Slashdot Mirror

← Back to Stories (view on slashdot.org)

Handling Campus AUP (non-)Violations?

Posted by Cliff on from the there-was-a-time-when-colleges-were-for-learning dept.

speby asks: "I am a CS student at Northern Illinois University and I recently compiled a working peer-to-peer file web-based file indexing system. I refused to sign their agreement that says I violated their Acceptable Use Policy because I sincerely believe I did not violate them. My system scans a large portion of my school's network hosts looking for openly accessible, anonymous Windows File Shares, and bandwidth usage is minimal. The AUP does not mention scans and I did not 'break' or 'crack' security in any way. I agreed to shut the service down for a period of time until I can figure something else out. I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service. I certainly did not see anything in their terms of service that would disallow such a system. Do these other universities that allow this kind of system care? Why can this system not exist here?" I have no problem with a student being told to shut down a homebrew service if they find it offensive, but I do have a problem with them treating said students like criminals, even when they do comply with their wishes. What should students do, when they are bullied by their colleges into signing violations that are more stringent than the situation merits?

"I was contacted by the IT department after a few weeks of its public running. I did not actively promote the system. It works in ways similar to the file search engines like the ones at Iowa State University and Georgia Technical Institute. In terms of programming, this idea is so trivial anyone could do it with the help of some simple scripting and a lightweight database."

16 of 134 comments (clear)

  1. excessive data storage or network bandwidth by mhesseltine · · Score: 5, Informative

    That's about the only thing in the AUP that I could see them having a problem with. Perhaps you want to show the ISU and GA search engines to them as an example of what's going on. Also, you might implement a bandwidth throttle. My 2 cents.

    --
    Overrated / Underrated : Moderation :: Anonymous Coward : Posting
  2. Welcome to the real world... by Otter · · Score: 5, Insightful
    Sorry, but this isn't the sort of thing admins like, and it's not the sort of thing you can get away with. Just because you have read access to something doesn't mean you ought to be using it and certainly doesn't mean you'll be looked upon favorably if you write a tool to do it on a large scale.

    I don't know enough about how much trouble you're facing or what options you have, but you've violated Acceptable use of NIU information technology resources is based on common sense, common decency, and civility applied to the networked computing environment. and probably All authorized users have the right to expect reasonable privacy with regard to all computer files and e-mail.

    More importantly...

    I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service.

    OK, now this is where you're being a dumbass. There are going to be plenty of idiots here telling you to keep sticking it to The Man. If you're smart, you'll do what Kevin Mitnick and Randal Schwartz wouldn't -- stop when you've been told to stop.

    --
    What I'm listening to now on Pandora...
    1. Re:Welcome to the real world... by rtaylor · · Score: 4, Insightful

      Unsure where you are, but if you leave your blinds open you can expect to have zero privacy. Neighbours and others are well within their right to watch and record anything you do within your home.

      If you close your blinds, you can expect privacy. This is law enforcement authorities require a warrant for microwave or infrared monitoring, but standard video cameras don't. The general public can't see what you would be doing, so under general circumstances neither than the authorities.

      Now.. If you leave your computer open with full read access, I'd say you forgot to shut the blinds and can expect the privacy that goes along with it. Reading your email at a public terminal certainly doesn't grant you rights to privacy. You've used absolutly no precautionary rights.

      Bandwidth and sales (or general broadcasting) of such material may have cases, but the fact you were allowed to read the data means you're allowed to read the data.

      In summary, don't read those all important and secret corporate financial reports on a crowded subway. Those are you have the right to read them as well, regardless of whether you consider it rude to read over anothers shoulder.

      --
      Rod Taylor
    2. Re:Welcome to the real world... by Otter · · Score: 4, Insightful
      Oh, yeah. I forgot to tell him to ignore all the people who are going to be coming up with analogies about open blinds and unlocked doors and assuring him that he's fine.

      You and MrResistor are perfect examples of the advice I'm warning him against. Of course I understand why he doesn't think he did anything wrong. And I'm not arguing the right or wrong of it, although it's not clear to me if his "web-based" system involved redistributing those files publically, which I would say is wrong. But, anyway, I'm not arguing the right or wrong of it but rather explaining to him that he's going to get in trouble for it. Life isn't a programming contest, and cleverness doesn't carry the day. He can either follow the accepted norms of behavior on his network, or he can keep courting trouble, get bounced out of school and have the consolation of knowing that you said he's in the right.

      Go look in your neighbors windows and see how your justifications go over with them.

      (*Woohoo, my 700th post!*)

      --
      What I'm listening to now on Pandora...
    3. Re:Welcome to the real world... by walt-sjc · · Score: 4, Insightful

      Possibly you are taking analogies too far. If you scanned a computer and found open services, you must get authorization from the computer OWNER. The computer itself doesn't know who the hell you are, or whether you REALLY should be there or not. It's just following it's pre-programed tasks.

      But if we want to continue this analogy, even with all it's flaws, it needs to be thought as a conversation.

