Slashdot Mirror
Ask Carl Kadie About Censorship and Privacy at Colleges
We've received a lot of inquiries recently about computer policies at various colleges and universities - usually the policy goes something like: "Anything you do or say on this network is ours, we own it, we can read your email, we can delete you, too bad. All your data are belong to us." Oddly enough, these sorts of policies are in place even at schools that would never dream of snooping on students' postal mail or the books they read at the library. Carl Kadie has been EFF's longest-serving volunteer, doing work for the past ten years in the area of academic freedom and computers. He's written two book chapters on the issue and helped examine, critique and improve the usage policies at many universities. Post below any questions you have on computers and academic freedom - maybe your school has a particularly bad policy, maybe you just have a general question - and we'll pick the best ones and forward them to him for a response.
As i know universities in the US, they also own the postal office within campus grounds.
Since both use a medium owned by the university, and both are 'private communication', does this mean they also have the right to read your private (snail mail) letters?
-- Chris Chabot
"I dont suffer from insanity, i enjoy every minute of it!"
Sad.
is the best/most effective argument to get non-techie types to understand that the computer/internet is just another form of media and should be treated just like we would books/video/magazines?
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
How would you suggest balancing the privacy needs of a University community, the security issues created by such a diverse group, the issue of academic freedom, and the fact that college IT departments have serious staff/load/pay/tech issues?
Eric Aitala
www.f1m.com
Here, they have everyone sign into the Academic Computing labs (the labs in engineering are unmonitored). Then they assign you to a particular computer. This is so they can give the logs to law enforcement personel/so forth.
Ironically, they don't have you log in with a unique username/password or swipe or anything in that nature. No offense to many of the students here, but they complain that most of the system is too hard to use as it is anyway, many would probably complain.
Also ironic, the system doesn't use static IPs... Which makes it a real bitch to trace through the logs anyways.
Eh...
I spemd time chatting about hardware designs. I have a responsibility to not one company but a whole consortium to not disclose the ideas we work on.
How does that work with Network Use Policies?
The message on the other side of this sig is false.
I don't see this as a violation of a user's rights or of a user's privacy. The simple truth is, it's not your bandwidth in the first place. If you're going to use a network provided to you by an educational institution or business, you must adhere to their rules and restrictions. Don't like it? Go out and pay for your own bandwidth.
We can complain all day about how terrible schools' policies regarding their networks and the internet may be, but what can we do about it? How can we help universities realize that such policies are un-american? As IT professionals, and members of society as a whole, how can we help to remove the fear of the internet that produce such big-brotherish ideas?
----
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?
--Z
"Anything you do or say on this network is ours, we own it, we can read your email, we can delete you, too bad. All your data are belong to us."
Doesn't that mean that they are partly responsible for the rampant piracy that goes on within the residential networks?
Just a thought...
Dirk
I keep trying to pick fights, but I can't shake this Excellent karma.
I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).
It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?
Pacer
Umm, pardon me, but my university has us pony up $115 for 8 months on the residence internet system. The e-mail is free, but you don't get a choice about using it or not, as a lot of course info comes through that account so you have to use it for at least some things. Its not to high speed, is specially tweaked to have FTP, Napster, and other "low priority" communications run especially slowly (avg 1k/sec) and has a 500 meg/week dl cap. I think that's a reasonable deal, actually, that part makes sense, they're trying to allocate their limited bandwidth properly. I would have no problem with this if it weren't for the usual evil privacy policy.
I think you'll find many less technically obsessed universities will have similar plans.
Hmmm..seems to me that I paid tuition when I was in college so the internet access WAS NOT FREE! Most colleges seem to forget that students are paying customers.
I do research within a consortium of developers and I am, under NDA, responsible for my part in keeping those discussions private.
I paid $400+ for 100Mbit access.
Schools give you free network access the same way department stores hike up prices and then call it a sale.
The message on the other side of this sig is false.
In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?
--
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
They have every right to complain. Furthermore, as a taxpayer, my taxes go to subsidize those schools and those tuitions, and I don't like it, I have every right to whine and complain until your ears bleed.
The AC mentality: anyone who doesn't like anything exactly the way it is should be ridiculed and mocked. That's why you are called cowards. Real people stand and fight for their beliefs instead of accepting everything like sheep taking it from the farmer.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?
- "Never let a computer tell me shit." - DelTron Zero
I pay the school for services, I am the one who should decide their purpose.
Education is a business. Education should never be an institution. It only becomes a farce if it does.
The message on the other side of this sig is false.
I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?
-
I'd rather have a bottle in front of me than a frontal lobotomy.
I go to school in Boston and recently was told in class that a kid managed to crack his way into some of the NSA's computers. The NSA asked my University for logs of the users network use and the school produced detailed logs going back to when he registered his computer for network use. Pretty scary that the school would actually record all our network use. Obviously not the packets themselves, but hosts the kid connected to and so on. Scared me pretty good.
-----------------------------------
I don't think, therefore I'm not...
I'm pretty sure that the University Of Michigan in Ann Arbor respects privacy.
The one thing I know they do log is who's logged on to which computer when. so don't think about sending anonymous, threatening, mail to a prof or anyone. i don't think they log all email.
Also, they let you run servers provided you supplied in creating the content you server.
When it comes to writing code for class, you own the code, not them.
They seem to "get it" across the board.
-andrew
Many universities also forbid using their network resources for business-related activities. (I think this is an incredibly counterproductive policy for both the university and the students, but it's often in the contracts.)
-John
Umm, "Free"!?!?!
It's paid for in the Tuition. Or did you think University was free?
Oh, and alot of University's access sucks ass nowadays. Yeah, in 1991 when it was installed, it was l33t high speed, but hardly any more.
Of course, I'm only speaking from my university, but their access & their network both suck horrible ass - only thier email is remotely reliable.
The thing is, 6 years ago, that level of access kicked ass.
I honestly think that the whole "we give you free access, so you have to do everything we say" is a bullshit argument. Most students nowadays have thier own email accounts (hotmail or otherwise), and half of the compsci students I've talked to have cable. The thing is, is that they are forced by the university to use the university account to converse with thier profs - hardly anything is sent to external emails.
So, in my case, anyway, the argument has turned into "we give you a mediocre email account, and an unusably crappy dial up account, and shitty network access while on campus, and force you to use it do communicate with your professors, and everything you do on it are belong to us" .
Sorry if that doesn't exactly sound like they're bending over backwards.
--
Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around. However, it doesn't say that they can't.
how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
Actually I believe that's a videogame mangled-English reference and didn't originate from Jeff K.'s pea-sized brain. Kinda like the perennial fave "A Winner Is You".
N4st0r, trixx0r h0bb1tz0rz! Th3y st0l3 0ur pr3c10uzz!
Oddly enough, these sorts of policies are in place even at schools that would never dream of snooping on students' postal mail or the books they read at the library.
Don't be an ass. AFAIK, USPS service is strictly controlled by the federal gov't. There are strong limitations on what local post offices can and cannot do with your mail, no matter where it is or who is handling it. I'm pretty sure that your college couldn't (legally) snoop your mail even if they wanted to - no matter if they have access to it or even handle it.
As far as controlling your library usage - duh! The library is a college asset, and presumably the books in it are already controlled by the library. If they don't want you reading something, they simply don't have to put it on the shelves. Furthermore, they already monitor what you do read - they know which books are late and who had them last, don't they?
In short, they don't snoop your snail mail because they can't. They could snoop your library usage, but probably don't need to, since they control the available content already.
Any sufficiently well-organized community is indistinguishable from Government.
1) Public Universities are in general more constrained than Private institutions in regulating speech, under the 1st Amendment, and in some cases further restrained by rulings under State Constitutions' free speech clauses.
To what extent does this make "It's their hardare" arguments vulnerable?
2) Do State or Federal infrastructure grants to privte Universities make their Net facilities Public Fora?
