Slashdot Mirror
University Professor Chastised For Using Tor
Irongeek_ADC writes with a first-person account from the The Chronicle of Higher Education by a university professor who was asked to stop using Tor. University IT and campus security staffers came knocking on Paul Cesarini's door asking why he was using the anonymizing network. They requested that he stop and also that he not teach his students about it. The visitors said it was likely against university policy (a policy they probably were not aware that Cesarini had helped to draft). The professor seems genuinely to appreciate the problems that a campus IT department faces; but in the end he took a stand for academic freedom.
Good to see some university professors still have integrity.
How we know is more important than what we know.
Could they not be bothered with actually checking the policy since they were there to enforce it?
--"The other men were not familiar, but a quick glance at their cards told me they were detectives on our campus police force."
_Detectives_ of the campus police force. What's next? Agents of the Campus Intelligence Agency?
the Department of Campus Security?
This is really ridiculous.
I think the issue was not with his use of it but being told that he couldn't talk about it in his classes.
How does Tor enable those things, and how would more people using Tor make those things worse than they already are?
According to the article, he's in Bowling Green State University, which is in Ohio. So DHS will be on this case in no time.
Asking the professor not to use Tor on the university-owned network is reasonable.
Attempting to censure what he can say to his students is clearly not reasonable.
FYI (from TFA): "My reason for downloading and installing the Tor plug-in was actually simple: I'd read about it for some time, was planning to discuss it in two courses I teach, and figured I should have some experience using it before I described it to my students. The courses in question both deal with controlling technology, diffusing it throughout society, and freedom and censorship online. When I cover online censorship in countries with no free press, I focus on how those countries rely on hardware, software, and phalanxes of people to make sure citizens can reach only government-approved media. Crackdowns on independent journalists, bloggers, and related dissidents all too often result in their being beaten, incarcerated, or worse. Technologies like Tor represent a beacon of freedom to people in those countries, and I would be doing my students a disservice if I didn't mention it."
No, it's not his network, and they aren't his rules, even if he did "co-chair the comittee to decide what color to keep the folder that the proposed amendments to the original proposal were in and they kept it grey".
Good for him, he had a reasonable chat with the detectives and they dropped it. I just cant stand the rhetoric about "rights" and "academic freedoms".
If the police visited him at home, because of his use of tor on his own connection that he paid for - then you got a story. But this guys a guest on someone elses network.
If I let you connect to my AP, then I reserve every right to tell you I don't want you using tor, or kazaa, or bittorrent, or playing WoW, or what the hell ever.
As for police telling him what to teach? He just threw that in there for drama and FUD. Since when the fuck do campus police go around telling professors what they can and cant teach? I don't believe that part of the story is even true. I don't believe the police asked him not to teach his students about it.
I hate empty rhetoric, I hate embellishments, I hate academic dishonesty, and I especially hate it from professors. It made my time at university infuriating. I was there to study math and computers, and instead, I'm constantly bombarded with lefty bullshit propoganda (not that I'd prefer righty bullshit - I just wanted to learn calculus, chemistry, comp sci, and other subjects that deal in facts)
So whatever, this guy talked himself out of trouble. Big whoop. He can get off the fucking cross now, all that happened was a cop came to talk to him about some suspicious behaviour he was engaged in.
Once I was hanging around at night, waiting for a buddy, and a cop stopped to talk to me to ask what I was doing. STOP THE PRESSES MY STORY MUST BE TOLD.
I don't need no instructions to know how to rock!!!!
If using the service was against university policy, they very well could have Tor him a new one.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
What is it about university IT departments that attracts such incompetent people?
Hint: If you're pouncing on people as often as a small frisky dog does, you're the problem.
http://outcampaign.org/
What are you talking about?
The use of tor on "someone else's network" is implicit, because you are connecting to someone on the other side of the network as a whole.
