Computer use on college campuses is a jungle, teeming with exotic viruses and slithering worms and packed with sharp-toothed predators like Kazaa, Facebook and Halo.
A director of information technology faces an impossible mission: pruning that jungle into a safe garden.
And yet, as long as students are using their school’s computer resources, officials must direct them to play fair and avoid booby traps — not exactly the message freshmen want to hear when they arrive on campus.
“They feel a sense of euphoria, ‘Look at all this bandwidth!’ And Mom and Dad aren’t there to make them turn their computers off,” says David Sisk, associate director of information technology services at Macalester College in St. Paul.
Directing information technology has never been harder, say the IT directors at Twin Cities colleges. It costs more money and requires more labor every year.
For instance, Inver Hills Community College in Inver Grove Heights has added the equivalent of one and a half positions and spent an additional $45,000 on hardware and software in the last five years, says Mark Peterson, director of academic technology and computing services.
It’ll cost 20 percent of that money to maintain the programs and software, he adds. And Inver Hills is a relatively small school: It has 5,735 students, none of whom live on campus, which extends the technology burden.
College tech watch is complex, volatile
The field is complex and volatile. As soon as one policy is pinned down, a loophole emerges. As soon as one virus is discovered, it mutates.
“We’re on this train that’s roaring ahead,” says Harry Pontiff, chief information officer at St. Paul’s Hamline University. “There’s no stopping it. You either get on or you get in the way. Trying to get on and actually guide it somewhere is a huge challenge.”
To do so, many IT directors craft an “acceptable use policy,” a list of computer guidelines with a lofty purpose but questionable force. The policies generally ban downloading of copyright-protected material, forwarding chain letters, sharing passwords and transmitting “objectionable language” and “offensive material.”
These rules apply to students using their colleges’ computer “resources” — including its wireless network — which means they apply to Facebook, personal emails, instant messages and blogs. That is, everything done online in every dorm at every hour. Even off-campus high jinks count when photographic documentation winds up on Facebook, as six Hamline football players recently learned.
The rules are even stricter at a couple of Christian colleges in the Twin Cities. At Bethel University in Arden Hills, students’ Facebook content must adhere to the school’s lifestyle covenant, which forbids the use of drugs, alcohol and tobacco, prohibits gambling and vandalism and condemns premarital sex, homosexual sex and “sexually exploitive or abusive behavior.”
Then there’s Northwestern College’s acceptable use policy, Northwestern which not only prohibits offensive material but language that is “harmful to morale,” such as an email griping about a pointless class lecture or the basketball player responsible for last night’s loss.
IT directors take one of two approaches when it comes to enforcing these policies. Most operate on a don’t-ask, don’t-tell basis, only looking into the violations that others report to them. College students are adults, these directors say. They don’t probe their personal stuff. Besides, monitoring Facebook would be a full-time job.
There is some truth to that line of reasoning. And yet, it can dilute the acceptable use policy, creating a wide disparity between what is technically prohibited and what is actually permitted.
On the other hand, enforcing the policy by monitoring the content on students’ personal computers can quickly become an invasion of privacy. Banning an activity because a small number of students abuse it also can seem excessive. For example, technicians at Northwestern in Roseville cut off all gaming consoles last spring because some students were engaging in inappropriate behavior while playing Xbox and similar games. Russ Erickson, director of operations for campus technology, lists the problematic behavior: “inappropriate character names, inappropriate chatting, derogatory language toward certain ethnic groups.”
Balancing act never easy
Forging a healthy balance between the two approaches is tricky, says Mark Peterson, director of academic technology and computing services at Inver Hills. “Security and usability are like a teeter-totter. You can make things 100 percent secure, but then they’re completely unusable. Or you can make things 100 percent usable, and then they’re not secure. You have to constantly adjust to find a balance that will allow people to be productive, yet still protect them from potential harm.”
There are many slippery factors in the equation, ranging from seemingly innocuous issues, such as students sharing their log-in passwords to dangerous issues like identity theft.
Overuse of a wireless network, which could be caused from downloading too much music, once brought down the campus networks when the Napster music service first surfaced. Now, colleges use traffic-shaping software, which slows the downloading of high-volume files that could take down the network.
Although that problem has been largely solved, others persist, making the IT director’s job increasingly challenging.
“It’s a very difficult proposition,” Erickson says, “because you’re trying to mold people’s behavior, and it’s not just their computer use, it’s technology use in general, which is the student’s relationship to the college and the community.”
A MinnPost College Tech Survey
Here’s how several college IT directors responded when we asked them to rank in order these nine campus technology issues in terms of their frequency (F) and seriousness (S).
Click on chart to enlarge
Note: Rankings were done by Harry Pontiff, Hamline chief information officer; David Sisk, Macalester associate director of information technology services; Jason DeBoer-Moran,Concordia coordinator of user services; and Russ Erickson, Northwestern director of operations for campus technology.
Quicksand in cyberspace
Regulating students’ computer use keeps IT directors on their toes. These are the most common technology traps they encounter on area college campuses:
Downloading copyrighted content
The biggest problem for most IT directors is the illegal downloading of copyrighted music and video, and they doubt the recent $222,000 damages judgment against a Brainerd woman will deter young people.
Student violations trigger take-down notices from the recording and film industries that IT directors then have to trace to the correct IP address and relay to the violator.
The process takes at least 20 minutes per notice, says Ken Hanna, director of security at the University of Minnesota.
He receives about 60 take-down notices a month, and they’re not evenly distributed: 10 or 15 will arrive on one day. It poses a “considerable burden,” Hanna says.
