Web Privacy

www.cs.utexas.edu ("this site", "this web site") supports the research and instructional needs of the faculty, staff, and students in the Department of Computer Sciences ("department", "UTCS") at The University of Texas at Austin ("university", "UT"). Anyone with a Unix account on the UTCS production network ("user") can use this site to publish material on the web. We don't monitor or control this use, except to investigate and respond when we receive complaints.

Use is governed by department and university policy, by Texas state computer and telecommunications statutes, and by US federal laws governing family educational rights and privacy ("FERPA") and copyright, including the additional provisions of the Digital Millenium Copyright Act ("DMCA"). Currently enrolled students can read more about UT FERPA policies in the General Information Bulletin. Complaints about copyright violations under DMCA can be filed with the university's designated agent.

This web site isn't operated for children, and users' pages may contain inappropriate material.

An implementation of P3P at this site is under study.

You can email questions about this privacy statement to webmaster [at] cs [dot] utexas [dot] edu, or contact us by mail or phone.

Scope

This information applies only to the routine operation of this web site and to those pages and scripts maintained by our staff for the department. It doesn't apply to users' pages or to any other web site to which any page on this site is linked.

Information Collected

Web server logs
Every request ("hit") to this web site generates a server log entry containing

  • either the Fully Qualified Domain Name ("FQDN","hostname") or the Internet Protocol ("IP") address of the client making the request
  • the date and time of the request
  • the exact Hypertext Transfer Protocol ("HTTP") request, including the Universal Resource Identifier ("URI") of the requested document, the request method, and any query string passed as part of the request
  • the HTTP status code returned by the server to the client
  • the HTTP Content Length, in bytes, of the document sent to the client
  • the HTTP Referer, i.e., the page from which the client was directed to the requested document
  • the HTTP User Agent, i.e., the client's browser software version

No additional mechanism such as identd is used to identify the person originating the request.

Daily server logs are deleted based on a ten day rollover interval, but they may be included on tape backups of the system. These logs are primarily used by the system administrators to tune web server performance and debug problems. However, UTCS users can also access these logs, and some users track traffic to certain pages in order, for example, to review public interest in a particular group's research or to monitor downloads of an online paper.

Because our department is engaged in basic research in computer science, we may sometimes instrument our server to track hits and to share that information with other entities with whom we are collaborators in research. However, we will not use our server for any project which collects or shares personally identifiable information.

Web-based forms and email

Some of our department's administrative applications are handled using web-based forms. Examples include user account management and online completion of administrative documents. Department web-based forms which require you to submit individually identifiable information, in particular, your name, Social Security Number or Student ID, or username and password, are available only from our secure server using Secure Sockets Layer ("SSL") technology to encrypt your session.

If you send us an electronic mail message with a question or comment that contains individually identifiable information, or fill out a form that emails us such information, we will only use that information to reply to your request and analyze trends. We may redirect your message to someone else if we think they'd be better able to respond.

Cookies

A web server can ask your browser to store a small piece of information ("cookie")on your computer so it can retrieve and re-use that information later without having to ask you for it. This information might reflect some user preference, or might be a username or password associated with an application on that server. Most browsers allow you to decide whether or not you'll let a server set and get cookies.

Some SSL applications on the UTCS web server may ask you to allow the use of cookies so as to remember that you've authenticated yourself to the application with a username and password. This information isn't used for any other purpose, and can't be shared with third parties.

Information Shared

FERPA
Personal student information is protected by FERPA, and we can't release such information to other parties. We can release directory information if a student hasn't made an explicit request to the contrary. Our account records are not coordinated with the Registrar's Office. If you are a UTCS user and you don't want your directory information made public, you should file the appropriate request form with the Registrar and you should also notify udb [at] cs [dot] utexas [dot] edu.

Open records
The information on this web site, other than student records protected by FERPA, may be subject to open record requests under the Texas Public Information Act.

Law enforcement
Except as noted above, we don't try to identify individuals or their usage habits. We do watch for illegal attempts to upload or alter information, create conditions which would cause a denial of service or other damage, or launch attacks on other sites. When such actions lead to an authorized law enforcement investigation, we may need to use web server logs, account records, and other system information to identify the person(s) responsible, and in such a case, legal requirements may demand that we release this information to authorities.

Resources

  • UTCS
    • Computing policies
    • udb [at] cs [dot] utexas [dot] edu ( Email the user database administrator)
    • webmaster [at] cs [dot] utexas [dot] edu ( Email the webmaster)
  • Texas
    • Texas Administrative Code | Chapter 201: Planning and Management of IR Technologies
    • DIR SRRPUB11: World Wide Web Design Standards and Coding Guidelines | Rule as 1TAC201.12 | Proposed changes as 1TAC206
    • State penal code | Ch 33: Computer Crimes | Ch 33A: Telecommunications Crimes
    • Texas Government Code | Ch 552: Public Information | HB1922 amending Ch 559: State Government Privacy Policies