The University's internet connection is provided by the UK's research network JANET. It is a condition of our connection that we are able to trace misuse of the network to an individual if requested.
Our logging is described in the University's Regulations, section 11.10. The relevant part to note is:
"To protect the integrity of the University's computing facilities and the work of users, the University will monitor use of its computing facilities and take appropriate action. Monitoring includes automated processes eg virus scanning, spam management, network traffic management, filestore management, and software licence management, as well as processes involving human intervention eg determining the contents of files, arising from the above or from complaints etc. These processes are undertaken within the relevant laws, particularly the Regulation of Investigatory Powers Act 2000. The University's procedures are defined separately.
The University retains logs of a range of system activities including all web browsing and email traffic (but not the contents). These logs will be kept confidential except as authorised under the RIP guidelines above. However, summaries containing no personal information may be distributed for operational purposes."
As part of this, we log all internet usage on campus, including that via eduroam (the wireless network). The logs include the amount of data used and the websites accessed. Logs are kept for 90 days only. This period was chosen after discussion as a balance between the need to keep records for the purposes discussed below and the right of our users to privacy.
As stated above, access to the logs for investigations is managed under the terms of the Investigations Policy. The University only conducts investigations where "there is a business reason for doing so and if the investigation can be show to be justifiable, fair, proportionate and comply with UK legislation". It does not conduct "fishing" trawls of the data.
Additionally, we use software to scan the logs to detect virus infected machines and other malware and misuse. This is an automated process and is concerned with looking for malware only.