ARCHIVED: At IU, does UITS monitor logins to its computers?

The following statement is from the University Information Security Office (UISO):

While it is technically possible to determine who is logged into a computer system, and it is possible to go back and determine who was logged into a computer system during a specific time, neither UITS nor any other unit of Indiana University systematically monitors who is logged into its computer systems. However, this information is routinely captured in system logs and retained for varying lengths of time. System administrators use these logs to do aggregate usage analysis for service and system tuning purposes. User account login records typically consist of username, date, time, source network address, connect time, and logout time.

Stored login records may be used by authorized units to augment information being collected in support of university investigations of illegal activities or violations of university policy, or where it is clear that a computer account has been compromised and/or the account is being used by someone other than the account holder.

While it is technically possible for a technician to determine what processes or programs particular users are running from within their accounts, technicians are not unilaterally permitted to do so unless there is reasonable suspicion that something in an account is causing, or will cause, damage to other users' data or to the system itself.

Information outlining under what situations a user's stored data may be accessed, who may access it, and what permissions are necessary before that access takes place is available in IU's policy Privacy of Electronic Information and Information Technology Resources (IT-07).