Slashdot Mirror
Ask Carl Kadie About Censorship and Privacy at Colleges
We've received a lot of inquiries recently about computer policies at various colleges and universities - usually the policy goes something like: "Anything you do or say on this network is ours, we own it, we can read your email, we can delete you, too bad. All your data are belong to us." Oddly enough, these sorts of policies are in place even at schools that would never dream of snooping on students' postal mail or the books they read at the library. Carl Kadie has been EFF's longest-serving volunteer, doing work for the past ten years in the area of academic freedom and computers. He's written two book chapters on the issue and helped examine, critique and improve the usage policies at many universities. Post below any questions you have on computers and academic freedom - maybe your school has a particularly bad policy, maybe you just have a general question - and we'll pick the best ones and forward them to him for a response.
As i know universities in the US, they also own the postal office within campus grounds.
Since both use a medium owned by the university, and both are 'private communication', does this mean they also have the right to read your private (snail mail) letters?
-- Chris Chabot
"I dont suffer from insanity, i enjoy every minute of it!"
Sad.
is the best/most effective argument to get non-techie types to understand that the computer/internet is just another form of media and should be treated just like we would books/video/magazines?
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
How would you suggest balancing the privacy needs of a University community, the security issues created by such a diverse group, the issue of academic freedom, and the fact that college IT departments have serious staff/load/pay/tech issues?
Eric Aitala
www.f1m.com
Here, they have everyone sign into the Academic Computing labs (the labs in engineering are unmonitored). Then they assign you to a particular computer. This is so they can give the logs to law enforcement personel/so forth.
Ironically, they don't have you log in with a unique username/password or swipe or anything in that nature. No offense to many of the students here, but they complain that most of the system is too hard to use as it is anyway, many would probably complain.
Also ironic, the system doesn't use static IPs... Which makes it a real bitch to trace through the logs anyways.
Eh...
I spemd time chatting about hardware designs. I have a responsibility to not one company but a whole consortium to not disclose the ideas we work on.
How does that work with Network Use Policies?
The message on the other side of this sig is false.
We can complain all day about how terrible schools' policies regarding their networks and the internet may be, but what can we do about it? How can we help universities realize that such policies are un-american? As IT professionals, and members of society as a whole, how can we help to remove the fear of the internet that produce such big-brotherish ideas?
----
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?
--Z
"Anything you do or say on this network is ours, we own it, we can read your email, we can delete you, too bad. All your data are belong to us."
Doesn't that mean that they are partly responsible for the rampant piracy that goes on within the residential networks?
Just a thought...
Dirk
I keep trying to pick fights, but I can't shake this Excellent karma.
I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).
It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?
Pacer
In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?
--
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?
- "Never let a computer tell me shit." - DelTron Zero
I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?
-
I'd rather have a bottle in front of me than a frontal lobotomy.
I go to school in Boston and recently was told in class that a kid managed to crack his way into some of the NSA's computers. The NSA asked my University for logs of the users network use and the school produced detailed logs going back to when he registered his computer for network use. Pretty scary that the school would actually record all our network use. Obviously not the packets themselves, but hosts the kid connected to and so on. Scared me pretty good.
-----------------------------------
I don't think, therefore I'm not...
Many universities also forbid using their network resources for business-related activities. (I think this is an incredibly counterproductive policy for both the university and the students, but it's often in the contracts.)
-John
Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around. However, it doesn't say that they can't.
how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
1) Public Universities are in general more constrained than Private institutions in regulating speech, under the 1st Amendment, and in some cases further restrained by rulings under State Constitutions' free speech clauses.
To what extent does this make "It's their hardare" arguments vulnerable?
2) Do State or Federal infrastructure grants to privte Universities make their Net facilities Public Fora?
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
At my university, you connect through the university phone system which makes dial-up impossible, and they don't let you use cable-modems. This neighborhood lacks any DSL or anything like that, so in other words, if you're on res, its Resnet or do without. As a result the university can impose whatever net policies they like, at any time, and we can't do a thing about it. How can this problem be handled?