You say you use tor at home, but that's not "your" network either. I think your ISP would say that you are connecting to *their* network. I think the Hosting Provider of the web server you're connecting to would say it is *their* network. I think AT&T, (or whoever owns the backbone your data is traveling across) would say it is *their* network too.
If any of these network owners told you to stop using tor at home, what would you say to that? I'm guessing it would be pretty close to what this professor said to the IT goons trying to intimidate him into stopping.
The only time it's "your" network is when you have two of your own computers on your own LAN, and a tor router between them.
I attended said university, I know Paul very well. I still run into him in town occasionally, and I will be sure to shake his hand for this.
I could say a lot of BAD things about *university* ITS, but I'd probably get me in far more trouble than it is worth to say them out loud. I am not there anymore, they don't effect me. I will just be happy that Paul is still the fine individual I have always looked up to.
--Nuintari
slashdot : where an opinion can be wrong.
Common sense would dictate that the detectives, doing their jobs and trying to investigate an online scam, ask the professor some questions to determine if he was involved. But instead they asked him to stop doing something legal, tried to get him to NOT share something with his students, and used some vague provisions of an IT policy to back it up. This is a direct attack on academic freedom - 'Thou shalt not tell your students about this' and even worse, telling him not to use Tor himself - obviously because they couldn't track what he was doing.
Overblown? Hardly - we are losing our rights bit by bit by bit and people who think something like this is 'overblown' are part of the reason. By the time you all realize you've lost most of your rights it'll be too late.
Top Most Bizarre/Disturbing Error Messages
If he had only used Log Deleter 5.0, there would have been no record of his router hopping.
Proud member of the American Non Sequitur Society. We might not make much sense, but boy do we love pizza!
He likely has several students in his class from countries, such as China, that have such censorship. If he can reach out to a few of these and give them the tools to combat that censorship, then he will have helped them make a difference when they return to China, if they are so inclined.
Ben Hocking
Need a professional organizer?
No they don't. Its a public university.
Do you think they have the right to say "Whites Only" or "No visiting Republican Websites"?
Now, that is not to say that the University is not allowed to draft up a reasonable set of rules. Perhaps it could even be argued that the right to anonymous communications and encryption fall under the 1st amendment, but thats not really my point here.
Lord High Crapflooder The Right Honourable Vlad Craig Esther McDavenpherson III
Destroyer of Mercatur.Net
From TFA: "Someone looking up potentially sensitive information might prefer to use [Tor] -- like a person who is worried about potential exposure to a sexually transmitted disease and shares a computer with roommates."
So, sharing a computer with roommates might give you an STD and Tor will protect you from it? Hmmm...
Oil, farming, auto (roads), space (NASA), rail (AMTRAK), the defense industry, telecom, utilities,
What if I replace the word TOR with the word "internet". Do you see why your post doesn't make sense?
Bit torrent gets throttled because it is a bandwidth hog, not because its often used for copyright infringement. If that was the issue, it would be blocked totally in the places where it is throttled instead.
What exactly is your point? Shit gets abused all the time.
Lord High Crapflooder The Right Honourable Vlad Craig Esther McDavenpherson III
Destroyer of Mercatur.Net
Its possible that I'm simply missing the point, but if Tor is so effective then how exactly did a university IT guy and two campus cops find out it was in use and trace it so easily to the professor in question? Isn't anonymity the whole point?
Of course, anonymous Web surfing can be used to conceal fraud and other forms of electronic malfeasance. That was why the police had come to see me. Sure, that logic is like saying, "Of course, steak knives can be used to commit murderous crimes. That was why the police had began questioning all of the patrons at a local Outback Steakhouse..."
Tor keeps you from being detected by the remote end of a connection. Nobody said you can't be detected as a Tor user on the local network itself.
Lord High Crapflooder The Right Honourable Vlad Craig Esther McDavenpherson III
Destroyer of Mercatur.Net
WTF is Tor?