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
At my university, you connect through the university phone system which makes dial-up impossible, and they don't let you use cable-modems. This neighborhood lacks any DSL or anything like that, so in other words, if you're on res, its Resnet or do without. As a result the university can impose whatever net policies they like, at any time, and we can't do a thing about it. How can this problem be handled?
All e-mail, phone calls, and video monitoring are now standard for most companies, so why not universities and colleges? Get use to it, privacy is no longer an issue.
If, as you say, privacy is no longer an issue, then the root cause of it is that the general public, like yourself, has adopted a defeatist attitude. It is precisely this kind of outlook that makes it possible to take away privacy like that. We haven't lost yet, and I won't let it go without a fight just because someone thinks we already have.
inigima
Insert obligatory plug for free data encryption tools and secure protocols here
This message was brought to you in compliance with the "Slashdot Encryption Reference Requirement" stating that encryption and its merits must be invoked when discussing anything plausably relevant to it
-----Obligatory Encryption Related Post Sig------
When cryptograph is outlawed...and so on, and so forth
------End Obligatory Sig------
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
It is rather funny that people complain about email and other stuff while their ability to freely discuss and explore various ideas is severly limited due to rampart Political Correctness.
Chalk this up to one of those "Well, DUH" kind of things. I don't even understand why this is attracting attention. Lack of Privacy in your home I can understand. Spyware on your personal machine I can understand. But privacy issues in SCHOOLS? Come on ...
Here's my question/rant:
Students (I am one) are required to pay a fee for information services, eg networking, computer labs on campus, etc. We are given rights, and restrictions. But here's my issue. The university takes ultimate responsibility for maintenance, upgrading, and upkeep of the system. Doesn't that mean that they have the right to make sure that the same system is not being abused by the 1337, (read freshmen) the unaware, and the malicious?
People nowadays seem to view electronic media as theirs and theirs alone. It's not! We as tax-payers, may have helped build the thing, but we do not maintain it. Until and unless there is a standardardized code of behavior for networked traffic, an individual system administrator, even one the size of a major university, should have the RIGHT to ensure that their equipment is not being abused.
If you don't like it, buy your own equipment, and set it up in the basement of a major NAP.
And I don't think we should view this as any sort of analogy to federal mail. The USPS is protected by a series of laws, E-mail is not. Besides, if it were, anyone who set up a sniffer, for ANY reason would be breaking the law.
Any responses?
hmmmm?
As an introduction... In the U of I dorms, our usage policies are rather strict. We're permitted 500 mb per day (either direction) per MAC address. From there, we're limited to 4 MAC addresses per port, and there is one port per room. In some of the older networks in other dorms, you are limited to 500 mb per day per port. Additionally, access to Napster and Imesh has been blocked entirely (through traditional access, anyhow). There are talks of implementing a new system, which analyzes your traffic usage, and if you use more than a certain amount of bandwidth over a certain period of time (there's a 10 mbit switched line to each of the dorms, and ill usage would be something along the lines of 100 k/sec for more than 30 seconds or so), the system will throttle your connection. If you continue to use bandwidth, the system will continue to throttle your connection until the connection is made un-usable. The procedure reverses incrementally in a similar manner, so you get the idea. Many see this as an improvement, but I'm not so sure. Irregardless...
In any event, the administration contends that doing this isn't an invasion of privacy, and since we don't have a network usage fee, there's no reason we should complain, because using the resource for anything outside academic purposes is out of policy, and there is almost no way to justify high bandwidth usage (or high volume, their current, and much less accurate metric) save some very special exceptions, such as downloading Linux ... and now they contend that since RedHat and Debian are mirrored locally, that isn't even such a good excuse. Regardless, even if your usage of bandwidth IS legitimate, they shut your port down first, and re-instate it only after you've talked to the security officer, whose role is essentially "Hey, were you trading mp3s? I think you are. One more time, and you get to talk to the dean."
So after visiting University of Michigan and some other universities where essentially the official policy is "It's not our business, if they use more bandwidth, then we'll give them more to use," do you, as a researched expert in the field, think that this type of policy is reasonable? You can view the posted policy, which also mentions that gaming and other activities are prohibited, as it may impact educational usage of the network. I'm interested in hearing how this relates to what else you've seen, and how fair of a policy you think this is.
Stupid me, though, decided to read it first. One line said that I agree to abide by the software licenses of all the software packages installed on the system. When I asked to see these licenses, the sysadmin got all heated and refused. I asked if they were posted somewhere or stored on-line. He said, no. When I asked how I could sign to agree to follow licenses which were refused to be presented to me, he said, "well, you have to sign or your account can't be re-enabled".
Hmmm. Sign or be unable to do required schoolwork.
So I signed but wrote next to my signature that staff refused to show me the SW licenses they required me to agree to above. The sysadmin grumbled, but accepted the amended TOS form.
I heard similar tales from students at other universities and schools. WHY DO SCHOOLS DO THIS?
The last two companies I have worked at have had policies like this. They kept them around while not enforcing them so that they could 'weed out the bad eggs' whenever they wanted an excuse to fire somebody.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I certainly hope this dosn't mean that uni's or colleges can just simply read the students mail. It should matter where the mail is. It is still directed to one person, and only that person. Just because the college or university has a mail deposit centre for the post office to drop off mail to all the students living in residence, should not grant them the right to read it just because they are holding on to it until it is picked up. Same goes for Email, just because its passing through several hops to get to its destination dosn't mean they the admin for those hops gets to read all the mail. So what does it matter if it goes through the hop or stops at the college, shouldn't it still be a private message protected by some sort of 'mail' law? Or do the laws just get tossed out the window when it comes to the internet.... ah well, maybe im just confused.... anyone elses opinion would be good.
What do you mean, my dorm room is not my personal residence? I live here, and pay for the privilege. Would you be so happy if your employer forced you to live in a certain apartment building, and forced you to use the LAN instead of a modem, and then told you that they could listen in on anything on that LAN?
Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.
In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?
Thanks!
Remember it, write it down, take a picture, I dont give a fsck!
I work in the IS deptment of a large university. Our IS management is so big on privicy that they will not allow virus scanning of servers and e-mail. This is nice from a policy point, but very difficult to explain to users why the lastest (and not so latest) virus has just eaten thier hard drive and thier research data. We also do not run firewalls, because they limit "accadmic freedom". Of course users machines are being hacked on a regular basis. While people are concered about their privicy, there also needs to be a balance on preserving users data.
All web traffic at my school (www.wisc.edu) goes through a transparent web proxy. Aside from the fact that i often get cached pages that have been updated since last transfered, i am also wondering about their ability to track which sites i frequent. Soon they will think i am a computer hacker since i post to the infamous /. and sieze my computer! =D
But it is their network and they can have whatever usage policy they deem fit. Is there any way to assure myself privacy?
The "ALL YOUR BASE ARE BELONG TO US" quote comes from ZeroWing, one of the worst-translated games in existence. It is generally followed by "YOU ARE ON THE WAY TO DESTRUCTION!"
The proper response, by the way, is "WHAT YOU SAY?!"
There's a fandub of the opening floating around the Net; check it out if you can find it.
----------
At UMCP, we've got a fairly reasonable AUP, as far as most college's go (http://www.inform.umd.edu/CompRes/NEThics/aug/) if you care to read it. However, the parts of are issue, mostly: Computing resources are provided to support the academic research, instructional, and administrative objectives of the University. These resources are extended for the sole use of University faculty, staff, students, and other authorized users ("users") to accomplish tasks related to the user's status at the University, and consistent with University's mission. My issue is that anyone living int he dorms here spend close to 24/7 on campus (exculding jobs and such), and of course nobody spends all thier waking hours doing work. Should the AUP's of colleges simply be written this way to CYA, or should they be appropriate to actual usage and policing?
Mod point free since 2001
In the acceptable use policy http://www.drexel.edu/IRT/policies/acceptableUse.h tml, the following are stated:
2. Accounts are assigned to individuals and are not to be shared unless specifically authorized. You, the user, are solely responsible for all functions performed from accounts assigned to you. Anything done through your account may be recorded. It is a violation of University Policy to allow others to use your account. It is a violation to use another person's account, with or without that person's permission.
