Slashdot Mirror

MikeChino writes: Your next house could snap together like a jigsaw puzzle without the use of any power tools. Clemson University students designed and built Indigo Pine, a carbon-neutral house that exists largely as a set of digital files that can be e-mailed to a wood shop anywhere in the world, CNC cut, and then assembled on-site in a matter of days. “Indigo Pine has global application,” says the Clemson team. “Because the house exists largely as a set of digital files, the plans can be sent anywhere in the world, constructed using local materials, adapted to the site, and influenced by local culture.”

An anonymous reader writes: Researchers at Clemson University have studied the makeup of seahorse tails and rendered its mechanics using 3D-printing in an effort to provide flexibility to stiff robots. Unlike most creatures, seahorse's tail is made of square prisms. Michael Porter, assistant professor in mechanical engineering at Clemson University said, "Almost all animal tails have circular or oval cross-sections—but not the seahorse's. We wondered why. We found that the squared-shaped tails are better when both grasping and armor functions are needed."

An anonymous reader writes "As luck would have it, I was video-attending the monthly meeting of my alma mater's amateur radio club last night and learned that a local Alumnus had passed, leaving a significant amount of equipment to the club, including a 'Big Bertha' tower that the club does not have a home for. This particular 'Big Bertha,' as it is called, is a 115 foot tall, self-supporting rotatable pole that can support an enormous number of antennae. There are thought to be only a small number of them in civilian use, and this was one of them. I also happen to be a member of the local University's amateur radio club, and our local meeting was right after the Georgia Tech meeting, so upon learning of the availability I immediately informed them that this tower could be had so long as they could support the logistics of moving the tower approximately 100 miles.

After discussing the logistics, and the fact that construction crews would be required on both sides, we came to the conclusion that a significant amount of money would be required, and that your typical intramural basketweaving team bake sale would not do the job. The use case for such a tower is not difficult to make with the University, or with local emergency services who would no doubt love to have space on such a tall tower in such a prime 'top of the hill' geographical location. Zoning will also not be an issue owing to the location having one other taller tower belonging to the college radio station, and a water tower on site. However, with most governments being cash-strapped and unlikely willing to contribute to the project, we need some more ideas on how to raise the needed funds.

So if you're a small University club, and need to raise $30-40K in a hurry, how do you do it? They are working on some small grants from local corporations, and also contacting the manufacturer to see if there is any goodwill there. But, many more ideas are needed. Thanks in advance."

An anonymous reader writes "As luck would have it, I was video-attending the monthly meeting of my alma mater's amateur radio club last night and learned that a local Alumnus had passed, leaving a significant amount of equipment to the club, including a 'Big Bertha' tower that the club does not have a home for. This particular 'Big Bertha,' as it is called, is a 115 foot tall, self-supporting rotatable pole that can support an enormous number of antennae. There are thought to be only a small number of them in civilian use, and this was one of them. I also happen to be a member of the local University's amateur radio club, and our local meeting was right after the Georgia Tech meeting, so upon learning of the availability I immediately informed them that this tower could be had so long as they could support the logistics of moving the tower approximately 100 miles.

After discussing the logistics, and the fact that construction crews would be required on both sides, we came to the conclusion that a significant amount of money would be required, and that your typical intramural basketweaving team bake sale would not do the job. The use case for such a tower is not difficult to make with the University, or with local emergency services who would no doubt love to have space on such a tall tower in such a prime 'top of the hill' geographical location. Zoning will also not be an issue owing to the location having one other taller tower belonging to the college radio station, and a water tower on site. However, with most governments being cash-strapped and unlikely willing to contribute to the project, we need some more ideas on how to raise the needed funds.

So if you're a small University club, and need to raise $30-40K in a hurry, how do you do it? They are working on some small grants from local corporations, and also contacting the manufacturer to see if there is any goodwill there. But, many more ideas are needed. Thanks in advance."

An anonymous reader writes "As luck would have it, I was video-attending the monthly meeting of my alma mater's amateur radio club last night and learned that a local Alumnus had passed, leaving a significant amount of equipment to the club, including a 'Big Bertha' tower that the club does not have a home for. This particular 'Big Bertha,' as it is called, is a 115 foot tall, self-supporting rotatable pole that can support an enormous number of antennae. There are thought to be only a small number of them in civilian use, and this was one of them. I also happen to be a member of the local University's amateur radio club, and our local meeting was right after the Georgia Tech meeting, so upon learning of the availability I immediately informed them that this tower could be had so long as they could support the logistics of moving the tower approximately 100 miles.

After discussing the logistics, and the fact that construction crews would be required on both sides, we came to the conclusion that a significant amount of money would be required, and that your typical intramural basketweaving team bake sale would not do the job. The use case for such a tower is not difficult to make with the University, or with local emergency services who would no doubt love to have space on such a tall tower in such a prime 'top of the hill' geographical location. Zoning will also not be an issue owing to the location having one other taller tower belonging to the college radio station, and a water tower on site. However, with most governments being cash-strapped and unlikely willing to contribute to the project, we need some more ideas on how to raise the needed funds.

So if you're a small University club, and need to raise $30-40K in a hurry, how do you do it? They are working on some small grants from local corporations, and also contacting the manufacturer to see if there is any goodwill there. But, many more ideas are needed. Thanks in advance."

