Slashdot Mirror

the_newsbeagle writes: Researchers have developed a non-metallic robot with ceramic piezoelectric motors that functions inside an MRI machine, allowing surgeons to perform procedures guided by real-time imaging. It's now being tested in prostate biopsies. Doctors say this system will let them aim their needles more precisely and reduce the number of times they stick them in. The NIH thinks such systems could come in handy for neurosurgery too. Gregory Fischer, a professor of mechanical engineering at WPI whose Automation and Interventional Medicine Robotics Lab led the research says: "You can bring it into any MRI room and have it up and running in an hour. It can locate the target, track the needle, and if it deflects during insertion, it can steer the needle to hit the target. We’re taking baby steps to get the robot into clinical use."

GreennMann writes "An ice bridge linking a shelf of ice the size of Jamaica to two islands in Antarctica has snapped. Scientists say the collapse could mean the Wilkins Ice Shelf is on the brink of breaking away, and provides further evidence of rapid change in the region. Sited on the western side of the Antarctic Peninsula, the Wilkins shelf has been retreating since the 1990s. Researchers regarded the ice bridge as an important barrier, holding the remnant shelf structure in place. Its removal will allow ice to move more freely between Charcot and Latady islands, into the open ocean."

DaFlusha writes "Chris Hecker has posted the freely downloadable games from Indie Game Jam 2 (actually the third year, as programmers start counting from 0). When the games (from the 'yearly game design and programming event designed to encourage experimentation and innovation in the game industry') were showcased during the Experimental Gameplay Workshop at GDC 2004, I was highly impressed and couldn't wait to play the 2D-physics-based games myself. Now everyone can try them, provided you can run a Windows executable." Oh, and any game description which starts with the phrase: "The physics engine treats the hamsters kinda like a fluid" (as 'Stunt Hamsters' does) is a friend of mine.

KIondike writes "The Register talks about how a term ("Second Superpower") coined by the anti-war culture suddenly got radically neutered and altered by a weblog that a lot of people link to. Searching for the term on Google now brings up his blog and other people talking about his blog for the first several entries. Can Google's power to give information to the people be misused and perverted? This only took 42 days." First the widespread usage of "googling" to mean web searching, and now this.

ahecht writes "On Thursday, Palm's Solutions Group's CEO Todd Bradley announced that 3 new handhelds will be released in October. Within 24 hours, pictures of all three handhelds have leaked out on the web. The first to be released, the sub-$100 Zire, can be seen here. The second handheld, previously known as Oslo, now has the name Tungsten T, and features OS 5 and built in bluetooth (pictured here). The third handheld is the Tungsten W, pictured here, which is a GPRS smartphone (although it does not have a built-in speaker or microphone). Zire will be released October 7th, while both Tungsten models will be released on October 28th." Could just be rumors or fakes, but it seems reasonable.

QuestKing writes "The Boston Globe is reporting that the ICANN board will be meeting this weekend to decide how to reform its organization. High on the board's agenda is the replacement of the direct elections of board members by Internet users. The elections would be replaced by a selection committee made up of "academics, consumer advocates, businesses and technical engineers" that would select "knowledgeable experts who are not tied down to one particular interest." ICANN's been under fire since its inception, when will we start building its coffin?"

JayBonci writes "Twin Galaxies is running a story on how after fifteen years, the search for the reigning Asteroids high score champion has ended. The late Scott Safran's family was presented with the award (he died several years ago from a falling injury). It's a pretty interesting article on how Scott's family never knew of his achievement until they were contacted. As it turns out, Twin Galaxies is compiling a book of high score champions of major and classic video games over the years."

mystyc writes "scifi wire has a disturbing piece on how Twentieth Century Fox acguired the movie rights to the Dragon Ball franchise. What is disturbing is that they plan to do a live action dragon ball movie! You'd think hollywood would have learned their lessons from such notable live action anime failures as The Guyver, Fist of the North Star, and others who's names must not be spoken. Then again, hollywood doesn't work that way."

_xeno_ writes "Ever wondered what happens if you cross a Christmas tree with a Linux server? You get ChristmasTree.WPI.EDU. It's a Red Hat 7.2 server running on an artificial Christmas tree as a decoration. You can make the tree play different songs (no, not your browser, the tree's soundcard) by clicking on the pictures. Apparently, the ability to control the tree lights is coming soon." Just when you think you've seen it all, someone changes what "It" is.