According to Drexel, this also not allowing other people to even SIT at your computer and USE it. It also, according to them, means you CAN NOT run LINUX and give an account to a friend. The way I read this rule is that you can not give away your username and password to the DREXEL accounts! I would need to give out my username and password to the email server, or to one of the UNIX systems to be in violation of the rule, which I believe is absolutely fine. But they are trying to twist it so that if your computer is connected into the network, all access to that system is restricted to you and you alone, and I feel that this is absolutly unacceptable. Especially when I do in fact pay for this service with the room and board.
And they are in fact enforcing this on Linux systems. 2 of my friends have been sanctioned for running Linux (one of them had given an account to his younger brother, the other was just running Linux and his system was hacked, so they SANCTIONED HIM for GETTING HACKED!!!).
The other part that I have a question on is this:
8. You may not attempt to bypass computer or network security mechanisms without the prior express permission of the owner of that computer or network system. Possession of tools that bypass security or probe security, or of files that may be used as input or output for such tools, shall be considered as the equivalent to such an attempt.
Now in this rule, they first state that you MAY attempt to probe security if you have the express permission of the person's computer or network that you are probing. This seems perfectly reasonable. But, in the very next sentence they then state that having and software of devices that are used to probe systems will be considered a violation of the acceptable use policy. Now, I am a UNIX network administrator. I have EVERY RIGHT to own devices and software that will probe systems for I regularly check both my own systems, and those at my work from my home computer. I also from time to time will probe some of my friends systems when they as me to (the case of my friend who was hacked I did indeed probe his system). I have never probed any system other then ones I have been authorized to do so, but according to the policy, even though I have authorization, I can't own any software or devices that do the probing!!!
If I had the choice, I would NEVER AGREE to this policy. But I do NOT have a choice. If I was able to get xDSL, or cable modem service, or a T1 (hell even a modem), I WOULD DO SO. But we as students are not allowed to get any of these in the dorms. The phone system we use does not allow modems. We can not get xDSL because we can not choice our phone service. And we can not get cable modems because do not get cable (have very poor satellite service with Direct TV, in which we get ~30 channels).
What options do we have other then to take whatever crap they feel like dishing out? I never even realized how bad the policy was until my friend was hacked several months ago.
His system was completely compromised (they had root access). They then used his system to hack other systems. The IT center at Drexel cut his connection (I agree with them doing this), but then without even doing ANY investigation, they brought him up on charges of mis-use of a computing device, and attempted hacking. This would have DEVISTATED ANY chances of him getting a job in the future (Computer Science major). He came to me right away looking for any help. His logs were wiped, but we had a seperate log that we setup that periodically captured all processes running. In that log I found an in.telnet process that someone was logging in as root from an IP outside IP address. Using this, I then traced the connection back to an address owned and run by Shaw Cable Modem services, out of Maryland, USA. Even with this information the IT department would not believe that he was hacked, and they were going through with the charges. The worst part of it was that the IT department was SURE to have logs of the access to the machine, but they REFUSED to even look at them for us, for this would PROVE that he had been hacked. Not until I got help from my computer ethic's professor were we able to work out the situation.
He was still sanctioned for running LINUX, and getting hacked! He had to do 20 hours of work for the University, just for running Linux. Now this is an OUTRAGE!
P.S. for those that want to know, his system was compromised with the buffer-overflow security hole in wu-ftpd-2.6.0. I am 99% positive that this is how they gained access.
Chalk this up to one of those "Well, DUH" kind of things. I don't even understand why this is attracting attention. Lack of Privacy in your home I can understand. Spyware on your personal machine I can understand. But privacy issues in SCHOOLS? Come on ...
What about those of us at state-run, public schools, who are required to stay in the dorms first year? Are you saying that, by going to college, I am giving up my right to privacy?
I've had this sig for three days.
Right, when you drive on the roads, you don't expect privacy in your own vehicle. Oh, hmm ... wait, you do?
There is a reasonable expectation of privacy in your vehicle, to the extent that police officers need to observe probable cause before they search your vehicle. Is there an analagous situation for computers? I certainly expect privacy on my computer. (Wether thats legally enforceable is another question)
So when I put my computer onto a publically funded school network, is there a case to be made that I have reasonable privacy rights unless I'm driving dangerously (i.e. eating up massive bandwidth or pinging every machine on the school net...)
A few years back a graduate assistant at U of Wisconsin was ordered to cease using his University account to email members of the City Council, under Statutes forbidding use of State facilities for Lobbying.... Should Public Universities place different levels of online Speech restriction on Students and Staff? Since Legislators' email boxes reside State Systems, would ANYONE Emailing them be in violation?
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
Long ago I worked at a University where the computer use regulations were phrased so that we could bust you for more or less anything we liked. No one was happy about this, but there was a reason: the arms race of CS students vs administrators.
:(
As soon as we prohibited antisocial activity X, clever students would come up with equivalent activity Y which would not be covered by the original wording, but caused similar (or worse) harm. It turned out that it was terribly difficult to clearly delineate what was and was not acceptable use of the campus facilities in a way that was actually useful (ie protected the privacy of staff and students, allocated server resources fairly, protected the Uni from legal liability). So we gave up
Classic quote: "Our firewall isn't there to protect the campus network from the outside world. It's there to protect the rest of the world from our students."
University network administrators accept limited public funds to provide a particular subset of functionality to meet particular goals of the university. They have a great many technical and legal constraints (both internal and external) on their solutions. Many of these constraints are legitimately addressed by privacy intrusive policies.
When publicly available dial up and broadband access is cheap and universal, why should a taxpayer funded institution have any obligation to incur extra expense to achieve "freedom"? Why not let the individuals who value freedom buy and use the services that meet their goals, and let the taxpayer funded institutions buy the services that meet the goals of the funding (taxpayer / university) community?
Mathematically impossible requirements are technically not against policy.
"All e-mail, calls, AND video monitoring are *standard* for most companies"??? (emphasis mine). I don't know who you work for, but if I were you I'd start looking for alternative employment...
We got some
"Netware 10"- WTF are you talking about? FYI- The oldest version of Netware (that a window$ box can talk to) is Netware 3.10, the newest is NW5.1
It's not the NetWare that is your problem. It's the administrators. IMIO, even old Netware versions are some of the most stable, reliable, and secure file server operating systems on the market- as long as the administrator knows what's what. The newer (Netware 4.11-.12,5 and 5.1) are almost bullet proof. I administer 2 NW servers supporting about 3000 users, one of which has been in continuous operation for almost 4 years.
Inferring that win2K would be better is a troll (and a very poorly informed one at that...), and suggesting that someone replace what is obviously a file server with a BSD box has to be a joke... BSD and Linux both can be used as file servers but why would you want to? There are other OSs that are much more suited to the task.
"I'm just here to regulate funkyness." - James Gandolfini, as Winston in The Mexican
Ever since Mario Savio and the Free Speech Movement invented the American Campus Protest in the mid-60s, universities have been displaying their hypocrisy in the battle of expression and curiosity vs. presentation and mind-control.
But they're in a bind. They've taken enormous money from ten thousand loudmouthed societal newbies, and see it as an expensive proposition to have to compete with them for public-relations on a level playing field. They don't want to have to present the counterargument to every argument the kiddies devise. So they resort to the muzzle. And then justify it in strange, hypocritical ways that make you wonder if they missed the last 250 years of the history of political freedom.
Mario got that. He worked via enlightened negotiation. The protest culture that followed didn't get it. They just saw the struggle as a big party and wanted it to continue. Bitching is fun. Solving society's problems is work. Divisiveness is self-empowering. Not everyone takes the time to respect your rights. Four dead in O-hi-o.
The moral: Emotional acts, fameseeking, and pavlovian drives are barriers to progress in conflict resolution.
--Blair
Never assume you have privacy, especially when you KNOW you aren't in complete control over that privacy. If there's more than one key to your house/dormroom, assume that key can be used.
From Zero Wing, to be precise. See http://zanyvg.overclocked.org/zerowing/index.html.
