[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: Universities as Big Brother
------ Forwarded Message
From: Kobrin <KobrinS@wharton.upenn.edu>
Date: Wed, 27 Feb 2002 11:09:44 -0500
To: "Dave Farber (E-mail)" <farber@cis.upenn.edu>
Subject: Universities as Big Brother
The following may be of interest:
This article from The Chronicle of Higher Education
(http://chronicle.com)
_________________________________________________________________
_________________________________________________________________
From the issue dated March 1, 2002
Colleges Fear Anti-Terrorism Law Could Turn Them Into Big
Brother
By SCOTT CARLSON and ANDREA L. FOSTER
Opening student computer files without their permission.
Reporting on the library books checked out by a graduate
student. Collecting data on who on campus is sending e-mail to
whom. To many college technology and library officials, these
sound like invasions of privacy that are antithetical to the
traditions of academe. But these are the sorts of actions that
a new law may well permit or in some cases require. And
colleges are struggling to understand their obligations and
rights under the measure, which is only now attracting their
attention and is leaving many campus officials confused or
worried.
Called the USA Patriot Act, it gives law enforcement extra
tools and authority to track suspected terrorists. Although
the law, enacted in October, is not specifically aimed at
colleges, some administrators are finding enough in the
measure that affects them that they are now consulting lawyers
and drafting policies on how to comply.
Civil libertarians are outraged by the law, saying that it
gives the federal government sweeping powers to pry into
student records and e-mail accounts, and that it could hinder
the climate of free inquiry. But on campuses, reaction has
been more measured. Many students and faculty members seem
unaware of the law and its ramifications.
The law stretches the legal boundaries for prying into
electronic communications. For example, one provision in the
law permits agents of the Federal Bureau of Investigation,
without a judge's sanction, to intercept the communication of
a suspected network trespasser. The agents must first be
called in by Internet service providers, which could include
colleges.
Another provision that worries colleges prohibits them from
disclosing that federal agents have sought "business records"
-- which some college officials say could include library
records -- to investigate people tied to hostile foreign
governments.
Virginia E. Rezmierski, adjunct associate professor at the
Gerald R. Ford School of Public Policy and the School of
Information at the University of Michigan at Ann Arbor, says
the gag order prevents colleges from checking whether the
government has been overzealous in investigating people. "Is
this just a wide net being thrown? Is there due cause for
taking these records?"
Many college administrators say they find the law extremely
difficult to understand; it is a 132-page patchwork of
amendments to laws including the Family Educational Rights and
Privacy Act, which governs students' privacy rights; the
Foreign Intelligence Surveillance Act, which authorizes the
federal government to spy on suspected foreign agents; and the
Electronic Communications Privacy Act, which limits disclosure
of electronic communications.
Tracking Federal Inquiries
Cornell University is among the first institutions to create
specific guidelines for responding to law-enforcement requests
made under the law. The guidelines instruct employees of
Cornell's Office of Information Technologies to contact the
office's policy adviser or the office's security coordinator
if they are asked to disclose information to law-enforcement
agents. They would then consult with university lawyers on how
to proceed.
Cornell established the guidelines because college employees
are sometimes too eager to please law-enforcement agents by
quickly providing them with the information they seek, or the
employees are confused about which college higher-ups to
contact for advice, says Tracy B. Mitrano, the policy adviser
and director of the Office of Information Technologies there.
Since enactment of the Patriot Act, the university has
received one request for confidential information, which Ms.
Mitrano declines to discuss in detail. She and Polley Ann
McClure, vice president for information technologies at the
university, anticipate more.
"We expect that some of those may not be legally valid," says
Ms. McClure, who helped write Cornell's procedures. "We don't
want our staff and thus the institution to violate the privacy
of our constituents in response to an invalid request."
The computer-trespasser provision allows the Federal Bureau of
Investigation to help network operators, possibly including
colleges, find intruders on their networks only if operators
ask for FBI assistance. But some college officials fear they
could be sued if they did. Law-enforcement agents can, without
a warrant, intercept the communications of a hacker. But since
the interception would be done without a warrant, the
suspected hacker could argue that the search violated his
Fourth Amendment rights against abusive searches. And he also
could argue that the college was complicit in violating these
rights, Ms. Mitrano says.
Cooperation between the FBI and colleges also opens the door
for unsophisticated law-enforcement agents to damage a
college's computer system, or to start prying into other
communications that are unrelated to the specific
investigation, says Ms. Mitrano.
"I think it sets up a very potentially complicated
relationship between [computer] owners and operators, and law
enforcement," she says. "Circumstances could lend themselves
to law enforcement calling owners and operators and suggesting
that they have information about a computer trespasser ... and
[saying], 'Wouldn't it be helpful if we came in and took a
look?'"