Yoweigh asks: "Are there any advanced calculator programs out there for PocketPC handheld devices? Specifically, any TI emulators available or under development? I've seen quite a few emulators for desktop PCs under several OSes (including Linux), but none for handhelds. It seems to me that this could easily be the most useful application of calculator emulator software. I just paid quite a bit for my pretty color iPaq... why pay $200 more for a TI-89?"

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

JayBonci writes: "Sega has had a lot of competition lately, and while the Dreamcast is very cool, it has had some hard times lately. IGN brings up this piece of news from out of the blue that Sega is mysteriously teaming up with Nintendo. Why would such long time rivals team up all of a sudden? The IGN article does not give much in the way of details, except to mention that Sega is going to fall short of its earnings. How would this change the gaming industry with two major players working together?"

JayBonci writes: "The emulation and classic gaming world has been a large grey area for a while. The subject of reverse engineering other products for the sake of emulating has come up numerous times (see also the Bleem and Connectix lawsuits), but what about emulating your own stuff? It seems that Capcom is going to use emulation as a standard way to make more games cross platform. The blurb is short, but an interesting though. How viable a solution is this? If the performance hit is fairly minimal, how will this affect the future of cross platform game development? It's an interesting solution, IMO."

JayBonci writes: "I saw this first over at Retrogames, and I thought it might be of general interest to the Slashdot community. Its a response from EmuGaming to Sega's broad letter to news sites over the whole DC disc piracy thing. You can read more about it by going here. The article mentions a lot of Sega's legal tactics for looking out for its IP rights. Do they have much merit? Check out the article and see for yourself."

so.what writes: "C|net has a story about Yahoo's clubs site being blocked by Saudi Arabia because the contents of the site were "against the kingdom's religious, social and political values." Seems to be another situation where "Big Brother" is looking out for you. "Big Brother" isn't just here in the U.S. folks. Click here to read the full story." Saudi Arabia uses a modified version of the Smartfilter Internet censoring software to censor the Internet access of the entire country. It's not 100% effective, but anyone getting around it is risking legal punishment.

tuck was the first of many to submit this important milestone in arguably the world's most important scientific endeavor. The Human Genome Project has completed mapping its first entire chromosome, number 22. Second-smallest of our 23 chromosomes, some of 22's genes can cause "heart defects, immune system disorders, cancers, schizophrenia and mental retardation." Portion of its DNA which is "junk" (encodes no protein): 42%. Read it at your favorite source: CNN, MSNBC, the Boston Globe, the Christian Science Monitor, the AP, or Reuters.

Xmas writes "Early breaking news? British officials report the seizing of a "military" satellite and a subsequent demand for money. At least the British government can admit to being cracked... and blackmailed...even if it took them two weeks to release the story. " The news story has no comment from the British Ministry of Defense, while Police refused to comment because of the sensitivty at this stage of the game. What is known is that the Brits have 4 such satellites, and the crackers reportedly "altered its course". I'll be watching to see if anything more develops with this-like more then an anonymous cow...er-source is cited.

democritus writes "Scientific American is reporting that IBM has made a new double-gate transistor" As transistors become shorter, current bleeds through them when they are supposed to be off. The new design should enable anything down to 25 nm long transistors. Currently transistors are 250 nm long, but to attain higher speeds, circuit designers often use fatter transistors which can drive a wire to a high or low state (binary 1 and 0) faster (hence very hot CPUs). The new design acts as if it doubled the length of the transistor, enabling higher speed circuits in the same area. Finally, because each transistor has two gates, a chip using the new transitor could use either both gates (for fast operation) or a single gate (to save power for portable applications).

Cloud9 sent us a couple of interesting bits about Sun from the last few days. Sun has been named Technological Sponsor for the Cannes Film Festival. Also, Sun's Java was selected by TCI to be their standard in set top cable boxes.

Several people have written me with stuff relating Open Source Hardware:The thought is that the Open Source model can be applied to hardware as well. Troy Benjegerdes wrote in and said "Eric S Raymond implies this in this article. I have written a paper for a class dealing with this, and David Freeman has web page on the subject."

Joe Vigneau and Bill Broadley sent us info about Cobalt Microserver's brand new workgroup server. It's a 133mhz RISC box that runs Linux, has all the normal servers (www, email etc), and costs under $1000. And it supposedly fits in a 7" cube!