Wednesday, August 21, 2013

security state

what with all the stuff in the news lately about the State spying on the internet in all sorts of deeper-than-expected ways, i thought this was interesting:

my institute was recently eaten by Mass Eye and Ear Infirmary, MEEI, a hospital. rather than fully digest us, MEEI dissolved parts of our organization and replaced with their own, so really it's more like the ant that is infected by a fluke that effectively replaces or overrides parts of her brain, or the caterpillar whose internal processes are slowly displaced by wasp larvae. i think the ant example is better.

anyways, as a part of this absorption, our computer network was transferred to the control of the MEEI network, and they are insane about security. it's as though we're at los alamos. everything is supposedly super secure. patient privacy, etc etc. as a part of this transfer of authority, every computer in the institute was infected intentionally with a suite of spyware that allows the MEEI IT people to control or observe all of our data flow. in theory. our internet is filtered, our emails are filtered (unless we take simple steps to avoid the filtering), all access to local computers is supposedly filtered. it's irritating in the all-encompassing authority they take on, at the same time that it's ridiculous how easy and convenient and necessary it is to get around everything they try to do.

one set of spyware is called "DeviceLock". you can always see it running in the background, under processes named DLservice.exe, DLtray.exe, etc. this is a program for, supposedly, ensuring that external storage devices must be encoded or they can't be used with institute systems. but i've discovered additional functions, which are mentioned in that link. there's a process running in the background, "DLSkypePlugin.exe". what does it do? who knows! let's ask DeviceLock:

""Skype" control supports blocking, allowing, auditing, shadowing and content analysis of outgoing instant messages and files as well as auditing, alerting, shadowing and content analysis (for contingent shadowing) for incoming instant messages and files. Also, supports blocking, allowing, alerting and auditing of incoming and outgoing audio/video calls;"
 where does a hospital IT department get the authority to do something like this? can someone explain to me, please?

on a final note, while most of the IT spyware can't easily be disabled - i, the virtual owner of this computer, don't have the "authority" - the DL programs can be terminated without any special privileges. an oversight, i'm sure.

No comments:

Post a Comment