      Scanner: Knock Knock.
      Computer: Hi.
      Scanner: I'm comming in.
      Computer: OK. I assume you are authorized since you wouldn't just barge in if you wern't, and I have not been instructed on who is authorized and who is not.
      Scanner: Ahh. I see you have some nice files in here.
      Computer: Yes. I have files.
      Scanner: I'm copying them.
      Computer: Whatever.

      There is no "automated system" that invites you in. You have to turn the knob and open the door, step in, and do shit. It's a standard request / response protocol. If you don't make the request, you don't get a response.

      The basic reasoning flaw or morals problem you and some other seem to have is that you have default permission to go into any computer you want regardless of the owners wishes. Most computer users don't understand security. Period. They don't even know that their computer is wide open. Most users also don't want random unknown people plowing throught their files.

      Shit man, it's the stuff they teach you in pre-school. Be nice to others, don't take their stuff, if you want to play with someone elses toys you NEED TO ASK FIRST. Oh, and that't the PERSON you ask, not the TOY.

      You can't equate web searching (like google) to file share searching. When you put something on the web, you are usually publishing for others. File shares however are frequently enabled automagically by pooly designed and configured OS's. They are RARELY setup for the INTENT of general public access.

      The "intent" is everything.

      Does this help?

  3. College by Henry+V+.009 · · Score: 4, Insightful

    You have to understand. College is Club Med for young people. You all are the customers. And what you all are buying can all be got for free at any good public library.

    Colleges make up for this by providing all sorts of 'perks' that don't have anything to do with the service they are providing. Sports facillities, money for student associations and clubs, and a fat connection as well. They charge for these by tuition. It's a lump sum, so you can't opt-out of anything.

    Since corporations are too badly mis-run to actually do real screening for ability in applicants, you need a bit of college. It's not such a bad place. Unfortunately, there are too many youngsters who are used to the authority of their parents and high school teachers. They don't understand the customer--business relationship. And college administrations take advantage of it.

    So here's the solution. Like any badly run buearacracy, the college administration will fold, give in to your demands, and bend over for you, if you give them enough grief. Don't do anything that they can kick you out for, but give them a truck-load of pain through all the official channels possible. And if you run out of official channels, make some up. Don't give up until they give you a new car and a Phd as a settlement agreement.

    If you are thinking of modding this funny--don't. It's all true.

    1. Re:College by wdr1 · · Score: 4, Insightful

      Clearly you didn't do your homework before going to whatever party school you ended up choosing.

      Don't listen to this guy. It's not the truth. Far from it. Of course, there are party schools out there. I'm not denying that. But to go to a party school and be surprised you're really not learning anything & it's basically a club med... well, let's just say perhaps it's best you didn't go to a higher caliber school after all.

      There are quite a few schools, however, that challenge you. Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow. Looking back, while some of the most valuable lessons I learned where from books, a significant portion came from reading something like the Apology with a peer group at the same time and discuss it's ideas. To work all night in group trying to write an AI simulator for the brain of ant on a beach shore.

      Yes, you can learn from books. I love books. But a lot of the books you seem to be referring to can teach you nothing more than facts. In fact, a lot of good schools don't even waste time teaching you what you can get from a book. Go read & come back is usually the attitude. Oddly enough, despite being a CS major, I never took an introduction to Lisp, C, etc course. First day of my data structures class our processor announced all our homework would be in C. He understood none of us probably knew it, this was an intro course, gave us a few books titles, and told us to get cracking. The first homework assignment, in C, was due in a week.

      When I look to hire people, I don't really care what facts they know, how well they know C, etc. You can teach a monkey C. It's a lot harder to teach people how to think, analyze, adapt, and overcome.

      Then again, maybe I'm biased. After all, my school was chosen last, at 300, in terms of party schools. ;-)

      My two cents,
      -Bill

      --
      SlashSig Karma: Excellent (mostly affected by moderatio
    2. Re:College by Twintop · · Score: 4, Funny

      Maybe if there is a Kinko's next door to the library. ^^

  4. wow. by timdorr · · Score: 5, Interesting

    I'm a student at Georgia Tech and a heavy user of Buzzsearch. We used to have a previous system in place that was actually a resnet-created invention (browse.resnet.gatech.edu). However, with the increasing quality of buzzsearch and the aging code that powered browse.res, it was shut down and now our file-sharing is a student-run affair. Perhaps the biggest reason why our college support this (and many others should as well IMO) is bandwidth usage. Namely, external bandwidth usage (aka, the stuff your school PAYS for). It doesn't cost anything for our school to have me send a file from me to my roommate, but it costs a recurring fee of an OC12 line to send something to my friend in New Hampshire. Realistically, you could EASILY come accross to your school saying that you're saving their bandwidth costs wtih such a system in place. Plus, keeping it student-run will keep down on their liabilities. Oh, and you could always "lose" some logs if there's an incident :) If I were you, I'd be fighting tooth and nail to keep that service up. You are browsing PUBLIC information. You're not exploiting some bug in an operating system. You're not spreading a virus accross campus. You're simply allowing students to find the stuff they want in a faster, less costly, and more privatized manner. Put it back up and don't stop until they pull the plug. Then bitch and moan load enough to get them to allow you back up :)

    --
    Tim Dorr
    Owner/Manger
    A Small Orange
  5. Perhaps... by PhilipChapman · · Score: 4, Interesting

    You should take a look at this line:

    Unacceptable uses include, but are not limited to, the following

    --

    ---
    Always standing, I am a tree awaiting the lightning. -Samael, Crown
  6. Don't use the word "Peer" by penguin_punk · · Score: 4, Interesting

    Hasn't any of these students learned that the word "Peer" scares the living bejoovies out of netadmins running open networks these days? Any thought (or mention) of p2p brings to mind 100% bandwidth utilization.

