be surveillance and the logs would be useless in the typical case.
A card swipe doesn't show that you're there, though. As a student I'd lend people my card all the time, as would most people I knew.
That defeats the purpose of "The place got trashed last night, who was it?"
However, a lot does depend on how the data is being used. My access pattern is very questionable. I swipe into my workplaces at weird times, sometimes to use the bathroom while coming back to the dorms from a party or something. I try my card on all kinds of doors just to see if they'll open. I've never been questioned about it.
I'm 99% certain that nobody is pulling the logs except in response to incidents.
It depends on the school. A university near me has people watching this data or some sort of anomaly detector running over it in real-time to try to catch parties in dorms. I think that's more than a little Orwellian.
Also yes, it eliminates the possibility of dragnet searching. This is by design. Dragnet searches go against the principles on which the United States was founded. If I am not personally suspected of a crime, my data must be sacrosanct or I have been demeaned as an individual. Innocent until proven guilty and unspied-upon until suspected personally.
Swiping into a building is the electronic equivalent of signing in on a clipboard held by a security guard. That is hardly spying, and it's definitely not "your data."
If a municipality were to do this with all the private residences under their jurisdiction, sure, that'd be Orwellian, because then it really is your data. In this case it's MIT's data about MIT's facility that happens to have been triggered by you.
Most uses of that kind of data are confidential and exactly the kind of thing you would expect campus police or IT to refuse to disclose any details about.
I would never trust campus police with that access data. Police officers are under-educated, often predjudiced, and operate under a shield of un-prosecutability that makes them rouge agents. Further, on college campuses, students frequently are employed within campus police/public safety in ways that would make it very easy for them to grab the data.
Were that system implemented (which it should never be, because I thought of it in 10 seconds for a hacker news comment and anything real would need to be much more thought out), the list of card IDs should exist only on paper, in a locked file cabinet, controlled by someone whose job it is specifically to safeguard the privacy of students. Maybe the existing roles that manage grade privacy.
IT is even worse. I'd hate for a creepy sysadmin intern I declined to go on a date with to know where I lived or if I was alone in an academic building at night.
Further, this data is actually useful: if something happens, you know who the last people to open the door were. Further, as a grantee of privileged access, you know that. You know you can't just say it must have been one of the 200 others with the common key. So it's more invisible prevention than measurable solving.
This lets administrators be more permissive about delegating access while simultaneously increasing security. For example, I work in a couple of the concert halls on campus. Students have always held keys to interior doors, but University policy was that students could not have unsupervised access to exterior doors, probably for insurance reasons.
This meant that if the boss wanted to leave the hall operational while not present, student staff would have to prop doors open. If the hall was locked, he'd have to drive all the way out to campus even if he didn't need to be there for the event. Now that we have an audit-trail-producing card reader system, administration is fine with granting students card access to exterior doors. We are both more efficient (because we don't waste supervisor time) and more secure (because students can lock doors and reopen them when necessary.)
In the past, when students have gone missing, their last contact was not with humans but with the access control system. It provided better "last known location" data that improved investigations. It can validate alibis (demonstrating that you were at a building across campus) and provide evidence in discipline proceedings (the alleged rapist says he wasn't there that night, but his ID swiped into the dorm a few seconds behind the alleged victim, etc.)
Access control logs introduce truth into otherwise ambiguous situations. It matters less what you think, who you like more, or what you want to be true because there is a record you can check. Whether it's "should we keep the library open later?" or "when exactly did this kid go missing?"
You also almost never have to interact with the access control system unless you hold privileged access as part of a job, research assignment, etc. Students who live off campus and don't study at the libraries can go months without pulling out their IDs. It's not like you need to swipe your card to walk down a public street. But when you are accessing university services, it seems only reasonable that the university gets to know that you're doing so.