Death To All Fanatics!

0 notes

I’m calling ‘em “Southwest Stuffed Shells.” #cooking #experimentation The pasta could have cooked a minute longer, but the stuffing is very flavourful.

I’m calling ‘em “Southwest Stuffed Shells.” #cooking #experimentation The pasta could have cooked a minute longer, but the stuffing is very flavourful.

Filed under cooking experimentation

0 notes

(Un)Acceptable (Ab)Use: Questionable changes to NIU’s IT policy

image

(Screengrab from Reddit user darkf)

For reasons laid out below, I find NIU’s changes to its Information Technology policy governing acceptable use of university computer systems and networks “laughably unconstitutional” (Northern Illinois U. Blocks Access to ‘Unethical’ Websites, The Fire, August 20, 2014).

I was alerted to the alarming changes to my alma mater’s IT policy by a Jezebel article (Northern Illinois University Bans Social Media, Happiness for Students), which linked the initial BetaBeat commentary and led back to the Reddit post that brought this policy into the light of the internet.

I wrote a letter of my concerns and emailed it to pertinent university administrators and student advocates. That letter, the response I received from Brett Coryell, Vice President and Chief Information Officer (head of the Division of Information Technology), and my response to his email are below. If you are so inclined to share your concerns with the NIU community, I have included the email addresses of recipients (all of which are publicly available via the NIU Directory).

Original email:

TO:

  • Northern Star Editorial Board (editor@northernstar.info; Editor-in-Chief Kelly Bauer, kbauer2@niu.edu; City Editor Jenni Haish, jhaish1@niu.edu; Day Editor Anthony Szudarksi, aszudarsk@niu.edu; Scene Editor Kevin Bartlett kbartelt1@niu.edu; Perspective Editor Danny Cozzi, dcozzi1@niu.edu; Advisor Shelley Hendricks, shendricks@niu.edu)
  • NIU Student Association President Joe Frascello (jfrascello1@niu.edu)
  • NIU Student Association Vice President Raquel Chavez (rchavez2@niu.edu)
  • NIU Student Trustee Paul Julion (pjulion2@niu.edu)
  • NIU Vice President and Chief Information Officer Brett Coryell (bcoryell@niu.edu)
  • NIU Division of Information Technology (its_web@niu.edu)
  • NIU President Doug Baker (president@niu.edu)

Dear Huskies:

It came to my attention today that NIU’s Division of Information Technology has changed its Acceptable Use policy. As a proud alumna, this would not normally raise my hackles or even be on my radar, but I cringe at drop in prestige suffered by my beloved alma mater having been called out on the main page of a sensational “news” website. Mostly though, I began to seethe over the substance of those changes that demonstrates sloppy drafting at best, or an illegal over-reach of authority at worst.

The policy as written lists advertising, sales, political speech, and social media interaction (under certain circumstances) as “unacceptable uses.” It also prohibits  “excessive” use, “’broadcasting’ inappropriate” messages, “intimidat[ion],” accessing “obscene” materials, and “misrepresenting” one’s identity, but fails to define any of these terms. Instead, such determinations are left up to the unfettered discretion of “NIU’s evaluation.”

A broad interpretation of the policy as written grants the university the power to prohibit students from selling their textbooks, participating in elections, hosting a podcast, posting anonymously in forums, or writing a strongly-worded letter to a thin-skinned university administrator, and could be used to stop employees from exchanging information via listserv or mass email about employment and labor laws (e.g., minimum wage, overtime, family leave, union organizing). 

University spokesperson Paul Palian tries to explain away some of the troubling bullet points as merely “ethics provisions” applicable only to university employees, which is not entirely inaccurate, though it misses the essence of such provisions being confusingly vague. But on that note, the State Officials and Employees Ethics Act is applicable to NIU employees because public university employees are, by extension, employees of the state, who generally subject to uphold and protect rights guaranteed by the U.S. Constitution.

Most of the activities noted above would likely be protected by the First Amendment. To prevent us from having to ask why any user should trust the Division of Information Technology to narrowly interpret this policy during “routine monitoring,” vague and overbroad restrictions on free speech and unchecked enforcement powers are categorically deemed unlawful by the U.S. Supreme Court. Moreover, such restraint on the free flow of information, ideas, and communication is something you would expect of third-world dictator, not of an honorable American institution of groundbreaking research and higher education.

I fully support the need to protect university assets and network security, but this is not really a security issue. Lest there be any confusion, the filters are not the problem; the policy language that governs the application of those filters is. If “NIU is wholly committed to allowing free and open access to information” as NIU Vice President and Chief Information Officer Brett Coryell said, or to its educational mission and public service, the Acceptable Use policy must be rewritten to reflect those commitments.  

Best regards,

Brooke R. Robinson
Alumna
B.A. Political Science, ‘03
brookerobinson.law@gmail.com

Brett Coryell’s response, NIU VP and Chief Information Officer (no edits made):

Ms. Robinson,

Thank you for including me in your letter to the editor.  This gives me a

chance to correct some of the misunderstanding that has arisen from

inaccurate information put forward by the original poster, a student going

by the name Œdarkf.¹

You and I are on common ground when we say the acceptable use policy needs

to be rewritten because it does not adequately distinguish between

employee restrictions and student use.

Revising the acceptable use policy is on a long list of activities the

university needs to complete in order to catch up to standard practices in

the field of IT security.  It is not, however, at the top of the list.  I

expect to revisit this and many other policies over the next 12 months.