"The good die first." "Most of us are morally ambiguous, which explains our random dying patterns." --- MST3K
...there would be no guarantee of privacy on snail mail. America has become a caricature of itself. Freedom has been eroded in all counts. When freedom is traded for safety, society suffers.
Is logging only TCP/IP headers (ip addresses/ports/packet size) an invasion of privacy? How about if we log packet data as well? What if this data is deleted after a fixed interval and only looked at when there's evidence of a security problem? Under what circumstances would you see traffic logging as a problem?
Thanks.
That analogy can only go so far. The thing you have to remember with Internet access is that the potential for abuse is so great.
How can you abuse the post office? Get a lot of mail? Since all mail delivered is paid for through postage, receiving more mail just means more business for them.
How can you abuse the Library (assuming you don't just destroy books or not return them, which are against "the rules" anyway)? One person can only read so many books. You really would have to go out of your way to abuse a library so that it's noticeable to a large percentage of the libary's users.
How can you abuse a computer network?
In short, networking technology is just ripe for abuse, and having been an administrator at an ISP, I know that there is always that 1% of the people out there who will greedily waste 90% of everyone's shared resources without even being embarrassed.
Because of that high abuse potential, network administrators need policies that allow them take action when there's a problem. I admit that it's not an ideal situation, but for now it's a compromise position that a lot of us who are just innocently going about our business are willing to deal with.
One solution might be to make up and enforce heavy-handed rules for every aspect of Internet use. Set things up so that all of the machines on campus have very small individual pipes to the backbone. Heavily restrict server space, mailbox size, and firewall the hell out of everything. Lock up the whole network nice and tight... but that sucks too.
Face it, it's not an easy problem to solve. Shaking our fists in the air at network administrators who are just trying to maintain a stable network that is available for all of their users is unfair and counterproductive.
It would be nice if eventually the technology automatically prevented some chances for abuse. It'd be nice if our culture embraced a system of ethics that would make such safeguards unnecessary.
Instead of just carping at authority in a typically
Why are you letting these clowns ruin our country?
Here. It's in Quicktime.
props to all dead homiez
Whoever said that Internet access was a right? Tuition pays for alot of things, but most often it does not pay for internet access. Do any of you honestly think that forking over $20 or $40 or even $100 a semester pays for a 10M ethernet connection? Take a reality check. Most colleges are providing access for RESEARCH and ACADEMIC PURPOSES, not ENTERTAINMENT. If the students were to be charged for the amount of bandwidth they used, they'd be paying $1000's of dollars a month. My cable modem with Mediaone costs $40 a month at 1.5M. Students get a 10M switched ethernet connection for $35 every 4 months. Do the math. -Thang
Just spent 30 minutes finding (not easy) and reading the policy for my campus. Privacy is in theory absolute... but we all know pratice and theory are two different things.
I'm an RA here at Miami University and I can state that, at least here, your room is considered your own private space. Even as an RA, I may not enter a student's room without his/her permission. And once in the room, I may not look in fridges, closets, dressers, etc. without permission. Even the campus cops (who are fully sworn-in officers) may not enter or search a room without permission from the student (or a warrant, of course). I've seen the cops have to get signed waiver sheets from residents before searching their rooms.
Your room is treated as your own private space here, and it should be/is that way everywhere else.
"I'd like to live in theory, because everything works in theory, in theory." - Can't remember who said this.
The problem here is that when you're going to a college or university you are paying to use their computers. So why in hell should you have to pay someone for computer access and not have full access and/or have them read your email? I agree with you in regards to business, as they do have a right to know what their employees are doing.. because they are paying them. But at school it is the reverse.. you are paying the school for their services. I think schools often forget that they are a service and the students are clients, not a company with employees
for running Linux as their OS on campus. I also and fighting the good fight, and so far am winning the small battles. Especially since Drexel's big claim is to "Be the most technologically advanced networked university in the country." And with this a small amount of Press Coverage about them restricting people to a specific OS would be REALLY bad for the university. What you can do is try and tip off some of the news agencies in the area, or places like Wired.com (I would mention ZDnet.con / TechTV.com, but they are pretty much owned by Mircosoft). You never know, a bit of bad publicity for the University goes a LONG way to getting them to fix things for the better.
You PAY to attend college, why in hell should they practically OWN you when you are attending? That is completely ridiculous! You PAY to live in a dorm, should it not be treated like an apartment? Legally, it's their property, you sign a contract to attend or whatever... however, legal issues be damned, I don't give a fuck what the legal issues are that's just plain not right.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
If you are living in a home that no one but your family has access to, you have a reasonable expectation of privacy. That's different.
Think about this ... when you live at a college, think of all of the people who have access to your dorm, mail, etc. The number is staggering.
Hmmm. Hardware designs...consortium...not disclosing ideas to others...I've got it! He works for Rambus!
It was reported on Slashdot that a Kent State University student is facing charges for alleged misuse of university network services (read the original article here). I have seen many different sides to this story. One side is indicating that the student in question here should be free of all wrongdoing because of what was claimed to be "tools used to commit computer crime" turned out to be nothing more than the game Starcraft. The other side is that since this student's actions disrupted network services across the residence halls, this student should be punished accordingly. How would you rule on this case if you were the judge presiding over the matter?
Can a university filter or block incoming http requests through a proxy and record outgoing responses? If they can, which universities do and which don't? Can a university come in my room and say "we have reason to believe you are breaking the law" and take my box and look in it and do what they want with it? In a more general sense, can they seize my property while I'm on campus? Which schools do this? Thanks, Travis forkspoon@hotmail.com
My university recently blocked Napster ports, because Napster use was using 46% of the total bandwidth available to the campus. This is largely due to a handful of individuals who were hosting dozens of gigabytes of MP3's to the rest of the world. Now, because of their irresponsible actions, none of us have access to this service. Perhaps the right to arbitrarily disable accounts isn't such a bad one to give the admins.
An unjust law is no law at all. - St. Augustine
At my high school (actually these policies are in effect for the whole school board), we're not allowed to check email - HoTMaiL, Yahoo!, POP3 accounts, nothing. We also aren't allowed to use forums (Slashdot is one exception that I've seen.) And chat lines, are definitely out. However, teachers have their own POP3 accounts (I believe they are hosted on our school board's servers) and I have seen MANY teachers checking their accounts at school.
Our comp. sci. teacher allows us to check mail, etc (and he even made a Yahoo! group for our class... there are loopholes that we've found that allow such access), but only during class... if we're caught by the network admins while in the computer labs, it's a warning, then an account suspension... anywhere from 3 days to indefinitely.
My question is this: Do you think students SHOULD have access to tools such as these? For example, the Yahoo! groups have so far been a tremendous boon to the class, as I can log on and share information at 3:30am if I wish. I realize that the possibility for abuse exists, but would the benefits outweigh the possible abuse? Do you see any form of electronic communication (forums, email, whatever) as a viable teaching and education tool for use in schools? I have heard of some high schools providing email access for their students, but said students must sign a form allowing the school's administration to regularly review their email (and other) messages... what are your views on this type of moderation / restriction? I look forward to your reply! - Peter
Despite some very fashist policies--you're supposed to use everything for "school-related" activites--that goes for email, web and high-speed connections--these rules are not actively enforced.
However, people DO get in trouble on regular basis. For example, they swear out their former g/f or b/f--who forwards the message to the appropriate office.
I assume this is the case for most other colleges as well. (Oh, yeah... Napster is gone too--though this may not be an issue for too much longer.)
witold.org
The university I attend seems to have an interesting twist on the "we own your data" concept. While it is a violation of university policy for me to break into any other computer on the network, the school aparently reverves the right to bypass all security mesures on any computer on the network. I am personly portscanned by the IT department ever day at 3:30. As soon as i notice this i put up a firewall. however I know at least 3 people who's computers have been broken into. I also have logs of attacks on my computer. the AUP states that having "tools for bypassing network security" is basis for having your network access revoked. After I approched them with evidence of the attacks comming from their section of the network they told me that if I didnt remove the firewall's from my network connection I would have my network access revoked. So far this hasnt happend. Assuming it does, do I have any recourse?
distrust any enterprise that requires new clothes!!!