It's where the virus Megabyte lived with his army of viral binomes and henchmen Hack and Slash while plotting to take over Mainframe and the Supercomputer.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
He doesn't mind sharing the costs for essential services with his peers in good faith. The jobless waifs he's referring to are benefiting from those services in bad faith: they have no intention of bearing any of the burden. Not all of the jobless are waifs of course, but he wasn't talking about them either.
Can you be Even More Awesome?!
I was a university IT director a few years ago. The university told me outright when they hired me that they expected to pay me 25% less than an identical job would pay in industry, because they're a not-for-profit organization, and that I should desire to accept this because of the benefits of working in an academic environment (which they listed as long term job security and minimum of four weeks of vacation per year). Okay, fine. They weren't happy when I came back with documentation showing that my industry value was about twice what they thought, but they coughed up the 75% of my industry value that they said they would.
Then when I wanted to hire anyone, however, they dictated to me what I could offer, and refused to accept any input regarding what industry norms were. So, when I needed a DBA (and frankly needed a really good one), they told me I should get someone Oracle certified, and that I should pay no more than $50k. Skilled, experienced, product certified DBAs, as you may know, tended to go for over twice that (usually more like three times that) a few years back in Boston, and our database wasn't Oracle anyway. I ended up hiring a junior-level person (when I really needed a senior level person) because that was the best I could get for the money they were offering (in fact the only applicant we had received who had any experience with the database products we actually used), and told HR they could forget about certification. Their response was to complain a lot that I hadn't hired a good enough person, despite that they hadn't actually asked me (his manager) about his performance, and he was actually doing unusually well for someone of his level. They also nagged me extensively to replace him with a woman who had applied who was oracle certified (which was still useless because we still didn't have oracle), but didn't actually speak English. (Presumably that's why she was willing to take the lousy pay rate.)
10 months after I was hired the university outsourced my job, proving that their claim of long term job security was a lie in the first place. (I hear they had to hire three consultants to replace me, each one at a cost of two to three times my salary.)
I've seen this pattern repeatedly in university IT groups; they won't pay what it really costs to get someone who can really do the job, but they insist on unreasonable qualifications given the pay level they're offering, so instead of either shelling out what it costs to get what they want or accepting the best qualified person who would normally be in the pay range they're offering, they instead hire the loser who is willing to both take the low pay rate AND inflate their qualifications (either by exaggeration or outright lies) to meet the university's unreasonable demands. So, when they most need a skilled, experienced person, they're most likely to get a lying fraud who can't get the job done and will give everyone else a hard time to try to make it look like nothing is their fault.
Actually, he says "could be a huge headache for network-security administrators" and "could approach technological anarchy". Notice the use of the work "could" as opposed to the more definite "will".
Furthermore, just because something "could be a huge headache" for IT doesn't, necessarily, mean it isn't, still, part of their job responsibilities. Giving students/faculty at a university access to the Internet in the first place will, inevitably, produce headaches for IT. That said, it's also the only reason they have a job. It would be just as absurd for the IT department to attempt to strong-arm all the students/faculty into not using the Internet at all as a method of decreasing the IT workload.
The fact is, there are ways to deal with it in the event it ever, actually, became a problem such as announcing a ban on the software for student PCs and banning systems from the network as soon as Tor use is detected. It's not difficult to do and means that Tor would only cause the network to dissolve into "technological anarchy" if the IT people sat around and did nothing. If they were even more reasonable and even handed about it, they could ban or traffic shape Tor users that were found to be using an obscene amount of bandwidth (most likely to have had their system injected). This, probably, wouldn't even require a re-write of their network use policies.
"He has the RIGHT to use it, of course, nobody else should. It's a tool only for the gifted."