An anonymous reader asks: "I've been asked to build a massive storage solution to scale from an initial threshold of 25TB to 1PB, primarily on commodity hardware and software. Based on my past experience and research, the commercial offerings for such a solution becomes cost prohibitive, and the budget for the solution is fairly small. Some the technologies that I've been scoping out are iSCSI, AoE and plain clustered/grid computers with JBOD (just a bunch of disks). Personally I'm more inclined on a grid cluster with 1GB interface where each node will have about 1-2TB of disk space and each node is based on a 'low' power consumption architecture. Next issue to tackle is finding a file system that could span across all the nodes and yet appear as a single volume to the application servers. At this point data redundancy is not a priority, however it will have to be addressed. My research has not yielded any viable open source alternative (unless Google releases GoogleFS) and I've researched into Lustre, xFS and PVFS. There some interesting commercial products such as the File Director from NeoPath Networks and a few others; however the cost is astronomical. I would like to know if any Slashdot readers have any experience in build out such a solution? Any help/idea(s) would be greatly appreciated!"

TigerX writes "The Mac web browser Safari has become the first browser to pass the Acid2 test. Acid2 is a CSS/HTML test suite put out by the Web Standards Project (WASP). Developer David Hyatt had been working on the project for the past few weeks. Details can be found at his blog. The patched Safari is not yet avaliable for public consumption. It is unknown when the patches will appear in a public version of Safari."

rocketman768 writes "According to internetnews.com a workshop in Taipei has been re-labeling nearly a million AMD Athlon XPs. It seems AMD is spending more time investigating this than on releasing their new Alchemy chipset which boasts direct transfer of video from digital video recorders to portable players without the need to transcode through a PC."

neillm78 writes "As part of the development team, we're announcing PVFS2 version 1.0 here in Pittsburgh at the SC2004 conference! PVFS2 is a GPL/LGPL based parallel file system for cluster-based applications. It logically groups any number of storage servers into a coherent file system for use by client nodes, specifically tailored to handle efficient access to large shared files. PVFS2 supports access via an MPI-IO interface for high-performance parallel applications, but you can still mount it like a regular GNU/Linux file system for traditional serial applications and managment. The PVFS2 project is conducted jointly between The Parallel Architecture Research Laboratory at Clemson University and The Mathematics and Computer Science Division at Argonne National Laboratory. Please feel free to give it a try!"

neillm78 writes "As part of the development team, we're announcing PVFS2 version 1.0 here in Pittsburgh at the SC2004 conference! PVFS2 is a GPL/LGPL based parallel file system for cluster-based applications. It logically groups any number of storage servers into a coherent file system for use by client nodes, specifically tailored to handle efficient access to large shared files. PVFS2 supports access via an MPI-IO interface for high-performance parallel applications, but you can still mount it like a regular GNU/Linux file system for traditional serial applications and managment. The PVFS2 project is conducted jointly between The Parallel Architecture Research Laboratory at Clemson University and The Mathematics and Computer Science Division at Argonne National Laboratory. Please feel free to give it a try!"

DarkSarin asks: "I have a rather serious problem: I managed to accidentally delete some files (rather important ones at that!) while trying to back them up to cd (I was using a GUI burning software that will remain nameless for now). How do you recover accidentally deleted files in Reiserfs? This thread (started by me) indicates that you can't recover them. Note that I had found a way to rebuild the tree, but that didn't work. It seems odd to me that you wouldn't be able to recover accidental deletions, but that really does seem to be the case. Help? Please?"

Uttles writes "According to Yahoo!, Celine Dion's latest CD will not play in computer drives. In fact: 'Should the consumer try to play Dion's CD on a PC or Macintosh, the computer likely will crash.' How is this legal?" Since Sony admits that their product is designed to cause damage to your computer system, almost anyone would likely have a good lawsuit against them. Attention Celine Dion and all musicians: crashing your fans' computers is not a good business practice. No matter what your agent says.

Ghengis writes: "An update to this article posted back in March, the mission to send a probe to Pluto gets a reprieve from Congress. Timing is critical for studying Pluto's atmosphere, as it is about to ungergo a 200 year freeze when Pluto enters its long winter. There still isn't enough money to send a probe to Pluto, but the money could keep the mission alive long enough to get more money."

ConcernedStudent asks: "Recently, 10 of my fellow classmates have been brought up on academic dishonesty charges in a senior level engineering class concerning a recent programming project. Granted, some copied other code verbatim and deserve to be caught, probably moreso for just being that stupid. However, there are those who have been implicated because they referenced code of somewhat dissimilar projects from previous semesters at some point during their design process. As long as the old code was not passed off as their own work for a grade and does not appear in the final draft of the code, is this really considered dishonest? How is this different than referencing a book on the language or some other "legitimate" source? At what point does referencing outside sources become dishonest? Is it just to review historical copies of code (using JFS) which were not submitted for grading to see if questionable code exists in these intermedite draft copies of the program? As this is a somewhat grey area, hopefully someone out there has comments which may help to clarify some of the uncertainty."

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Jonathan the Nerd writes "An article in Clemson University's student newspaper, The Tiger, says that Dialpad.com and several other free long-distance sites have been blocked by Clemson's Division of Computing and Information Technology (DCIT). Chris Duckenfield, the vice provost for computing and information technology, said that the reason for blocking the sites was to determine the 'impact on our Internet bandwidth,' as well as to protect the finances of Clemson Telecommunications, which provides long-distance service to students. However, he acknowledged that the bandwidth usage would probably be negligible, which is making students wonder if the University is simply trying to maintain a monopoly on long-distance service. "

Jonathan the Nerd writes "An article in Clemson University's student newspaper, The Tiger, says that Dialpad.com and several other free long-distance sites have been blocked by Clemson's Division of Computing and Information Technology (DCIT). Chris Duckenfield, the vice provost for computing and information technology, said that the reason for blocking the sites was to determine the 'impact on our Internet bandwidth,' as well as to protect the finances of Clemson Telecommunications, which provides long-distance service to students. However, he acknowledged that the bandwidth usage would probably be negligible, which is making students wonder if the University is simply trying to maintain a monopoly on long-distance service. "