    Instead, call it a "Client-side SAN", or my favorite: "Internal Email Network over Windows-Induced File-Transfer-Mechanisms" (or IENWIFTM) the 'email' label gives it a freindly name.

    Oh yah, and next time you get caught doing this, have your BOFH calendar handy. (This calendar gave me "Domain Controller not responding". It would have been a perfect explanation on your windows network. Tell them your proggie was actually a DC backup that kicked in and it was notifying all the windows clients that it was up.)

    --
    HURD - Hurd's Under Research & Development
  7. College network vs College dorms... by Anonymous Coward · · Score: 5, Insightful

    Dear Slashdot,

    I am a college student.

    Several time a week, I walk into every office building and college dorm and attempt to open every door to see if the door is unlocked, and to see if something is inside. If the door is open, I walk in, take a picture, and catalog my findings in an MySQL database.

    I don't think this is unethical, but the school admins don't like this.

    I don't like being treated as a criminal. What do I do?

  8. Umm, no. by HotNeedleOfInquiry · · Score: 5, Insightful

    "I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service." Sorry pal, but not until you buy the bandwidth, the cable, the servers and the big Cisco box do you have the right. It's their network and they make the rules, even if it is make-it-up-as-you-go-along. Shut down your server, say you're sorry, get your degree, earn lots of money and buy your own network. Then you'll have the right to tell people what services they can run.

    --
    "Eve of Destruction", it's not just for old hippies anymore...
  9. Been there, done that.... by egerlach · · Score: 4, Insightful

    When my friend was in residence (I was in my own house at the time), I helped him build a system very similar to the one you're describing. Exactly the same thing happened. IST found out about it, and shut it down. The reason they gave was that it was eating up internal bandwidth. When he inquired how his search system was eating up so much bandwidth, they told him it wasn't the search that was eating up bacndwidth, but the fact that everyone started getting files from other people's Windows Shares all the time. Now these aren't smart users either. They'd play files directly form others' HD's, without getting a local copy first.

    Bottom line is, you may think you have some kind of right to do something like this, but the service is ultimately there for educational purposes. If you can convince them that you're using the search for educational purposes, you're in the clear. Otherwise, you're probably not going to get away with this one. Searching computers for random files, not related to your education, is not acceptable use, I'm sorry to say.

    --

    "Free beer tends to lead to free speech"
  10. Unfortunately, you're basically screwed by nutsack · · Score: 5, Informative

    I would just sign the agreement if I were you (although I have no idea what the punishment is going to be if you do). If your network admins aren't bright enough to see what you were doing was a non-intrusive search, you're not going to be able to sweet-talk them into believing you're not "hacking" people's computers.

    I wrote/administer the aformentioned search engine, Buzzsearch, at Georgia Tech. I've never had a problem with the network staff - I do everything I can to be a good campus netizen (blocking off campus searching, for example) and they don't acknowledge that I exist. But I'm definitely not doing this for my "ideals", or to "fuck the man", yadda yadda... I sure as hell wouldn't risk my degree for Buzzsearch - if OIT came knocking on my door I'd hand over my server in a second flat.

    You're in a bad environment with uncool admins... deal with it and give up. It's not worth possibly fucking up your education.

  11. Re:You know what I mean by Kanon · · Score: 4, Interesting

    Exactly.

    I'm work as a Unix tech at a University and I see this all the time. Rather than take what turns out to be a rather minor telling off (IE me in the office telling them what they did is bad and not to do it again) and throwing out a quick appology they'd rather stand there arguing the toss about it until the technician involved gets so fed up with them he escalates the incident higher and the student gets into real trouble. Just for being a cocky little sod.

    We had a female student here almost get kicked out of the Uni for eating in the labs. She'd do it everyday and everyday someone would catch her while doing the rounds (We don't allow eating and drinking in our labs). She always accused the techs of lying and picking on her and then would carry right on doing it. She used to line up chips on the keyboard and eat them off one by one. Our academic director even caught her once and she still said we were lying.

    After months of dancing around like this it was refered to the student discapline board and she got a final warning with the threat of being kicked out of the University.

    We don't know what would have happened next since she failed her course and left anyway. However if she'd just accepted the initial telling off from whichever technician caught her and then waited until she'd finished in the lab before eating that would have been it. End of story.

    Some people have no sense however. Tip for the story poster. Don't argue with it. Just sign the appology and forget about it. It'll be easier in the long run than getting kicked out of school.