Apart from the possible effects of the law, Ms. Mitrano says
the computer-trespass provision, among other sections of the
law, has no clear connection to combating terrorism, but had
long been on the Justice Department's wish list of legislative
reforms.
By and large, though, the law doesn't impose undue burdens on
colleges' networks, she says. For example, it doesn't require
them to make design changes to their computer systems. And it
provides compensation to colleges if they incur expenses to
help the FBI install Internet-surveillance tools, or if they
sustain damage in excess of $5,000 because of computer
hackers, even if the hacking has nothing to do with terrorism.
Many other colleges are still struggling to make sense of the
act, and are hesitant to make procedural changes until they
see how the government uses its new powers.
"We have to wait and see how this plays out," says Steven J.
McDonald, a lawyer for Ohio State University. He says Ohio
State has not received subpoenas for computer files since the
law took effect.
Revising the Cornell Guidelines
Virginia Commonwealth University is adapting Cornell's
guidelines. At a campus meeting in February, faculty members
and administrators tried to figure out how the law will affect
their day-to-day network operations. They discussed when
turning over data to the FBI would be required and when it
would be voluntary. They talked about training student workers
not to readily provide private records to law-enforcement
officials, and about whether reporting problems to the campus
police can substitute for contacting the FBI. They also talked
about the types of electronic data the university stores and
for how long it stores them, and about the difference between
a search warrant and a subpoena.
The distinction was explained by Clyde Laushey, the university
information-security officer, who said that if university
officials try to contest a search warrant, "They just lock you
up.''
Robert J. Mattauch, dean of the engineering school, requested
a "first line of response" should federal agents come looking
for confidential university records. He said he would help
draft a simplified checklist for university staff members to
follow in such a situation. Three university technology
administrators were designated as interim contact people for
potential FBI inquiries.
"It's going to happen," Mr. Mattauch warned his colleagues.
The University of Texas at Austin will probably analyze
federal requests for confidential information on a
"case-by-case basis," says Jeffery L. Graves, a lawyer for the
university. Meanwhile, he says, the university is beginning to
educate network administrators and others on campus about the
requirements of the act.
Despite a large number of international students on campus,
Mr. Graves says federal agents have made few requests for
computer-stored data on students. He suspects that agents are
getting the information they need about students from other
sources, like landlords, published articles, or phone
directories.
Modest Changes?
Christopher Painter, the deputy chief of the computer-crime
and intellectual-property section of the Department of
Justice, has been an active defender of the Patriot Act for
the government. Speaking before an audience of law-enforcement
officials in January, he said that the law's
Internet-surveillance provisions "are not sweeping expansions
of wiretap authority." They are modest changes, he said, "and
they don't abrogate Fourth Amendment protections."
In response to critics who say that parts of the law have
little to do with fighting terrorism, Mr. Painter, in an
interview, says: "They're trying to make too fine a
distinction between terrorist attacks and nonterrorist
attacks. You don't know what kind of [computer] attack you
have in the beginning."
But privacy scholars and advocates say that some of these
provisions endanger the climate of free inquiry on campuses.
"Universities uphold the importance of free inquiry, and we
don't want to chill that inquiry by having researchers and
students think that their every move is being tracked by the
government," says Peter P. Swire, a law professor at Ohio
State University who advised the Clinton administration on
privacy issues. "On the other hand, law enforcement worries
that universities might become a safe haven for terrorist
organizing. The traditional university tendency to allow
dissent could potentially turn into a systematic effort for
terrorists to hide their activities under the name of academic
freedom."
The attention already paid to the immigration violations of
some foreign students shows that "we can expect a greater
conflict between the tradition of academic freedom and the
law-enforcement concerns about universities as safe harbors
for terrorists," Mr. Swire says.
Parts of the law, such as those outlining computer trespassing
and foreign-intelligence surveillance, will expire in 2005
unless Congress renews them. "Universities have a homework
assignment to inspect how well these provisions apply in the
university setting, and if there are problems, then academics
and universities should point these out," says Mr. Swire.
But so far, it seems that the privacy issues related to the
Patriot Act haven't penetrated the academic community at
large. Professors often give puzzled responses when asked
about it.
Students also are little aware of the potential threats to
electronic privacy. "I would say that the majority of students
haven't looked at this and don't understand the
ramifications," says Matthew J. Murray, a sophomore at the
University of California at Berkeley who is president of the
campus chapter of the American Civil Liberties Union. He
arranged a teach-in about the law soon after it was passed,
and this spring he is organizing a student-run course covering
civil liberties and the antiterrorism legislation.
