The University of California Electronic Communications Policy §V.B notes that "Providers of electronic communications services ensure the integrity and reliability of systems under their control through the use of various techniques that include routine monitoring of electronic communications." The policy goes on to say, "Providers shall document and make available to their users' general information about these monitoring practices." This document provides general information about monitoring practices.
In general, we use two modes of monitoring to ensure the proper operation of the UCSB network and attached devices. The near-real-time examination of data flows, metadata, and logs to permit an action to detect and possibly prevent a security incident and the storage of data flows and logs for use during incident investigations.
Authorized UCSB employees and contracted service providers who operate and support UCSB electronic communications resources routinely monitor those resources to ensure their integrity, reliability, and security. Routine monitoring at UC Santa Barbara includes but is not limited to the following manual or automated activities:
- Scanning for vulnerabilities on systems and applications
- Scanning for viruses and other malware
- Scanning for insecure configurations including aged patch levels, default passwords, open ports, proxies and relays, and digital certificates
- Monitoring the system, network, and application logs
- Monitoring network traffic and systems to detect anomalies, such as spikes in usage or evidence of malware activity
- Monitoring system availability and tracking the use of system resources and network bandwidth usage to manage the resources and ensure that bandwidth is available in alignment with the University's mission
- Inspecting network metadata to identify connection attempts to known hostile or infected sites
- Inspecting logs and metadata as one step in the process of resolving complaints regarding violations of law or policy, or in response to a specific security risk
- For computers managed with advanced anti-malware or endpoint manager software, routine monitoring includes computer hardware and software information, including details of computer configuration and settings, and diagnostic information for troubleshooting. These systems also collect logs useful for incident response
User consent is not required for this routine system monitoring.
The UC Electronic Communications Policy (UC ECP) establishes conditions under which personnel who perform routine monitoring, as described above, may observe or inspect the contents of network traffic, electronic communications, or transactional information during this monitoring. In all cases, individuals must adhere to the following principles:
- Only authorized personnel who have a need to access this data and who understand the restrictions on its use shall have access to it.
- Routine monitoring activities shall be limited to the least perusal and retention required to ensure the reliability and security of systems.
- Except as provided in the UC ECP or by law, individuals will not seek out the contents of network traffic, electronic communications, or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed. If in the course of their duties, authorized personnel inadvertently discover or suspect improper activity in violation of law or policy, such violations should be reported to management or the Whistleblower Office.
- If it is necessary to examine suspect electronic communications records beyond routine practices, the user's consent must be obtained. If obtaining prior consent is not possible or practical, authorization and notification procedures consistent with the UCSB Implementation of the ECP must be followed. Principles of least perusal shall apply.
Questions about this notice or compliance with the Electronic Communications Policy can be directed to Chief Information Security Officer Sam Horowitz or Campus Privacy Officer Jennifer Lofthus.