Subject: open web access

From: Ed Turner

Submitted: Wed, 31 Jan 1996 01:42:22 -0500

Message number: 42 (previous: 41, next: 43 up: Index)

The User's Committee recently discussed the possibility of making
the restricted WWW servers/pages at APO and/or those that archive
these email lists at Princeton open to unrestricted access over the
net.  The pros and cons of such an action are summarized briefly in
the minutes of the recent User's Committee meeting.  If you have
views on this idea, please read those minnutes and convey your 
opinion to your institutional UC rep.

In addition, if you have posted anything yourself to one of the
email lists which you would not want to see openly available
on the net, please identify the specific material to Michael
Strauss (strauss@astro.princeton.edu) in some brief way (no 
need to explain why, etc.).

I append below an excerpt from an email message in which I summarize
my reasons for considering such an open access policy.

Thanks,

Ed Turner

-----------------------------------------------------------------------


Somewhat paradoxically, I think security would actually be improved by
declaring our web sites public.  As it stands, they are nominally restricted
which encourages people to feel that they can post sensitive material without
consequence.  However,  in fact (as illustrated by your experience with the
UC student), they are not very secure at all.  Many machines at several
institutions give a very large group of people, at many levels of seniority
down to undergrads at least, complete access.  Anyone who can cut and paste
has the ability to pass this info on to anyone else on the net.  Also, only
a very low level of hacking ability (I think I could do it!) is required
to penetrate the restricted access we impose.  In other words, I think that
it generates a false sense of security (or more accurately, privacy) and
may even attract the attention of snoops or hackers.

More generally and philosophically, I think we should operate as openly
as possible and feel that the burden of proof should be the other way.
In other words, I would prefer no more restrictions on information than
are demonstrably needed to a policy of no more access than is actually
required.
APO APO APO APO APO  Apache Point Observatory 3.5m  APO APO APO
APO
APO  This is message 42 in the apo35-general archive. You can find
APO  the archive on http://astro.princeton.edu:82/apo35-general/INDEX.html
APO  To join/leave the list, send mail to apo35-request@astro.princeton.edu
APO  To post a message, mail it to apo35-general@astro.princeton.edu
APO
APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO