Over 30,000 students and staff members connect to the eduroam network on a daily basis. The connection is allowed through the use of the WatIAM system which allows students access to programs such as Learn, Quest, Portal, and JobMine using the same username and password. So how anonymous is the student body on the eduroam network? </p>
Imprint spoke to Jason Testart, the director of Information Security Services at UW, to clarify what the university monitors and why.
“The university has monitoring in place on the network. The reason for the monitoring is to detect security incidents,” said Testart. The IP addresses from the devices connected to the network are monitored, and those addresses then connect to the IP addresses specific to certain sites which can be examined as well. The university can distinguish between students using an email server or simply browsing the Internet. “That’s pretty much the extent of the monitoring that we do, when it comes to what you’re doing online,” said Testart, adding on that the reason behind the monitoring is beneficial to students. “If we see that there is a threat to the university’s network, or if we have evidence that maybe your computer or your device has been doing something where your privacy is at risk, then we’ll track down who you are and notify you.”
Email activity from students and staff using the @uwaterloo service is monitored as well. “We do maintain login logs and we will have logs which will show where mail is going to and from. We don’t read peoples email because there is an expectation of privacy there,” explained Testart. The logs kept by Information Security Services “are necessary for troubleshooting if email doesn’t work, for analyzing the security, and just to make sure that the service maintains reliablility.” The service has to stay up-to-date and efficient due to the high traffic flow of the service being used by thousands of students and staff.
The university does not constantly monitor the use of illegal sites by students, or the sites they might visit in general. “Those logs will just sit for between two and six months depending on the technology in use. They don’t really get looked at. The only time they might get looked at is if there is an investigation that started from an associate dean for cheating or university police if there is a safety issue. For example, somebody’s got a mental health issue and they need to see if they’ve been online recently. We can do a little bit of help there. Or if there’s a court order, obviously any provider has to meet the obligations of a court order. Apart from those circumstances, no we don’t,” said Testart.