Insert obligatory plug for free data encryption tools and secure protocols here
This message was brought to you in compliance with the "Slashdot Encryption Reference Requirement" stating that encryption and its merits must be invoked when discussing anything plausably relevant to it
-----Obligatory Encryption Related Post Sig------
When cryptograph is outlawed...and so on, and so forth
------End Obligatory Sig------
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
Stupid me, though, decided to read it first. One line said that I agree to abide by the software licenses of all the software packages installed on the system. When I asked to see these licenses, the sysadmin got all heated and refused. I asked if they were posted somewhere or stored on-line. He said, no. When I asked how I could sign to agree to follow licenses which were refused to be presented to me, he said, "well, you have to sign or your account can't be re-enabled".
Hmmm. Sign or be unable to do required schoolwork.
So I signed but wrote next to my signature that staff refused to show me the SW licenses they required me to agree to above. The sysadmin grumbled, but accepted the amended TOS form.
I heard similar tales from students at other universities and schools. WHY DO SCHOOLS DO THIS?
The last two companies I have worked at have had policies like this. They kept them around while not enforcing them so that they could 'weed out the bad eggs' whenever they wanted an excuse to fire somebody.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I certainly hope this dosn't mean that uni's or colleges can just simply read the students mail. It should matter where the mail is. It is still directed to one person, and only that person. Just because the college or university has a mail deposit centre for the post office to drop off mail to all the students living in residence, should not grant them the right to read it just because they are holding on to it until it is picked up. Same goes for Email, just because its passing through several hops to get to its destination dosn't mean they the admin for those hops gets to read all the mail. So what does it matter if it goes through the hop or stops at the college, shouldn't it still be a private message protected by some sort of 'mail' law? Or do the laws just get tossed out the window when it comes to the internet.... ah well, maybe im just confused.... anyone elses opinion would be good.
What do you mean, my dorm room is not my personal residence? I live here, and pay for the privilege. Would you be so happy if your employer forced you to live in a certain apartment building, and forced you to use the LAN instead of a modem, and then told you that they could listen in on anything on that LAN?
Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.
In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?
Thanks!
Remember it, write it down, take a picture, I dont give a fsck!
The "ALL YOUR BASE ARE BELONG TO US" quote comes from ZeroWing, one of the worst-translated games in existence. It is generally followed by "YOU ARE ON THE WAY TO DESTRUCTION!"
The proper response, by the way, is "WHAT YOU SAY?!"
There's a fandub of the opening floating around the Net; check it out if you can find it.
----------
In the acceptable use policy http://www.drexel.edu/IRT/policies/acceptableUse.h tml, the following are stated:
2. Accounts are assigned to individuals and are not to be shared unless specifically authorized. You, the user, are solely responsible for all functions performed from accounts assigned to you. Anything done through your account may be recorded. It is a violation of University Policy to allow others to use your account. It is a violation to use another person's account, with or without that person's permission.
According to Drexel, this also not allowing other people to even SIT at your computer and USE it. It also, according to them, means you CAN NOT run LINUX and give an account to a friend. The way I read this rule is that you can not give away your username and password to the DREXEL accounts! I would need to give out my username and password to the email server, or to one of the UNIX systems to be in violation of the rule, which I believe is absolutely fine. But they are trying to twist it so that if your computer is connected into the network, all access to that system is restricted to you and you alone, and I feel that this is absolutly unacceptable. Especially when I do in fact pay for this service with the room and board.
And they are in fact enforcing this on Linux systems. 2 of my friends have been sanctioned for running Linux (one of them had given an account to his younger brother, the other was just running Linux and his system was hacked, so they SANCTIONED HIM for GETTING HACKED!!!).
The other part that I have a question on is this:
8. You may not attempt to bypass computer or network security mechanisms without the prior express permission of the owner of that computer or network system. Possession of tools that bypass security or probe security, or of files that may be used as input or output for such tools, shall be considered as the equivalent to such an attempt.
Now in this rule, they first state that you MAY attempt to probe security if you have the express permission of the person's computer or network that you are probing. This seems perfectly reasonable. But, in the very next sentence they then state that having and software of devices that are used to probe systems will be considered a violation of the acceptable use policy. Now, I am a UNIX network administrator. I have EVERY RIGHT to own devices and software that will probe systems for I regularly check both my own systems, and those at my work from my home computer. I also from time to time will probe some of my friends systems when they as me to (the case of my friend who was hacked I did indeed probe his system). I have never probed any system other then ones I have been authorized to do so, but according to the policy, even though I have authorization, I can't own any software or devices that do the probing!!!