While I'm assuming you meant this to be sarcastic, YES HE DOES HAVE THAT RIGHT! Its called academic freedom and was, clearly, mentioned in the article. It allows him and other professors to do their job. There are plenty of times that professors research/teach about controversial topics or topics that could cause problems if they were abused. He was teaching a class directly related to Tor and was using it as a way to become more familiar with the software. He never suggests that the general student body, or even the rest of the university employees should, necessarily, be allowed to use the software. You and I may not have the right to use Tor on out employer's networks but, then again, we aren't college professors (unless you happen to be). They represent a, very specific, special case when it comes to thing like this.
As an example, I went to school for computer science. In one of my classes, on how operating systems work, our professor explained how a programmer could, very easily, take down almost any flavor of Unix system no matter how well secured the system was (thus causing headaches for anyone else using that system at the same time as was common in our CS computer labs). This was a fundamental flaw in the design of operating systems that, for Unix systems at least, was pretty universal. He also informed us, very clearly, that we were, in no uncertain terms, banned from using this technique on any of the lab systems (which ran Sun Unix). Furthermore, he informed us that, should we decide to try, they would, very easily, find out who did it and deal with them accordingly. This was an issue directly related to the subject of the class. Knowing it meant that we, as students, could avoid it in our own future software. There is a good chance that, at least one time, my professor had to write a program like this himself (or one of his colleagues did) and test it on one of the lab systems just to prove that it did, in fact, work that way.
The story is that an IT guy and two Campus Security goons came to his door and tried to strong-arm him into not using the software or teaching about it. It's like a bad scene from a melodramatic police drama. They tried to feed him some nebulous garbage about it being against "policy" (a policy he actually helped edit and probably knows better than they do) and use it to threaten his job. The story is about a professor having his job threatened for researching a topic they don't like which flys against the very essence of acade
Rules of Conduct:
#1 - The DM is always right.
#2 - If the DM is wrong, see rule #1
I used to work for a large Midwestern University, and we blocked outgoing connections to some services, such as VPNs and some proxies. The reason we did this was during the outbreak of the virus (can't remember the name), that hammered Windows on Port 135, we blocked incoming Port 135 connections at the University border. It was hypothesized that if users VPNed to other networks, they would circumvent the port block and become a vector.
I know everyone worth their weight in IT realizes that a secure border isn't enough. We had virus protection available for free for every seat on campus, however, in a huge distributed environment (where departments and colleges were "islands" in a network ocean, with their own IT staff) we couldn't gaurantee the integrity of these machines. But we were sure going to be the ones to take the hit when their "nice kid that they liked to much to see them move on after graduation system admin" didn't bother to CHECK to see if the definitions his AD-out-the-box for dummies was pushing those defs.
We also disallowed some of these services because it became harder to effectively monitor our network. When some s5r1pt k1dd13 in CIS 201 decides that he is now a UNIX god is and is going to put "Bush Sucks - $college_name is #1, fark $rival" on whitehouse.gov to impress his pink haired, pot smoking, PETA member across the hall in the dorms who only talks to him when he removes the spyware she got trying to download off KaZaa, we look like complete dickheads when the Feds show up (or the **AA) and the best we can do is say "I don't know... what goes on in them there tubes" the suits tend to get pretty agrivated.
On the other hand, even if they are SSHing into an intermediary (which we strongly encouraged over telnet), we can at least say "Well, we had an outgoing SSH connection from 4 machines on campus at that time going to these 4 addresses, do any of those ring a bell? We happened to have authenticated WPA, so we can tell you who these folks are even if the machine name is PoPPySeeD420 and done from the student union.
Privacy is wonderful, but when the shit hits the proverbal fan, IT would like to know who is pulling shenanagins on the network. The rest of the time, 99.9999% of the time, we'd rather NOT know what you're up to, and every one of us in the office (except for that one windows fanboi MS office specialist who we used to throw beanbags at) had our open source/linux/free as in beer and freedom/crypto-privacy street cred.
Forgive my spelling from time to time. I'm often posting during short breaks.