Then by definition, your use of the (non-private) network immediately constitutes violation of your NDA.
All your base are belong to us.
-- atomly
The colleges' IT departments see it as a matter of resource ownership. They own the hardware that supports the network, and thus they feel that they have both responsibility for and ownership of the data that travels on the network.
The problem, of course, is that there are plenty of existing analogies. Most closely, most schools have their own PBXes. That doesn't give them the right to tap students' phone lines. Schools also own the mailboxes, and often maintain an internal mail routing system, but that doesn't mean they get to read the students' mail, and claiming that they OWN the mail just because it was routed through a university-supplied system would be laughable.
The reason they don't get to do these things is that there are federal laws making it illegal for them to do so. There are no such laws regarding network traffic, as far as I know. That's the difference.
I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:
- There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.
- It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.
- Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.
- There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.
In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?--
Forward, retransmit, or republish anything I say here. Just don't misquote me.
To start, you might try not talking like your opinion is the fundemental revealed truth and those who disagree with you just don't "understand". That seems to turn a lot of people off. You might be better off asking
"What is the best/most effective argument to win over non-techie or other disagreeing types to my point of view that the computer/internet is just another form of media and should be treated just like we would books/video/magazines?"
If the additude in your question spills over to your conversations with those you don't agree with (techie or non) you are unlikely to win converts no matter what arguments you use.
Kahuna Burger
...will work for Chick tracts...
Well, that makes perfect sense! While we're at it, this is a good way to take away the rights of all US citizens living on US land. I mean, police protection is a public service. The roads, enviromental protections, and noise ordinances are public service... Obviously you OWE the state, and one of the things that they want is your private information! You don't like that, well, tough! Move somewhere else or buy the land from the government and start your own country!
Sorry, this arguement does not stand. At public universities, just like at public primary schools, you do not waive your rights for the very reason that it IS a public service. Private schools can basically do whatever they want in this realm, and the free market (and rarely, a board member's ethical stance) will decide what's bad practise and what's fine.
As many others have stated, your dorm room is equivlent to public housing or to an appartment. True, you may not own the deed and it may be government sponsored, but that doesn't mean you lose your consitutional rights. Search and seasure, free speech, all that still applies.
Saying that you forfeit your rights by using public services is like saying, "Well, you can be any religeon you want, but only True Christians have the moral ability to drive a car on public highways. All you jews can just buy your own damn roads if you want your religeon that badly!" (Ok, maybe this is a little extreme, but it's fairly close)
-ben.c
have you noticed that irt port scans the entire network on commonly known ports? trust me they probably violate more of their own policies than most of the students do.
distrust any enterprise that requires new clothes!!!
Hello Mr. Kadie, I am a student member of the EFF and would love for you to comment on this:
Recently for my Interface Design class I was *required* to submit my research paper to http://www.turnitin.com, a "service" for professors to easily determine if their students have plagiarised.
There is no written university policy on this, simply a mandate by a few professors, and I have a few concerns.
First, iParadigms is not a non-profit educational institution, it is a for-profit external business that the university is relying on....sooooo:
In the fine print of turnitin's policies, it is clear that their service is provided "as is." Now, as a student, my paper and references certainly are not as is - How can I be sure that whatever algorithms they're using won't falsely link my work to another document - and if so, where does the liability lie? (as stated, no university policy)
Second, they are archiving all of the work that we submit to be checked against future submissions. So now, students are beyond worrying about loss of work to the University, we've lost our work to an external business that we were FORCED to use!
Finally, in regard to this archive that iParadigms is collecting, what is happening with this giant archive? What happens if a giant conglemerate (eg. Microsoft) buys out iParadigms, who posesses our work then?
Thank you very much!
But I'm very curious as to what you forsee in the future. Do you expect that schools will start to appeal more to students by offering less beligerant (for lack of a better world) policies? Many have said that we "shop around" for colleges more than in the past; can you see this as being akin to the "Hah! Microsoft expects me to abide by these terms of service?! Yeah right! I'll just go to [competitor]". (Where "competitor" is usually Linux.)
_________________________________________________
________________________________________________
suwain_2
Working for Computing and Communications Client Services at the Universiy of Washington, going into and looking at peoples accounts is an everyday type thing. Sometime people have some serious issues and when they email us asking for help sometimes it is something that can be easily fixed by us in two seconds, and rather than having to write a detailed description of what they should do we fix it for them. Often that entials going and messing around with their email inboxes, webpage files, etc. We are pretty unrestricted in what we can look at. Mind you we aren't allowed to do much of anything, unless we are undoing something we did.
n es.html
At UW, where you can do just about anything as a student(set up ftp servers in your dorm room, free dial-up ISP access, have streaming media on personal webpages) with a huge amount of resources (including having a reliable cross campus 100Mpbs connection), I couldn't find anywhere in its policies where it said it owned any email or files. But it did say it had the right to access, monitor and take to court any information that you have.
http://www.washington.edu/computing/rules/guideli
If by access, you mean illegally, then yes, a large number of people can get into your dorm room.
If you mean legally, it's actually a very small number of people that have access to your room (like, you and your roommate, if you have one) except at certain announced times, usually while you're not living there. Plus warrents, plus probable cause (which at UMass means seeing a bong, which are illegal in Mass, or other illegal objects which is in CLEAR SIGHT ie if it's under a sheet, it can't be touched. This is all assuming you open the door, which you have no obligation to do). At least that's the way it is at my college.
I haven't looked into the mail yet, but i know i never signed anything telling them they were allowed to read my mail, and i'd be very surprized if i found something to that effect.
-ben.c
I liked Papa Del's but I tended to eat lunch at the Lincoln Ave. Garcia's. My preference for Garcia's is probally out of habit more then anything. My ex-wife was a RA at LAR so it was easier to eat there. Personaly I would be happy with either... no one in Ky can cook a decent pizza. If Champiagn had had a Cripsty Creme I would have been in heaven.
Kenneth F. Keslar II
When I was an undergraduate at Rose-Hulman (many years ago) a fellow student received a postcard that was rather embarrassing. The campus post office tacked the postcard up on a wall for all to see. The question to ask yourself is "would a non-college post office do such a thing to a member of the community?" The answer is "of course not." However, as those of us who have been university students know, there is an attitude prevalent at institutions of higher learning along the lines of "we'll take your money, and why we're at it we'll control everything about you at the same time." This is one big reason I am excited about the potentials for non-traditional or distance learning to free young adults from a system designed to prepare them to be willing and abused servants to corporate employers during their working years.
"My mother works for Microsoft now. A whole other cult."
My school has recently instituted a new filtering policy, using N2H2's Bess. In addition to the usual hardcore porn and such, access to Napster (but no other such services) is blocked.
My question is this: how often does this sort of thing happen, not out of concern for students, or even out of a desire to enforce morality, but instead to placate the higher-ups in administration, or money-donating alumni?
How do you feel about the fact that this sort of thing is usually unevenly implemented, with little concern for the effectiveness of the solution, focusing instead on the appearance of having a solution?
Didn't the Dakota and the Aston, et al get cable modems because they're not (yet?) wired in fibery goodness? How does that work, policy and policing wise?
10. All data, programs, and files placed on or contained in the University computer systems are subject to the University's copyright, patent, and privacy policies.
Damn it all...and I was going to publish that stupid CD database from CS135 (Ada95 class).
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
Back in the days of 300 baud modems, the University of Michigan used to charge over a thousand dollars (sixty million dollars adjusted for inflation) to set up your dorm room with a 9600 baud connection to the campus network.
I am for the complete Trantorization of Earth.
Sanctioned how? I am a student there as well as a linux user, and have heard nothing about this.
Please email me.
Thanks.
Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
Go to start/settings/printers, file/server properties/advanced and untick 'Notify when remote documents are printed'
For no netware popups at all, go to start/settings/control panel/network/services, click on properties for novell client, go to advanced settings tab, select recieve broadcasts and set it to None
PS. This is not a fault of netware server at all, it's just the default settings for client32. I also doubt that they are using Netware 10 as it does not exist, and I your support team may be correct when they say that it is a recent version.
You are not being forced to do anything. Your association with that university is voluntary. You agreed to it.
This is beginning to sound more like a consumer issue than a civil rights issue. Perhaps if there was more competition among the schools, and if the terms of the agreements were really well understood by the students ahead of time, then this problem wouldn't exist.
Perhaps the best thing to do would be to concentrate on high school seniors and encourage them to check on these things before signing their lives away.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It all depends on how your "leasing" arrangement works. You might want to look at it.
I know that at my school, The University of Alabama in Huntsville, the state is the lessor and the student is the lessee. In that arrangement, all the lessor has to do is perform routine health inspections--which my current apartment complex can do, too, if they feel the need.
At UAH's dorms, folks can do lots of what they want with their connection, but running servers usually gets you pzapped, because our bandwidth really is in short supply. UAH also kadinked Napster for the same reason [officially]. I do know I saw the effect of Napster on our network personally, because my computer in the SGA Office would slow to a crawl, connection-wise, when all the students got out of classes and fired their downloads back up.
But back to my original comment, your privacy questions mainly have to do with the way your leasing/rental arrangement works. If you're signing a lease, read the lease. If you're paying a fee [and there can be a difference], there's a big difference. Varies from school to school and lease to lease, just like the rest of the world.
--
-- Geof F. Morris
FWIW, the university that I attend had a DOS attack on our main Library. A student organization checked out approximately 5000 books and locked them in a rental truck as a protest over the lack of funding for the specific group.The library system has over 4 million items, so it was more of a nuisance than a large issue. However, the amount of time that the librarians had to spend filing the books after their return was nontrivial.
--I hate people when they're not polite -"Psycho Killer", Talking Heads
The fact that employers give money and let you keep your rights, while colleges take your money and do not let you keep your rights may be why so many college students are dropping out to get jobs.
Also, did you know that Wells Fargo ditched Netware for Win2K? Yeah. Credit Suisse First Boston is also using it. Besides, even though they have 6- and 8- drive arrays, these servers have to be running a reliable OS -- and Linux isn't one of them. If a Dell desktop computer can stay running for more than 720 straight hours of work three times the intensity that a normal human puts the computer through (ZDLabs actually did this test) while a comparable Linux box is spitting out three core dumps per hour, then it's obvious which OS you're going to choose.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Bulletin from the Real World: Nobody is responsible for your data but you. If you have irreplaceable information, you'd better keep your own backups. If you have highly confidential data, you'd better store it encrypted (at the very least) or not transmit it across publicly available systems at all.
University AUPs may indeed be overbroad, but that's no excuse for not practicing safe computing in the first place.
"Biped! Good cranial development. Evidently considerable human ancestry."
It is your computer, not theirs. Run whatever OS you want on it. If it can't connect and function on their network, it's your problem. However it can then it is your right to use it on the network. Linux/non-major corp OS users should not resort to begging for permission.
The Bill of Rights has been in many cases been applied to state governments through the 14th amendment. The local governments have NO (emphasis on NO!!) rights whatsoever in the United States Constitution. All local governments exist as corporations created by the state governments and thus they are totally under the jurisidiction of the state government. With that in mind you cannot be forced constitutionally into giving up your rights established by the Bill of Rights by any government agency unless in time of "rebellion or insurrection" (ie when martial law has to be declared). Even then it must be the federal government that does it of course. In other words the state and local schools of all levels that do this kind of stuff are doing it on very shaky constitutional grounds because in the case of k-12 schoolin it is compulsory unless your parents pull you out of the system (which isn't the easiest thing to do). At universities that require freshmen to live on campus in order to be students, the same principle essentially applies to a lesser degree because you don't have to go to college under state/local law. My solution is to talk to some local attorneys or civil rights groups and see if they would like to try a case like that if you get into trouble. IANAL, but I think your university is in some seriously dangerous legal waters if it acts too arbitrarily.
SSH is allowed on campus.
The message on the other side of this sig is false.
You will apologize for that insult. Yeesh Rambus... the horror.
The message on the other side of this sig is false.
There are a few theoretical issues in regards to virus software running on a mail server. This I am thinking would be more important in the case of a University Mail server due to the extremely large number of computers and the diverse user knowledge base. Another issue is some students write programs, some need to send these to their account to get them home. Some students (there are always some) that wish to push the boundaries, Kevin Mitnick abused his position as a student at a local college, and abuse the system setup to provide everyone with the facilities to do their job.
My question is when running a mail server to clean attachments of viruses what should be done.
1. Should this email be sent back to the sender and request the virus be cleaned and try sending again.
2. Should this email be cleaned and hope the integrity of the document is not compromised
3. Should the body of the email be sent to the recipient and tell them to request a clean attachment from sender 4. Delete all attachments
Now there are always some people apposed to all points. Either takes too long, or they can't get their work done with these practices and so forth.
This was just a personal ponder and not related to my current employer.
Move out every 'zig'! Will the mocking of Zerowing ever die?
That applies to your employer just as much as to your university.
I'm a university librarian and a network administrator, and have been in both of these areas since punched cards (and an RJE terminal and an ASR-33 TTY was the network). I'm extremely strong on freedom of speech, and would make no speech illegal. I also support the second amendment, as well as the first. All that being said, he who owns the sandbox makes the rules for those who play in it. Even Charlie Brown can take his football and go home.
If you go to a private college, your tuition and fees pays most, but not all, of the costs. If you go to a public college, the fees and tuition probably pay less than half of the cost. The rest comes from donors and taxpayers (yes, you're a taxpayer, too, but your contribution by that means is trivial).
We all want the network to be incredibly fast and reliable, but those cost money, and if you're using it all on MP3s or whatever, then someone else is hurting. Those hurting may be other students trying to access remote databases for full text journal articles (my university has almost 80 of them, in all fields). If your buddies are clobbering the network with DoS attacks, with high bandwidth games, with MP3s, or whatever, then you're going to have a hell of a time getting those articles from the ACM Digital Library that you need for your paper that is due tomorrow. Then who's pissed off?
As far as privacy goes, I've never heard of a university that routinely monitored anyone's email. They reserve the RIGHT to do so, the same as they reserve the RIGHT to check your dorm room. Having the rights and exercising them are two different things. Do some universities abuse these rights? Probably, on occasion. Are these regular events? Not bloody likely. But I can't deny that the world is full of assholes. Just think of the hundreds of MB of email that is passing through the various mail servers. Who the hell could possibly try to read it all, and why would they want to? Then multiply that by all the other types of traffic, and you see it quickly becomes impossible for all practical purposes.
Now if it has been reported that Joe Blow is sending threatening emails to GWBush, then you can be damn sure that there will be quick action to check on what Joe Blow has been sending. We had something similar on our campus a couple years ago, except the threats were to the university president. Yes, the mail was tracked and action was taken. Sending the college president an email that you don't like his policies is fine; threatening to blow up his house with him and his kids in it isn't.
Similarly, in our university library recently a guy was looking at kiddie porn. When it was reported to me I checked the proxy server logs (all public workstations run thru a proxy server to block access to free email, games, and chat...you can do those things in over a dozen computer labs, but the library doesn't have room for other than research workstations...and we do NOT block content, you're welcome to look at porn if you wish). I clicked up some of the sites he was viewing, and they did indeed appear to be adult males engaging in sex with pre-pubescent females (and not just adult women in pigtails and cheerleader skirts with shaved pussies). So, after checking with my boss, I called the sheriff, who provides campus security. The deputy came over, personally watched him looking at kiddie porn, took my report of what happened and what IP numbers were on the computers he was using, took a zip disk full of the last four days of proxy logs, and took the guy away in cuffs. I don't know what has happened since; he may not have been prosecuted, but I'm sure he won't be back in the library. Some staff complained that "we didn't warn him" and that he "might not know it was illegal", but since some of his searches were for "illegal kiddie porn", it seemed he knew what he was doing. Plus, ignorance of the law is still no excuse. (Gee, officer, I didn't know I couldn't shoot my stupid wife, she deserved it, and.....)
In at least 44 states there is a state law forbidding the disclosure of ANY information on what books anyone has checked out to ANY other person without a court order. I've enforced that, including when cops were trying to weasel info out of us on who checked out books on explosives after a student bar was blown up near campus. They never did get a court order, and never searched our records. They did arrest the criminal, a non-student who did it for hire, as the bar owner wanted to collect on insurance before he went bankrupt. For the same reason, all library notices are sent in sealed envelopes. Would you want your wife to see the overdue notice that you hadn't returned "How to get a quickie divorce" and "The Joy of gay sex"? I kept a number of students from being hassled by the law.
I can also say that over the years I've told many faculty and administrators and parents (as well as other students) that they couldn't see who checked what out, even if the student was under 18. We keep a copy of the law available for their review. Of course other campus offices do the same due to FERPA and other federal and state laws.
Remember, invading your privacy on campus is not something done lightly or without cause. Control of bandwidth is done for the benefit of all. Speed limits are also for the benefit of all, even though I often get pissed off at them when I've got a good, clear, open road in good weather and no traffic and the limit is 55. But when I get busted I pay, and don't whine. I made the choice.
Is life always fair or the way you want it? Hell no. If your mama promised you that it would be, she was either lying or terminally stupid.
dan@riverofdata.com
Yes, I posted a real address to a real domain.
At Penn State every student's phone number and address is available on the web. Students can choose not to publicize their directory information, but a lot of students don't even know the directory exsists. The really scarry thing is besides the web directory, anyone on the Internet can type finger userid@psu.edu and access that user's directory info. I've heard about countless instances where the wrong people got a hold of this information.
Easy solution here: Write your own software :)
Paizurishitetai desu ka?
Does the policy really matter if it is never used. I am not even sure of what the policy is regarding the email that I send from my school's email account, nor do I care. If I want to make sure that something I send can't be read by anyone else, then I use PGP, or some other encryption. Just like when I enter Credit Card info I make sure that the little lock is closed on my browser. Yes, I know that the website's privacy policy still may determine whether or not my credit card info gets out, but it is still guarenteed by the credit card company. So who cares? BTW, if you / students do care, then they should gripe to the school, so they will do something about it.
Right, I'm an Electrical and Computer Engineering major, and the SGI lab is definatly locked up; need a swipe card to unlock it (Not a GWorld). I was in there on a tour awhile back, and it was nice...all kinds of different workstations, and an Onyx deskside. The plate on the door says "Biomedical Imaging" or somesuch.
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
As an IT employee of a university, I personally witnessed student activities clogging our network and stripping legimate outgoing traffic to a hault. We got a device from Packeteer that is a device that sits right ahead of the router that directs traffic off our campus. I am sure similar devices exist, but pretty much, the solution to you problem goes like this: The packeteer will prioritize traffic going to and coming from certain IP addresses, allowing them to comsume more bandwith (ie servers and users requiring extra bandwith for legitimate work-related reasons). It will also show the top talkers on the segment right head of the off-campus router. So, for example, when we saw a ton of bandwith usage on a given port, we then step in with a sniffer, see where its going to (ie Gnutella) and then implement a policy on the box to limit the maximum available bandwith for all traffic that matches. Ie, AudioGalaxy is limited to a maximum usage of 100K of bandwith by this device. So all users share this maximum 100K rate limit among them (10 users=10K, in theroy). And its effective, you CANT spoof it by trying to disguise traffic on a different port. The device is smart enough to rate limit our Napster traffic, even for the users who use port 80 as an attempt to disguise it as web traffic. Pretty much, what I am saying is that if something needs to be done to prioritize traffic and reduce non "supported" traffic flows, a device like this will achieve it.
This system is to be used only by authorized personnel, and all others will be prosecuted. Activities on this system are automatically logged and subject to review. All data on this system is the property of Western Illinois University, which reserves the right to intercept, record, read or disclose it at the sole discretion of authorized personnel. Specifically, system administrators may disclose any information on or about this system to law enforcement or other appropriate individuals. Users should not expect privacy from system review of any data, whether business or personal, even if encrypted or password-protected. WIU abides by the Family Educational Rights and Privacy Act of 1974, and takes precautions to prevent the disclosure of confidential information. Use of this system constitutes consent to these terms.
I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.
When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.
Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.
How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?
First of all, a student is a customer, not an employee, so the school doesn't have any of the rights of an employer.
In a dorm situation, landlord-tenant law applies, and states restrict the power of landlords. For example, in most states you have the right to "quiet enjoyment" of the leased premises. This varies widely by state, though.
Confiscation of anything without a court order is theft and should be reported as such to the local police and district attorney.
Whether a school that offers network access in dorms is subject to regulation as a regulated common carrier has been litigated at Stanford. Stanford won. It was a big deal, too; Stanford operates a full-blown telco (voice, data, cable TV, videoconferencing, DSL, and cellular), charges for everything, and requires on-campus residents to use their services, including ordinary phone service. Students don't even get to choose a long distance carrier.
I own the connection and the computer. What business do they have to search my system.
The message on the other side of this sig is false.
Why does all this surprise anyone? The avarage college campus of 2001 is probably the LEAST free place to be in the USA.
With PC "speech codes" to some wacko colleges even outlawing ALL male pronouns, things have gotten very stupid.
Professors who dare teach Western literature and history have had their courses cut out or else controlled... Feminist professors get to exclude men from here classes and NOT end up getting fired (what would happen in reverse?).
Should anyone be surprised, that in this atmosphere of TOTAL lack of free speech, or free thought, or ANY freedom to challenge the "truths" of the establishment (left wing) that personal privace is any concern?
In all honesty, these days, if you are going to be anything but a teacher, doctor, or lawyer, avoid college like the plague. Lack of a college degree really won't hinder you at all if you have IT skills and experience. Saving yourself 4 years of falling behind in the job market, and a LOT of money will put you ahead.
If I were a consipracy theroist, I'd almost say that the horrid US educational system, from K-college serves the establishment ruling class (government) by producing ignorant mis-informed robots who do what they are told and don't question authority... Though we haven't QUITE declined to the point where this is reality yet, we are headed there.
=== The price of freedom is eternal vigilance
This year, my high school (Sorry, not yet in college) received a grant from the State of California to buy new computers (I believe they received about $300k). Since they got all these new computers, they decided to implement a whole new system for the computers so that they could invade students privacy as much as possible. Every student is required to login to the computer with their username and password. The school tells all students straight out that they will be monitored, but not to what extent. They also tell us that the student is responsible for any activity that happens on their account, even if someone steals their password.
And here comes a nice twist. The geniuses that my high school hired to setup this whole elaborate system left a batch file (that anyone could access) on the network for weeks that contained every single username and password for teachers and students. Now, my question is this: How can I be responsible for what someone does with my account if the school's lack of security is the reason they obtained my password?
I notified the sys admin at my school of the problem and he blocked access to the directory with the batch file, but there's no telling how many people downloaded it. And now if someone uses my account for something malicious, it is my fault, of course.
I have been told by the sysadmin that all the new computers the school got have key loggers on them as well, or at least the "ability to log all keystrokes." They haven't necessarily implemented them. So if I want to check my email at Hotmail or something, they will have my private username and password on file.
Every student at school who accesses the Internet also has every Web site they visit logged to a file specific to their username. So the school can easily go through and see what Web sites specific students are visiting. I'm sure the school watches me pretty closely, the sys admin considers me to be a cracker, when I only consider myself to be a hacker of sorts.
It's the price we pay for having access to these resources: give up your privacy. The bottom line is, you have none when you are on a public terminal.