If I had the choice, I would NEVER AGREE to this policy. But I do NOT have a choice. If I was able to get xDSL, or cable modem service, or a T1 (hell even a modem), I WOULD DO SO. But we as students are not allowed to get any of these in the dorms. The phone system we use does not allow modems. We can not get xDSL because we can not choice our phone service. And we can not get cable modems because do not get cable (have very poor satellite service with Direct TV, in which we get ~30 channels).
What options do we have other then to take whatever crap they feel like dishing out? I never even realized how bad the policy was until my friend was hacked several months ago.
His system was completely compromised (they had root access). They then used his system to hack other systems. The IT center at Drexel cut his connection (I agree with them doing this), but then without even doing ANY investigation, they brought him up on charges of mis-use of a computing device, and attempted hacking. This would have DEVISTATED ANY chances of him getting a job in the future (Computer Science major). He came to me right away looking for any help. His logs were wiped, but we had a seperate log that we setup that periodically captured all processes running. In that log I found an in.telnet process that someone was logging in as root from an IP outside IP address. Using this, I then traced the connection back to an address owned and run by Shaw Cable Modem services, out of Maryland, USA. Even with this information the IT department would not believe that he was hacked, and they were going through with the charges. The worst part of it was that the IT department was SURE to have logs of the access to the machine, but they REFUSED to even look at them for us, for this would PROVE that he had been hacked. Not until I got help from my computer ethic's professor were we able to work out the situation.
He was still sanctioned for running LINUX, and getting hacked! He had to do 20 hours of work for the University, just for running Linux. Now this is an OUTRAGE!
P.S. for those that want to know, his system was compromised with the buffer-overflow security hole in wu-ftpd-2.6.0. I am 99% positive that this is how they gained access.
Long ago I worked at a University where the computer use regulations were phrased so that we could bust you for more or less anything we liked. No one was happy about this, but there was a reason: the arms race of CS students vs administrators.
:(
As soon as we prohibited antisocial activity X, clever students would come up with equivalent activity Y which would not be covered by the original wording, but caused similar (or worse) harm. It turned out that it was terribly difficult to clearly delineate what was and was not acceptable use of the campus facilities in a way that was actually useful (ie protected the privacy of staff and students, allocated server resources fairly, protected the Uni from legal liability). So we gave up
Classic quote: "Our firewall isn't there to protect the campus network from the outside world. It's there to protect the rest of the world from our students."
University network administrators accept limited public funds to provide a particular subset of functionality to meet particular goals of the university. They have a great many technical and legal constraints (both internal and external) on their solutions. Many of these constraints are legitimately addressed by privacy intrusive policies.
When publicly available dial up and broadband access is cheap and universal, why should a taxpayer funded institution have any obligation to incur extra expense to achieve "freedom"? Why not let the individuals who value freedom buy and use the services that meet their goals, and let the taxpayer funded institutions buy the services that meet the goals of the funding (taxpayer / university) community?
Mathematically impossible requirements are technically not against policy.
Ever since Mario Savio and the Free Speech Movement invented the American Campus Protest in the mid-60s, universities have been displaying their hypocrisy in the battle of expression and curiosity vs. presentation and mind-control.
But they're in a bind. They've taken enormous money from ten thousand loudmouthed societal newbies, and see it as an expensive proposition to have to compete with them for public-relations on a level playing field. They don't want to have to present the counterargument to every argument the kiddies devise. So they resort to the muzzle. And then justify it in strange, hypocritical ways that make you wonder if they missed the last 250 years of the history of political freedom.
Mario got that. He worked via enlightened negotiation. The protest culture that followed didn't get it. They just saw the struggle as a big party and wanted it to continue. Bitching is fun. Solving society's problems is work. Divisiveness is self-empowering. Not everyone takes the time to respect your rights. Four dead in O-hi-o.
The moral: Emotional acts, fameseeking, and pavlovian drives are barriers to progress in conflict resolution.
--Blair
Never assume you have privacy, especially when you KNOW you aren't in complete control over that privacy. If there's more than one key to your house/dormroom, assume that key can be used.
That analogy can only go so far. The thing you have to remember with Internet access is that the potential for abuse is so great.
How can you abuse the post office? Get a lot of mail? Since all mail delivered is paid for through postage, receiving more mail just means more business for them.
How can you abuse the Library (assuming you don't just destroy books or not return them, which are against "the rules" anyway)? One person can only read so many books. You really would have to go out of your way to abuse a library so that it's noticeable to a large percentage of the libary's users.
How can you abuse a computer network?
In short, networking technology is just ripe for abuse, and having been an administrator at an ISP, I know that there is always that 1% of the people out there who will greedily waste 90% of everyone's shared resources without even being embarrassed.
Because of that high abuse potential, network administrators need policies that allow them take action when there's a problem. I admit that it's not an ideal situation, but for now it's a compromise position that a lot of us who are just innocently going about our business are willing to deal with.
One solution might be to make up and enforce heavy-handed rules for every aspect of Internet use. Set things up so that all of the machines on campus have very small individual pipes to the backbone. Heavily restrict server space, mailbox size, and firewall the hell out of everything. Lock up the whole network nice and tight... but that sucks too.
Face it, it's not an easy problem to solve. Shaking our fists in the air at network administrators who are just trying to maintain a stable network that is available for all of their users is unfair and counterproductive.
It would be nice if eventually the technology automatically prevented some chances for abuse. It'd be nice if our culture embraced a system of ethics that would make such safeguards unnecessary.
Instead of just carping at authority in a typically
Why are you letting these clowns ruin our country?
If you are living in a home that no one but your family has access to, you have a reasonable expectation of privacy. That's different.
Think about this ... when you live at a college, think of all of the people who have access to your dorm, mail, etc. The number is staggering.
Can a university filter or block incoming http requests through a proxy and record outgoing responses? If they can, which universities do and which don't? Can a university come in my room and say "we have reason to believe you are breaking the law" and take my box and look in it and do what they want with it? In a more general sense, can they seize my property while I'm on campus? Which schools do this? Thanks, Travis forkspoon@hotmail.com
I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:
- There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.
- It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.
- Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.
- There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.
In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?--
Forward, retransmit, or republish anything I say here. Just don't misquote me.
To start, you might try not talking like your opinion is the fundemental revealed truth and those who disagree with you just don't "understand". That seems to turn a lot of people off. You might be better off asking
"What is the best/most effective argument to win over non-techie or other disagreeing types to my point of view that the computer/internet is just another form of media and should be treated just like we would books/video/magazines?"
If the additude in your question spills over to your conversations with those you don't agree with (techie or non) you are unlikely to win converts no matter what arguments you use.
Kahuna Burger
...will work for Chick tracts...
It all depends on how your "leasing" arrangement works. You might want to look at it.
I know that at my school, The University of Alabama in Huntsville, the state is the lessor and the student is the lessee. In that arrangement, all the lessor has to do is perform routine health inspections--which my current apartment complex can do, too, if they feel the need.
At UAH's dorms, folks can do lots of what they want with their connection, but running servers usually gets you pzapped, because our bandwidth really is in short supply. UAH also kadinked Napster for the same reason [officially]. I do know I saw the effect of Napster on our network personally, because my computer in the SGA Office would slow to a crawl, connection-wise, when all the students got out of classes and fired their downloads back up.
But back to my original comment, your privacy questions mainly have to do with the way your leasing/rental arrangement works. If you're signing a lease, read the lease. If you're paying a fee [and there can be a difference], there's a big difference. Varies from school to school and lease to lease, just like the rest of the world.
--
-- Geof F. Morris
That applies to your employer just as much as to your university.
I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.
When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.
Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.
How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?
First of all, a student is a customer, not an employee, so the school doesn't have any of the rights of an employer.
In a dorm situation, landlord-tenant law applies, and states restrict the power of landlords. For example, in most states you have the right to "quiet enjoyment" of the leased premises. This varies widely by state, though.
Confiscation of anything without a court order is theft and should be reported as such to the local police and district attorney.