To suggest that the use of a firewall is akin to a third world

dictatorship is to fundamentally overstate the case.  The firewalls

watching our Internet traffic are currently blocking attacks from external

sites at the rate of about 1000 per hour.  The traffic from our own users

trying to get to sites on the Internet that are known to be malicious ‹

traffic that almost universally comes from infected machines ‹ is being

blocked at more than twice that rate. When we take out items that

represent traffic from infected computers, fewer than 1000 connection

attempts have been blocked due to illegality.  That¹s 1000 out of more

than 100,000,000 Internet sessions in the last two weeks.  This is

certainly not wholesale censorship.

We need these firewalls to block infections and prevent attacks that are

happening right now.  I would ask that you trust the my division and the

university as a whole because this policy has been in force for years.  We

need not fear overly broad interpretation and unchecked enforcement powers

for three reasons:  (1) The full attention of the security team in my

division is squarely on learning to tune and operate the firewall to

prevent malicious cyberattacks and will be for the foreseeable future; (2)

there is a lengthy history of trustworthy enforcement of this policy; and

(3) similar policies and similar security infrastructure is very common

throughout higher education and indeed in for-profit enterprises

throughout the world.

I would not be able to comment on the legality of the State of Illinois¹

ethics act or whether it is an abrogation of First Amendment rights.  I

can say that a quick Google search suggests to me that the law is

consistent with the ethics training I went through a few months ago as a

new employee.  ILCS 430/5-15(a) states,

³State employees shall not intentionally perform prohibited political

activity during any compensated time (other than vacation, personal, or

compensatory time off).  State employees shall not intentionally

misappropriate any State property or resources by engaging in any

prohibited political activity for the benefit of any campaign for elective

office or any political organization.²

To me this suggests that there are real and mandatory restrictions on the

ways that employees are allowed to use State equipment like computers and

networks.  Even so, in the case of political activity, excessive use of

social media, and other elements of the policy the firewall is not being

used to block any of these state-restricted sites.

Vigilance against tyranny is the duty of the citizenry but I would

respectfully submit to you that we have no evidence for a pattern of abuse

by the university or its IT staff.  Our only interest is to use technology

to inspect the wrongful attacks that are continually launched against

NIU¹s data and people or to prevent illegal activity or to prevent people

from unknowingly communicating with sites that the IT industry as a whole

has identified as malicious.

I would be more than happy to answer any other questions, to include you

in the eventual review and rewrite of the AUP, or take any suggestions you

might have for improvements in the way we try to protect the campus.

Thank you for your kind attention to this lengthy email.

Brett

My subsequent response:

Thank you for your response, Mr. Coryell. I do appreciate your attention to this issue, and I’m encouraged that we agree the policy should be rewritten.

But to further clarify the problem, I must reiterate that I do not think firewalls and content filters are the true problem. We agree that it’s important for the university to make efforts to come into compliance with best practices for network and data security. And, I fully understand the ethical restrictions placed on university employees under the SOEE — I once was also an employee of the state of Illinois subject to the same ethics training to which you refer. The firewall is not the third-world dictatorship in my metaphor; the grant of powers under the university policy as-written is.

A professor who sends out a mass-email to his POLS150 students encouraging them generally to participate in local, state, or federal elections probably would not run afoul of the SOEE, but could conceivably be in violation of the university’s policy (subject only to “NIU’s evaluation”). Similarly, a student who uses the NIU network to create and upload a podcast encouraging others to vote for a particular candidate in that election could be considered in violation of the university’s policy. The policy itself is that broad. And, to my knowledge, you are correct; there is no history of abuses by the university in enforcement of its policies, but the past is no reason to forgo present or future vigilance. Nor is it any reason to delay quashing the censorship power the university has reserved for itself.

I appreciate your invitation to be part of the solution, and I would gladly serve my alma mater in any way within my capacity. I understand you have a Computing Services Advisory Committee that includes a student representative, a staff representative, and representatives from each college. I have CC’d the known members of that committee on this email. With respect that changes to the AUP are not high on your priority list in light of the pressing security needs, my first suggestion would be that you task your committee with examining the current policy and making recommendations for revisions.

News of this policy has now proliferated across mainstream media, blogs, and social networks. Such attention rightly or wrongly calls into question NIU’s commitment to fostering critical thought and the free exchange of ideas, and it casts a cloud over all Huskies. I do urge, and will continue to urge, the university to address the concerns raised, and I again thank you for your thoughtful consideration.

All the best,

Brooke

For those interested, the appointed 2014-2015 Computing Facilities Advisory Committee members and their NIU Directory email addresses are:

  • Chief Information Officer Brett Coryell
  • Vice President for Operations and Community Relations designee Celeste Latham (clatham@niu.edu)
  • Vice President for University Advancement designee Tim Webster (twebster@niu.edu)
  • Vice President for Student Affairs and Enrollment Management designee Brian Lance (blance@niu.edu)
  • Council of Deans representative Promod Vohra (pvohra@niu.edu)
  • College of Business representative Brian Mackie (bmackie@niu.edu)
  • College of Education representative Cindy York (cindy.york@niu.edu)
  • College of Engineering and Engineering Technology representative Shun Takai (stakai@niu.edu)
  • College of Law representative David Gaebler (dgaebler@niu.edu)
  • College of Liberal Arts and Sciences representative Thomas Pingel (tpingel@niu.edu)
  • College of Visual and Performing Arts representative Paul Bauer (paulbauer@niu.edu)
  • University Libraries representative TJ Lusher (tlusher@niu.edu)
  • Supportive Professional Staff representative Jan Gerenstein (jstein@niu.edu)
  • Operating Staff representative Rahul Thatte (rthatte@niu.edu)
  • Ex. Secretary of University Council or designee William Pitney (wpitney@niu.edu)
  • Student representative Jevonte Marshall, SA Director of Information Technology (jmarshall1@niu.edu)

There are two open seats on the committee — Executive Vice President and Provost or designee, and a representative from the College of Health and Human Sciences.

Filed under niu IT internet freespeech networksecurity