The University of St. Thomas receives five or six notices a month; Bethel receives four or five. But with the new school year, September proved to be a busy month at Bethel, bringing in nearly 30. Augsburg has had a couple of repeat offenders.
Even schools that block incoming peer-to-peer file sharing, such as Concordia University in St. Paul, have problems. “I know a large majority of students download music illegally,” says Adam Ave-Lallemant, student chair of Concordia’s technology appeals committee. “I feel that they are unaware of the punishment of such an act and so they continue to do it without concern.”
Three out of four emails sent to U of M accounts are spam. Other universities report similar ratios. Spam can hit longtime faculty members especially hard, because their unchanging email accounts endure years of exposure to spammers.
Area colleges employ filters to block spam, but the tricky part is deciding how tight to set the filter. IT directors say they err on the liberal side to avoid blocking legitimate emails.
The filter at Inver Hills catches and blocks tens of thousands of emails a month, says Mark Peterson, technology director. A technician spends five to 10 hours a week scanning those quarantined emails for legitimate messages, or “false positives,” that somehow tripped the filter radar, perhaps with a bad combination of subject text and email address. The technician typically finds a dozen each month. That ratio, Peterson reasons, indicates the filter is set about right.
Still, every week he is asked, “Can’t you filter more spam?” At the same time, professors periodically express concern that an important email may be delayed or prevented.
“People do dumb stuff when they think nobody’s looking — dumb, verging on the illegal,” says Hanna, the U of M’s security director. He blames students’ youthfulness and email’s sense of anonymity. Of course, sleep deprivation and alcohol consumption can induce nasty notes, too, such as threats of physical harm or repeated insults.
Students can report abuse via email. “We get some [emails] that say, ‘Tell them to stop it,’ ” says Hanna. “It’s almost, ‘Mom, my brother’s beating on me! Stop him!’ But the other end [of the spectrum] can be quite troubling.” Those cases involve the dean of students and the security department.
Cyber-bullying is a problem, agrees IT director Russ Erickson, who is currently expanding Northwestern’s policy. “In a college situation like this, there are opportunities for rifts to occur in all sorts of scenarios. Faculty versus administration. Men and women. Different races. There are lots of natural lines of division.”
The problem is cyber-bullies are sneaky, says Tony Del Vecchio, network security administrator at the University of St. Thomas in St. Paul. “They are really, really tough to track down. These people don’t tend to be that dumb. They’ll go to one of our public labs where they can use a generic log-on. We’ll try to get a time frame of when it happened, and that’s the hardest thing, because there’s so much data that might’ve rolled off our logs.”
These cases crop up more frequently at Christian colleges, which tend to have lower tolerances and stricter definitions of the inappropriate. One Northwestern faculty member wrote a blog “making statements that other people within the Christian community would find questionable” and an administrator took issue with it, Erickson recalls.
“That’s the whole academic freedom question,” Erickson says: Colleges want to grant students and staff academic freedom, yet they also want to shape their image.
Another case of inappropriate content occurred when someone reported a staff member who had posted sexually explicit content online, Erickson says.
Concordia’s acceptable-use policy states, “Understand text and graphic files available over the Internet may be considered offensive by some members of the Concordia community. As potential consumers of these materials, users are expected to exercise proper judgment and sensitivity as to how and where these materials are displayed.”
Students are encouraged to tell each other if they find material offensive, says Jason DeBoer-Moran, coordinator of user services. A couple of times a semester, students working at the computer help desk see sexually provocative images used as wallpaper and ask the owner to change them.
This usually becomes a problem at the U of M when a couple breaks up and then one person continues using the ex’s password, Hanna says. He can re-set a password at any point, and he does so just about every day.
“Laptop loss/theft is a big problem. To prepare, assume that you will lose your laptop!” cautions the U of M’s acceptable-use policy.
“Students are used to being in a more trusting environment, so they’ll leave their laptop in their backpack at a table in the library while they leave to get something to eat and when they return, they’re surprised it’s gone,” Hanna says.
He hears of 10 stolen laptops a month, which he considers a low estimate, since students don’t always report it.
DeBoer-Moran tells Concordia freshmen every fall, “You wouldn’t take your wallet and set it on a desk and walk away. We want you to view your laptop the same way.”
Faculty members require some educating, too. Two years ago, a Hamline faculty member lost a laptop that contained confidential student information, including their Social Security numbers. It was never found.
With so many students wandering through so many corners of cyberspace, it’s impossible for colleges to avoid computer viruses.
One Macalester student’s computer was the source of several viruses last year, unbeknownst to her. She said she had been “too busy” to update her virus-protection software.
“The average user doesn’t really know what’s on their computer; they have spyware and viruses and worms and everything under the sun,” says Harry Pontiff, Hamline’s CIO. That’s why he installed Cisco NAC Appliance to scan each computer that gets plugged in every fall to make sure it’s clean and up to date. If it isn’t, the computer freezes.
With libraries at their fingertips, some students find plagiarism too easy to resist. Some schools, such as Concordia, provide faculty with SafeAssign, a software that scans for plagiarism. It is widely used by graduate faculty, because many of Concordia’s graduate courses are online.
Every week, Concordia students ask DeBoer-Moran about phishing attempts, emails aimed at acquiring private information such as credit card numbers and Social Security numbers. The “ph,” some say, comes from early efforts at “password harvesting.”
“People get taken in by this Nigerian scam that takes money from them all the time,” says Hanna, head of security at the U of M. He is constantly launching campaigns to caution students about a new scam, only to find that the perpetrators alter their approach.
Ever since Windows XP Service Pack Two arrived, which put a firewall on Windows, most security threats now come from within. “It’s evolved to where the user is now the biggest risk,” Hanna says. “The user has to be very careful of what you click on and what you download.”