But explaining the vagaries of the law and the importance of
privacy has been difficult. Students readily understand the
dangers of ethnic profiling and of secretly detaining people.
"It's easier to get a grasp on those than on the issues
related to privacy," because the law's specifics can be
arcane, he says.
'They Are Terrified'
International students and Muslim Americans generally seem to
be more aware of the new law and its ramifications. For some
international students, however, the notion of compromised
privacy is perhaps too familiar. Omar Afzal, the adviser to
the Muslim student group at Cornell, has been counseling
students on what to do if an agent shows up to ask them
questions: Contact the international-students office or elders
in the community, and be polite and straightforward. "They are
terrified," he says. "They come from a culture where if a
policeman shows up at the door, you are being targeted to be
sent to prison for a long time."
There is less concern over breaches in privacy. Mr. Afzal told
the students that law-enforcement officials can look at
student information without their knowledge. "They don't
understand, mostly," he says. Again, "culturally, they are
coming from areas where this information is routinely [shared]
with the police."
Mr. Afzal is willing to compromise these days. "I am concerned
about civil liberties, but every society has a right to take
unusual steps in times of war."
But college librarians are having a harder time compromising.
Library policies are typically designed to protect the privacy
of their patrons, and librarians themselves have traditionally
been staunch advocates of privacy rights.
"It's not just a policy; it's an ideology, almost a religion,"
says Ross Atkinson, Cornell's deputy university librarian. He
and other librarians worry that the government will use the
law to see what patrons are reading, researching, or checking
out.
Like his institution, Mr. Atkinson's library is reviewing and
solidifying policies, making it clear to employees what to do
if a law-enforcement agent walks through the door and demands
to see patron records.
Miriam Nisbet, the legislative counsel for the American
Library Association, says that the Patriot Act now gives
law-enforcement agencies access to business records, which
could include patron records. That brings up complicated
issues in an electronic age. For example, to help protect
privacy, libraries try not to keep information; most libraries
destroy the record of, say, a book loan soon after the book is
returned.
But "computers being what they are, those records might still
be around on backup tapes," Ms. Nisbet says. "So even though
the library has a policy to erase that information as soon as
you bring the book back, that information might still be
available."
Recorded Names
Mr. Atkinson has already thought about these issues at
Cornell. His library keeps backup tapes for about 35 days,
then destroys them. The existence of the tapes is troubling
from a privacy standpoint, but absolutely vital from a
technical one, so the time period can't be shortened, he says,
adding that the tapes were a lifesaver in a recent computer
crash.
But, looking around, he sees more threats to privacy than the
tapes. The computers in the library don't require users to
identify themselves, but users at home or in a campus office
have to log in if they want to get access to the various
databases that the library subscribes to. Somehow, somewhere,
those names are probably recorded, along with the information
those people look at, Mr. Atkinson says.
He is worried that the Patriot Act pushes society toward an
Orwellian future. "All of this legislation wouldn't be in
place if they weren't going to use it," he says.
But he is pleased to see his colleagues in the library
community digging in. "The whole community is galvanized, and
I'm hearing no dissent on this. There is a very strong feeling
that we need to protect privacy more than ever."
KEY PROVISIONS OF THE PATRIOT ACT
The following are key provisions of the USA Patriot Act that
affect college technology systems. The law:
Permits federal agents to obtain stored voice mail without
wiretap authorization.
Compels Internet service providers to turn over to federal
agents who have a subpoena: subscriber's telephone connection
records, the subscriber's identity, the length of service, and
how it was paid for.
Allows federal agents to use a "trap and trace" device to
obtain dialing, routing, addressing, or signaling data sent by
wire or electronic communication.
Allows federal agents to install technological tools to
intercept and collect information from Internet traffic.
Allows Internet service providers to call in federal agents,
who do not have a search warrant, to help them intercept the
communications of a computer hacker.
Increases penalties for computer crimes, including
transmitting viruses. If the network damage exceeds $5,000,
the hacker may be sued.
SOURCE: Law firm of Hogan & Hartson
_________________________________________________________________
This article from The Chronicle is available online at this address:
http://chronicle.com/weekly/v48/i25/25a03101.htm
If you would like to have complete access to The Chronicle's Web
site, a special subscription offer can be found at:
http://chronicle.com/4free
_________________________________________________________________
You may visit The Chronicle as follows:
* via the World-Wide Web, at http://chronicle.com
* via telnet at chronicle.com
_________________________________________________________________
Copyright 2002 by The Chronicle of Higher Education
------ End of Forwarded Message
For archives see:
http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC