Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Carl Kadie About Censorship and Privacy at Colleges

Posted by michael on from the no-more-than-one-Napster-question-please dept.

We've received a lot of inquiries recently about computer policies at various colleges and universities - usually the policy goes something like: "Anything you do or say on this network is ours, we own it, we can read your email, we can delete you, too bad. All your data are belong to us." Oddly enough, these sorts of policies are in place even at schools that would never dream of snooping on students' postal mail or the books they read at the library. Carl Kadie has been EFF's longest-serving volunteer, doing work for the past ten years in the area of academic freedom and computers. He's written two book chapters on the issue and helped examine, critique and improve the usage policies at many universities. Post below any questions you have on computers and academic freedom - maybe your school has a particularly bad policy, maybe you just have a general question - and we'll pick the best ones and forward them to him for a response.

12 of 221 comments (clear)

  1. Re:Do they have these rights to with snail-mail? by Bob+McCown · · Score: 4

    The answer to this is no, because federal law prohibits them from opening your mail, but there are no laws reguarding your email. Thats the problem. Email spread has outpaced the government's ability to regulate the delivery of it....

  2. With Power comes responsibility... by Zachary+DeAquila · · Score: 5
    What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

    I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

    --Z

  3. University policy by Pacer · · Score: 5

    I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

    It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

    Pacer

  4. Linux acceptability by dwbryson · · Score: 5

    Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

    --
    - "Never let a computer tell me shit." - DelTron Zero
    1. Re:Linux acceptability by Sethb · · Score: 4

      It's also quite likely that they didn't want you to start installing Linux for a bunch of students who couldn't manage it themselves. The last thing that the typically overworked and underpaid university IT staff need are 2000 Linux newbies flooding the help line and support desks with questions about Linux on their dorm computers.

      That said, I don't think they can, or should, discourage a student group from forming. They may, however, ask you to make it clear to anyone that you give Linux to, that they're not going to receive any help from the support staff, other than being assigned an IP address...
      ---

      --
      When in danger or in doubt, run in circles, scream and shout. --Robert A. Heinlein
  5. Legal Recourse? by CU-Ballistic · · Score: 5

    I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?
    -

    --
    I'd rather have a bottle in front of me than a frontal lobotomy.
  6. Re:Do they have these rights to with snail-mail? by tewwetruggur · · Score: 4
    I actually worked in the campus post office, which, mind you, is not the same as the little "mail rooms" at the respective dorms. At the post office, the non-student employees were federal postal employees. The students are paid by the university, but are held to the rules of the USPS. The people in the mail rooms in the dorms are emploiyed by the front desk of the dorm. They are not employed through the post office.

    So what does that mean. Well, simple. No one is allowed to open you mail. It is a federal offense. There were certain "special" cases when we might open someone's mail, but only because they had requested it during holiday times, or if they wre athlete's on the road who were needing something urgent. Even that was probably breaking the rules/law, but again, it was only if requested and was something urgent. It was often loan info, looking for plane tickets for home, a check from mom and dad. And its not like we opened everything addressed to that person - they had to tell us exactly who it was coming from and what was in it.

    But as far as the university "snooping" in your snail mail - well, that'd land a few butts in prison, to say the least.

    People tend to forget that e-mail is indeed NOT the same as snail mail. But that doesn't mean that it shouldn't be.

    --
    Hi! This is the Sig, blatantly attached to the end of this comment.
  7. They made me sign to agree to follow all EULAs! by Anonymous Coward · · Score: 4
    After crashing part of the CS dept's network (due to program error), I had my account disabled and was summoned to the sysadmin's office. In addition to explaining what I did that messed things up, which we all agreed was accidental, I was asked to again sign the dept's "terms of service" form.

    Stupid me, though, decided to read it first. One line said that I agree to abide by the software licenses of all the software packages installed on the system. When I asked to see these licenses, the sysadmin got all heated and refused. I asked if they were posted somewhere or stored on-line. He said, no. When I asked how I could sign to agree to follow licenses which were refused to be presented to me, he said, "well, you have to sign or your account can't be re-enabled".

    Hmmm. Sign or be unable to do required schoolwork.

    So I signed but wrote next to my signature that staff refused to show me the SW licenses they required me to agree to above. The sysadmin grumbled, but accepted the amended TOS form.

    I heard similar tales from students at other universities and schools. WHY DO SCHOOLS DO THIS?

  8. Re:You have no reasonable expectation of Privacy . by dvdeug · · Score: 5

    What do you mean, my dorm room is not my personal residence? I live here, and pay for the privilege. Would you be so happy if your employer forced you to live in a certain apartment building, and forced you to use the LAN instead of a modem, and then told you that they could listen in on anything on that LAN?

  9. It's not a post office or a library by osgeek · · Score: 4
    Oddly enough, these sorts of policies are in place even at schools that would never dream of snooping on students' postal mail or the books they read at the library.

    That analogy can only go so far. The thing you have to remember with Internet access is that the potential for abuse is so great.

    How can you abuse the post office? Get a lot of mail? Since all mail delivered is paid for through postage, receiving more mail just means more business for them.

    How can you abuse the Library (assuming you don't just destroy books or not return them, which are against "the rules" anyway)? One person can only read so many books. You really would have to go out of your way to abuse a library so that it's noticeable to a large percentage of the libary's users.

    How can you abuse a computer network?
    • I could set up a couple of hard-core porn sites on the campus network and bring it to its knees.
    • I don't even need porn. I could decide to start mirroring Yahoo and /., or maybe CPAN and RedHat.
    • I could start spamming people with product literature for some piece of software that I've written, sending out tens of millions of pieces of email through the servers.
    • I could engage in DoS battles with others on the net.

    In short, networking technology is just ripe for abuse, and having been an administrator at an ISP, I know that there is always that 1% of the people out there who will greedily waste 90% of everyone's shared resources without even being embarrassed.

    Because of that high abuse potential, network administrators need policies that allow them take action when there's a problem. I admit that it's not an ideal situation, but for now it's a compromise position that a lot of us who are just innocently going about our business are willing to deal with.

    One solution might be to make up and enforce heavy-handed rules for every aspect of Internet use. Set things up so that all of the machines on campus have very small individual pipes to the backbone. Heavily restrict server space, mailbox size, and firewall the hell out of everything. Lock up the whole network nice and tight... but that sucks too.

    Face it, it's not an easy problem to solve. Shaking our fists in the air at network administrators who are just trying to maintain a stable network that is available for all of their users is unfair and counterproductive.

    It would be nice if eventually the technology automatically prevented some chances for abuse. It'd be nice if our culture embraced a system of ethics that would make such safeguards unnecessary.

    Instead of just carping at authority in a typically /. fashion, how about proposing ways that the systems can be improved so that these kinds of stiff measures aren't necessary. Why is there such a problem with acknowledging that there are two sides to every problem and that solutions of value can only be reached by respecting everyone's goals?
    --
    Why are you letting these clowns ruin our country?
  10. I am violating my school's policy by posting this. by SkyIce · · Score: 4
    Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:
    No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet.

    Accessing the accounts and files of others is prohibited.

    Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts.

    Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

    But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?
  11. Finding Balance? by PapaZit · · Score: 5
    Here's a shot from "the other side."

    I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

    • There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.
    • It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.
    • Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.
    • There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.
    In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?


    --

    --
    Forward, retransmit, or republish anything I say here. Just don't misquote me.