400 likes | 495 Views
Faculty Governance and Computer Policy & Law: A Powerful Partnership. SUNY Faculty Senate Spring, 2006 Plenary Meeting Plattsburgh State College April 7, 2006 Steve Worona EDUCAUSE sworona@educause.edu. Computer Policy: Why Should You Care?. SUNY Faculty Senate
E N D
Faculty Governanceand Computer Policy & Law:A Powerful Partnership SUNY Faculty Senate Spring, 2006 Plenary Meeting Plattsburgh State College April 7, 2006 Steve Worona EDUCAUSE sworona@educause.edu
Computer Policy:Why Should You Care? SUNY Faculty Senate Spring, 2006 Plenary Meeting Plattsburgh State College April 7, 2006 Steve Worona EDUCAUSE sworona@educause.edu
Policy?We don’t need no stinking policy! • We have the law • We have the government • We have administrators • We have computer scientists • We have technology • We have our kids
Policy?We don’t need no stinking policy! • We have the law • We have the government • We have administrators • We have computer scientists • We have technology • We have our kids If you don’t make policysomeone else will
The Internet ObeysOnly One Law The Law of Unintended Consequences
Example 1: A Story from the Dawn of (Internet) Time It all started in 1995 with a simple question: What’s the best resource for filtering out adult material for K-12 students? • Net Nanny • Cyber Sitter • Surfwatch • Cyber Patrol • etc.
Policy Category 1:Content Filtering • What • Viruses • Porn • Peer-to-Peer file sharing • Gambling • Facebook • Commerce • 100’s of other categories
Policy Category 1:Content Filtering • How • Web sites visited • Web sites hosted • E-mail • Contents of local hard drive (data, software) • Where • Dorms • Administrative offices/systems • Research labs/systems • Anything connected to the network
A selection from today’s case study In an academic setting one expects that the issue of intellectual freedom, by itself, will carry the day. But Internet filtering also hinders research and thus academic excellence. In an attempt to block pornographic sites, our filtering tool is also blocking legitimate sites, including those related to art, health, and biology. It is possible that our security system vendor may misclassify a website as a phishing, a spamming, or a pornographic website. The security system provides a means to unblock a misclassified website after assessing the security threat level of the website. A WWII history site is blocked, likely because a photo of B-52 “nose art” pictures a pin-up girl. Students and faculty cannot access a Library-licensed e-resource of art images, perhaps because some artists have painted or sculpted nudes. There are many more equally indefensible examples. The offer to unblock sites, if this is requested, is both offensive and unacceptable; it is all the more irresponsible if such access must rely on the discretion of an ITS staff member. I disagree; it would be irresponsible if a blocked website was unblocked without assessing the security threat level of the website. Every member of the research and instruction community should be able to read or view whatever he or she sees fit, and no one should be forced to describe, explain, or justify his or her research and instructional needs, in order to gain access to needed material. An individual requesting a blocked website to become unblocked does not have to describe, explain, or justify their request.
Example 2:A Poll on Campaign Finance • All citizens should be able to find out who each candidate is taking money from
Example 2:A Poll on Campaign Finance • All citizens should be able to find out who each candidate is taking money from • All citizens should be able to find out what candidate you are giving money to
Example 2:A Poll on Campaign Finance • All citizens should be able to find out who each candidate is taking money from • All citizens should be able to find out what candidate you are giving money to • http://www.fec.gov
Policy Category 2:What can be said or read or done“in public”? • Political and/or sensitive information • Spotlighted by students (the student press?) • On their own computer vs the campus system? • Facebook • Visible displays of illegal behavior • Discipline? Ignore? Teaching moment? • We know where you live
Example 3:Do you want Privacyor Privacy? Sorry, you can’t have both.
“You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands • Choicepoint, Lexis-Nexis, Ameritrade, BofA, etc. • Georgetown, CMU, Berkeley, etc. • FERPA, GLB, HIPAA, etc. • Data-spill notification laws in NY, US • Security: Limiting everyone’s activity to only the things they have a right to see and do • Who is trying to access data (“Authentication”) • Whether they have the right (“Authorization”)
Another Definition of Privacy • Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously
The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960
Privacy1 vs Privacy2 • Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) • Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)
The Privacy Dilemma • We want to go through cyber-life without leaving a trail
The Privacy Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (with us?) to be known
The Privacy Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (with us?) to be known Not Much Different Than • We want everyone to know who the candidates are getting money from • But we don’t want anyone to know who we are giving money to
The Problem Will Only Get Worse Within 5 years* we will have the capability to capture, store, and searchthe totality of everyone’s daily activities.—Our limitations for doing good – or evil – with “total information awareness”will no longer be technological.They will be self-imposed.Or non-existent. *or less; it may be true already
Suggestive Examples from Today • Keyboards and screens • Google • Microsoft • Cameras • Red lights, toll booths, ATM’s, … • All public spaces (Houston) • Phone records, traffic and content • AT&T • NSA • Financial transactions • USA/Patriot
How will we use the power… • To “follow the money”? • To determine who-done-it? • To banish hit-and-runs? • To eliminate kidnapping? • To solve any crime?
Policy Category 3:Campus Issues in Privacy/Privacy • Network authentication • Especially in libraries • What about whistle-blowers, psych services, … • Activity logging • Routine • For cause • Record-keeping • For system purposes administration • As a target for civil/criminal access • Policies to ponder • Is E-mail private? • Who watches the watchers?
Another selection from today’s case study Monitoring and recording the reading/viewing habits of faculty and students violates every known code of intellectual and academic freedom. The security system employed does not monitor and record the reading/viewing habits of individuals. The security system logs the internet IP address of the workstation attempting to access a blocked website, the name of the blocked website, the classification of the blocked website, and a timestamp. Finally, since network security and bandwidth management cannot be used as excuses for content filtering, one is left with the troubling and unanswered question of why the College has chosen to monitor and record what people are reading and viewing on the Internet. (If we are worried about people’s wasting time at work, there are other ways to address this problem.) Some observers might think that we are cloaking our real purpose, content filtering, in concerns about network security and bandwidth management. This is absurd, we have never intended or acted to monitor and record what individuals are reading and viewing on the Internet.
The Dilemma in Civics 101 terms “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755)
The Dilemma in Civics 101 terms “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” – Benjamin Franklin (1755) “While the Constitution protects against invasions of individual rights, it is not a suicide pact.” – Arthur Goldberg (1963)
The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999)
The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999) How we make this tradeoff– and others like it –is what policy-making is all about
The Tradeoff Rorschach “Law enforcement is not supposed to be easy. Where it is easy, it’s called a police state.” – Jeff Schiller, in Wired (1999) How we make this tradeoff– and others like it –is what policy-making is all about And that’s whyComputer Policy should matter to you