Maybe the state wants to know what you're doing. After all, they're liable for you while you're at school. Go tell the sysadmin to change your password if you think someone else has it, and then just memorize it. If you want to hack or download pr0n, go to the frickin library or wait til you get home. You're in school to learn, not to screw around on the internet in your new lab all day.
And don't worry about the key logger. All they can do is spot checks or keyword alerts. If your school is 500 or more students, you're just another number. I'd be very surprised if they were wasting the storage space to log your keystrokes.
Protector of Capitalist views,
Protector of Capitalist views,
Meorah
Well I'm not sure where my school lies on what the data I make or use on there network but I do know how they intend on limiting my usage of the internet. I'm from a small liberal arts school ( about 3,000 students) in VA. I'm not sure if has anything to do with the state or what but for some reason the system adminstrators feel is nessacary to have a firewall that blocks EVERY port plus does some other goodies (It filters or slows UDP packets so when I play online fps it makes me choppy for one). Why would they do this? Why our friendly DOS attacks have the admins in such a fret that if they let a port open where doomed. Now don't get me wrong. I am sure the school is hit by hackers looking for an open system to bounce from or just to screw with but there has to be a better way to do this. I recently bought Gamevoice so I could play with my friends online (yeah boo hiss M$ its actually pretty cool). problem is you need ports open. So I asked the Director of Network Services if it was possible to open the neccasary ports (I've also talked to him about hosting servers, ftp, http, game, or whatever, no dice. we are not allowed. period). I told him it would cause little bandwidth usage. He said he would present it to the Internet Committee (yes we have a committee who decides what happens with our internet access, oh and they meet once every two months..). Of course they said no. I know its only for gaming purposes but still. This is my only isp. I am paying a technology fee for the use of it. If this were a regular ISP no one would sign up (well maybe they would for the t1 speed but during the day thats drained like you wouldn't believe). My question would be is there a possible alternative than this ahem anal way of protection? Or would this just be the policy of my colleges administration? Anyone else have this problem? Oh, and on one last note. The school is suppose to provide a newsgroup service. However this is on hold because someone on the committee wanted a complete listing of all newsgroups so they could filter out which ones are inapporiate... yeah I'm thinking about transfering. and yes the internet does mean that much to me. "Time is the best teacher. Unfortunately, it eventually kills all of it's pupils."
-Teiresias
It solidly tests out at 8-9 megabits on any test site that goes fast enough.
Now, she pays $550 a month for rent, but has a connection that would cost well more than that. I am not talking in DSL prices, we are talking a connection equivalent to a fractional T3 which would cost approx $2000/month.
In exchange she agrees to not run a server, or abuse the bandwidth, and I have read the AUP on it and it does say they will monitor e-mail. Is this a fair price to pay?
Also the bandwidth that college students enjoy would be expensive for them outside of academia.
What kind of "abuse" (definition varies) would constitute a valid reason to sieze my computer or read my email?
I'd probably leave computer seizure to the police.
A valid reason to read an email message is to see why you just sent out ten million copies of it through the campus mail server.
The point I was making is that there are two sides to this. Casually dismissing the rights of some users is just as bad as casually dismissing the rights of administrators or casually dismissing the rights of other users who want nothing more than a stable network with moderate access to bandwidth and don't appreciate your "right" to decimate services while protecting your own assumptions of privacy.
I've been a network administrator before. I know that it's not easy meeting the needs of your users, especially when one or two out of thousands are determined to fuck everything up.
Give administrators the authority to take action to preserve the network for the significant majority. Hold network administrators accountable when they abuse their authority to play politics and advance their own selfish agendas. Hold users accountable who abuse their access privileges.
Above all, avoid kneejerk reactions based solely on one narrow point of view when deciding large policy issues that affect a lot of people.
Why are you letting these clowns ruin our country?
Enlist your students! Student workers will usually work for comparatively little money if they're doing something directly related to their field of study. For example, as an undergrad, I managed 10 employees and 16 PCs & Macs plus the printers and a LAN, as part of a student-run computer lab sponsored by one of the colleges in my university and got paid $5.50 an hour for it, 10 hours a week. You'll be providing the students with valuable work experience and exposure to technologies they might not otherwise get access to until they hit the Real World.
If you're wanting to do something particularly cool & interesting (like, say, deploying an internal PKI), you may even be able to find people to do it for free, just because it's cool & interesting or because it's something they believe in.
Don't just limit your focus to the CS/EE geeks either. A university is also a business, and all projects need direction (i hesistate to use the word m**agement here). Some proto-suit in MIS or pre-biz could use that experience. Let the pre-law upperclassmen tackle your policies. Marketing/PR/journalism/English people can sell it and make it known and accessible to the masses. For the price of one or two paid employees to keep an eye on things, you could have dozens of student workers who are motivated not only by direct compensation, but the critical experience- and resume-building that will get them their first Real Job in a few years.
The transfer of knowledge between a educational institution and its students shouldn't be in just one direction. Suggest a need to the right people and you could be amazed at what they come up with.
I've read several of the comments here, and there seems to be somewhat of a consensus that universities have policies which would be otherwise unconscionable. So why do universities abuse students the way that they do? Because nobody challenges them. Public universities, especially, are bound by the constraints of being government actors. They write these draconian policies mostly to discourage activities they don't want occurring. It scares the students into complying. But what if you're caught in noncomplience? What if the rule is something a state actor can't do? (such as the illegal searches and seizures described in this thread) The fastest way to get a university to change a policy is to retain an attorney. Universities hate lawsuits because it brings those unconscionable policies into the public eye. Normally they'll back off when you tell them that you've merely retained an attorney. I've personally seen several instances of this in my own tiny, conservative, southern university. Recommended Reading: The Shadow University by Kors and Silverman. I think I paid like fifteen bucks for it on Amazon. It'll give you a better understanding of the near-criminal enterprise that is modern academia.
well...."all your data are belong to us" is clearly a derivative of "all your base are belong to us" which is from the video game "zero wing"
This ia a little piece of history dealing with CCSO and UIUC dorm room servers.
Back in the stone ages, sometime in the 1993 or 1994 time frame, there was isr1022.urh.uiuc.edu. CCSO had ceased to carry the alt.binaries.* newsgroups, so one enterprising student with a 486 and 1.8 Gigs of hard drive space paid for an off-campus newsgroup feed and mirrored those groups. To make his and other's lives easier, he even used AUB to decode the newsgroups and made the resultant binaries available via FTP and HTTP.
Mind you, as a responsible network citizen, he limited access to the uiuc.edu domain. Still, at one point, he was doing 5 Gigs of traffic a day. The machine ran Slackware Linux and had the world's cheapest NE2000 10BaseT ethernet card ever. Even so, it rocked, and had pretty awesome response times. (BTW, 1.8 Gigs of HD space cost something like $800 back in those days)
I've heard that CCSO used to make up these pie charts that showed bandwidth by subnet. However, there was one slice of the pie that was notable, because instead of a subnet, it was a single machine: isr1022.
The other notable thing was that CCSO had refused to carry those newsgroups because of the "drain on resources". However, a crappy little 486 (albeit with a big ass hard drive) was able to handle resultant traffic with relative ease, so even back then, linux kicked ass.
In any case, I suspect that this machine got CCSO and URH thinking about what would happen when everybody had the ability to set up a server like this, and that today's 500M cap is a result of that thinking.
I decided the purpose of the packet, I decided where it should go, I may have even written the bloody software that sent the packet.
Your telephone wire plugs into the line owned by the local phone company which then reaches lines owned by the long distance company. Get a clue.
The message on the other side of this sig is false.
I find this appalling. (What they did.) Now, maybe you shouldn't have used a differend IP, but the punishment is certainly quite harsh! My suggestion is this -- they want a list of what you intend to download. Do so. Go to Freshmeat, SourceForge, etc., and make a list of any programs that you find remotely interesting. Mail that entire list to them.
BTW, am I missing something, or is the punishment completely irrelevent? You used the wrong IP address. What does this have to do with downloaded software?!
_________________________________________________
________________________________________________
suwain_2
Aside from asking people at the college, are there other outside organizations I can check with who keep track of these things?