ACL

[Jack Spitznagel]

There are some instances where denial of direct access to data is a 
governmental requirement.

Example: The US government has (for better or worse) enacted the 
Heathcare Insurance Portability and Accountability Act because of a 
number of egregious violations of privacy by drug companies and other 
interested parties (read personal injury lawyers) who profited by data 
mining health records. Unfortunately unscrupulous sysops and records 
admins were among those who were party to passing private healthcare 
data along to unauthorized third parties. Under HIPAA, a patient must 
give express access permission to a sysop at a healthcare organization 
for their personal information, otherwise that data is handled in 
encrypted blocks that can not be accessed by those without proper 
authority.

In practice, a system admin often has access to information that would 
enable them access to patient information, but the monitoring of these 
systems and the incredibly stiff penalties (IIRC $11,000 or more per 
incident) acts as a check on the curious.

-J



Mark Haney wrote:
> hike wrote: 
>> No, it is not wise.
>>
>> It is unethical for sysadmins to access this data without a specific 
>> reason
>> and approval.
>> If you cannot trust your sysadmins to act in an ethical fashion, YOU 
>> have
>> screwed up big-time.
>>
>> YOU hire trustworthy people.
>> YOU train trustworthy people.
>>
>> Locking-down SELinux does not stop unethical sysadmins.
>> It will just take a little longer to breach your ill-advised & INSULTING
>> security.
>> Once the unethical sysadmin that YOU hired breaks in, she will be 
>> (rightly)
>> pissed and really screw things up.
>>
>> If you don't trust YOUR sysadmins, either quit (the preferred 
>> solution) or
>> fire the sysadmins.
>>
>> Doesn't anybody think it is essential to hire TRUSTWORTHY people any 
>> more?
>> Doesn't ANY employer think it is essential to RESPECT their employee any
>> more?
>>
>> These are two reasons that businesses in the U.S.A. suck big time!
>>
>>
>
> I have to say, I certainly do agree with you.  I was thinking the 
> exact same thing, but didn't want to turn this thread into a flame 
> war. Personally, it's a lack of respect on both sides that cause 
> trouble. Not respecting and trusting your admins leads to them acting 
> like children.
>
> Remember being told, as a kid, 'don't do this' (whatever it was) and 
> the one and only thought on your mind is 'I HAVE to do that'?  Every 
> child gets that way.  Not trusting your admins gets the same 
> result.    (IMHO)
>
> I don't think we need to make this a long, drawn out thread on ethics, 
> I only asked if that was wise simply because I think it's not and 
> wanted to hear what others say.
>
>
>