Whether a school that offers network access in dorms is subject to regulation as a regulated common carrier has been litigated at Stanford. Stanford won. It was a big deal, too; Stanford operates a full-blown telco (voice, data, cable TV, videoconferencing, DSL, and cellular), charges for everything, and requires on-campus residents to use their services, including ordinary phone service. Students don't even get to choose a long distance carrier.
Why does all this surprise anyone? The avarage college campus of 2001 is probably the LEAST free place to be in the USA.
With PC "speech codes" to some wacko colleges even outlawing ALL male pronouns, things have gotten very stupid.
Professors who dare teach Western literature and history have had their courses cut out or else controlled... Feminist professors get to exclude men from here classes and NOT end up getting fired (what would happen in reverse?).
Should anyone be surprised, that in this atmosphere of TOTAL lack of free speech, or free thought, or ANY freedom to challenge the "truths" of the establishment (left wing) that personal privace is any concern?
In all honesty, these days, if you are going to be anything but a teacher, doctor, or lawyer, avoid college like the plague. Lack of a college degree really won't hinder you at all if you have IT skills and experience. Saving yourself 4 years of falling behind in the job market, and a LOT of money will put you ahead.
If I were a consipracy theroist, I'd almost say that the horrid US educational system, from K-college serves the establishment ruling class (government) by producing ignorant mis-informed robots who do what they are told and don't question authority... Though we haven't QUITE declined to the point where this is reality yet, we are headed there.
=== The price of freedom is eternal vigilance
It solidly tests out at 8-9 megabits on any test site that goes fast enough.
Now, she pays $550 a month for rent, but has a connection that would cost well more than that. I am not talking in DSL prices, we are talking a connection equivalent to a fractional T3 which would cost approx $2000/month.
In exchange she agrees to not run a server, or abuse the bandwidth, and I have read the AUP on it and it does say they will monitor e-mail. Is this a fair price to pay?
Also the bandwidth that college students enjoy would be expensive for them outside of academia.
I'd probably leave computer seizure to the police.
A valid reason to read an email message is to see why you just sent out ten million copies of it through the campus mail server.
The point I was making is that there are two sides to this. Casually dismissing the rights of some users is just as bad as casually dismissing the rights of administrators or casually dismissing the rights of other users who want nothing more than a stable network with moderate access to bandwidth and don't appreciate your "right" to decimate services while protecting your own assumptions of privacy.
I've been a network administrator before. I know that it's not easy meeting the needs of your users, especially when one or two out of thousands are determined to fuck everything up.
Give administrators the authority to take action to preserve the network for the significant majority. Hold network administrators accountable when they abuse their authority to play politics and advance their own selfish agendas. Hold users accountable who abuse their access privileges.
Above all, avoid kneejerk reactions based solely on one narrow point of view when deciding large policy issues that affect a lot of people.
Why are you letting these clowns ruin our country?
This ia a little piece of history dealing with CCSO and UIUC dorm room servers.
Back in the stone ages, sometime in the 1993 or 1994 time frame, there was isr1022.urh.uiuc.edu. CCSO had ceased to carry the alt.binaries.* newsgroups, so one enterprising student with a 486 and 1.8 Gigs of hard drive space paid for an off-campus newsgroup feed and mirrored those groups. To make his and other's lives easier, he even used AUB to decode the newsgroups and made the resultant binaries available via FTP and HTTP.
Mind you, as a responsible network citizen, he limited access to the uiuc.edu domain. Still, at one point, he was doing 5 Gigs of traffic a day. The machine ran Slackware Linux and had the world's cheapest NE2000 10BaseT ethernet card ever. Even so, it rocked, and had pretty awesome response times. (BTW, 1.8 Gigs of HD space cost something like $800 back in those days)
I've heard that CCSO used to make up these pie charts that showed bandwidth by subnet. However, there was one slice of the pie that was notable, because instead of a subnet, it was a single machine: isr1022.
The other notable thing was that CCSO had refused to carry those newsgroups because of the "drain on resources". However, a crappy little 486 (albeit with a big ass hard drive) was able to handle resultant traffic with relative ease, so even back then, linux kicked ass.
In any case, I suspect that this machine got CCSO and URH thinking about what would happen when everybody had the ability to set up a server like this, and that today's 500M cap is a result of that thinking.