Everyone says the free market leads to freedom. It seems to lead to people having to shut the hell up or not eat, to me. Wage slavery is still slavery. No matter that you are free to pick your master, if you can't speak your mind or do what you want with your time and resources, you are a slave.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Admins should be more concerned about Tor's Hidden Service feature. It's handy to avoid censorship and all, but it allows you to connect to hosts behind a NAT or firewall (the node keeps a circuit open). Not only that, the person using the service remotely is unrelated to the host that shows up in the logs... It's a drop-in backdoor tool. Instant access to the internal network.
"Strangers have the best candy" -Me
Here's a legit situation I can see coming up - if a faculty person was somehow using 90% of our internet bandwidth, we'd have to have a chat. Sure, it might be for their research, but that doesn't matter in that case. It's a shared resource, there's a limited (by the University) budget, and it's not an academic freedom issue. It might be convenient for one of the physics faculty to have a supercollider as well, but it's not in the University's budget. You have to partner with someone outside, or get grants, etc. Every instituation has limits and priorities.
But this? This is bizarre. The only awkward situation I can think of in some states is that state schools can fall under open records laws that require that the public can check on certain information (in some states, browser histories have come up in the past). In that case, as a state employee, they might be violating the open records law by going out of their way to hide their activity. Hell, even under a Patriot Act search, we'd have to give them whatever information we had about a user, but we're not obligated to keep information to track back every outbound internet connection - even under CALEA. We probably can't link a PAT assignment on the outside of our firewall to an inside machine for more than a couple of days, at best We just don't have the space to keep the logs.
I can't stand how the word "majority" has in recent years disappeared from our language and been replaced by the phrase " vast majority" (at least in any context that's even remotely political).
This may sound like mere linguistic pedantry, but it really isn't -- this usage both feeds, and is part of, the trend toward polarization and "extremification" (yes, afaik, I just made up that word) of political discourse. When you claim not just a majority but a vast majority, you're doing more than just adding emphasis: you're actively marginalizing the other side (by implying that they're not just a minority but a tiny, insignificant minority).
And it's self-escalating: it creates a sort of "linguistic arms race", where "everyone else does it", so people feel compelled to tack on the "vast", lest it sound like their side is only a mere "majority". But that just leads to linguistic inflation: when (almost) everyone says "vast", it loses its meaning, sending everyone scrambling to find ever-more-emphatic (and more insulting) modifiers, like "overwhelming".
It may seem to make your argument sound a bit stronger, but the constant minor insults don't help us get anywhere closer to building true consenus. After all, wouldn't the overwhelming majority prefer to see a political arena with more true communication and less poo-flinging?
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
I think he needs to add another country to his list. And find a better technology.
http://www.bgsu.edu/downloads/cio/file9602.pdf
12. Attempting to circumvent computer system or computer network security systems. Attempting to circumvent University computer system or computer network security systems, or using University computer systems or computer networks in attempting to circumvent security systems elsewhere.
and
22. Anonymous use, or use of pseudonyms on a computer system or computer network to escape responsibility. No person shall use a computer system or computer network anonymously or use pseudonyms to attempt to escape from prosecution of laws or regulations, or otherwise to escape responsibility for their actions.
Now, the first one seems like it is worded vaguely and may or may not apply in this situation, but the second one is pretty clear: as long as you are using anonymity services "to escape responsibility". Clearly, the professor was not trying to skirt the law or detection for any shady behaviour. of course, in the eyes of admins, allowing any use of such anonymizers could be dangerous to their network, and make their jobs harder.
I take most issue to the detectives' request that the professor refrain from discussing Tor in his classes. It would be academically unethical for the prof to bend to this pressure because a little pressure was put on him by the rent-a-cops. The detectives can ask the professor to do whatever they want, but dictating what he can and cannot teach in his classroom is inappropriate.
Shriver
And a thousand thousand slimy things
Lived on; and so did I.