From comp-academic-freedom-talk-request@eff.org Thu Aug 15 03:29:34 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA13782; Thu, 15 Aug 91 03:29:31 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA21190
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Thu, 15 Aug 91 03:29:01 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA15308; Thu, 15 Aug 91 04:28:43 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA15303; Thu, 15 Aug 91 04:28:40 -0400
Date: Thu, 15 Aug 91 04:28:40 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108150828.AA15303@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Aug 15 02:50:12 EDT 1991
In this issue:
kadie@eff.org (Car : Re: Public/Private institutions
kadie@eff.org (Car : Re: Authority of Public Universities
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Date: Mon, 12 Aug 1991 14:54:34 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug12.145434.3380@eff.org>
References: <9108110456.AA10689@relay1.UU.NET>
Subject: Re: Public/Private institutions
bsc835!ehunt@uunet.uu.net writes:
[...]
>My question is this: Do these same rules and precedents apply to private
>colleges as well? I attend a Methodist affiliated private college in
>Birmingham, AL, and am beginning to become unsure of my rights as a student
>in a private institution. While we are a very small college (1850 enrollmnt)
>and I've not had any problems whatsoever in these areas, I would feel better
>if I had the knowledge that I was "covered" under the same legal umbrella
>that the public schools are under.
[...]
My understanding is that students at privacy colleges and universities
have contractual rights but not constitutional rights. To learn about
your contractual rights look for a document with a name (something
like) "Code on Campus Affairs and Handbook of Policies and
Regulations". If you are about to sign a registration agreement for
Fall, look at what you are signing; it may refer to the handbook.
These handbooks (usually) promise due process, some free expression,
and some privacy. These are not idle promises; they are legally
enforceable contractual obligations.
Computer policies that contradict these contractual obligations are,
in my opinion, morally and legally indefenseable.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Mon, 12 Aug 1991 17:34:21 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug12.173421.5645@eff.org>
Subject: Re: Authority of Public Universities
Recent notes have discussed the contractual and (for public
universities) Constitutional constraints on computer policy. You might
wonder if you, as a policy maker, can avoid the bother of
understanding these constraints by sending your proposed policy to
the University's lawyer for review.
I think the answer is no; the University's lawyer cannot be trusted
to give an authoritative answer. There are two reasons for this.
1) He or she is not familiar with the issues -- The lawyer is unlikely
to understand computers and computer media (email, newsgroups, the
Unix filesystem, etc). The case law on computers and academic freedom
is very limited [aside: let's work to keep it that way].
2) Most written computer policies are vague. A lawyer may assume the
best. Sys admins, unfamiliar with their contractual obligations to
students and staff, may practice the worst.
Consider two examples.
At the University of Illinois (my school), National Center for
Supercomputer Application (NCSA) computer policy prohibits e-mail that
"attempts to disadvantage NCSA." It also prohibits "inappropriate
information disclosures."
The University's lawyer gave this policy an OK.
But what is an "attempt[] to disadvantage NCSA" and what is an
"inappropriate information disclosure"? According to Michael Smith,
the security officer of NCSA, the phrase "attempts to disadvantage
NCSA" prohibits strong criticisms in e-mail of the NCSA and the
University. A "inappropriate information disclosure" might include the
violation of a nondisclosure agreement by someone who didn't sign such
an agreement.
This NCSA interpretation of its vague policy is inconsistent with
University policy (and the First Amendment and academic freedom). It,
thus, violates the NCSA's contractional (and constitutional and moral)
obligations to students and staff. However, because the University
lawyer didn't know (or inquire into) the NCSA's interpretation, the
policy was given a legal OK.
The second case is at Ohio State. OSU's Academic Computing Services
(ACS) policy say that users must:
[...]
> o Respect the procedures established to manage the use of the
> system.
and that:
>Those who cannot accept these standards of behavior may be denied access to
>the relevant computer systems and networks.
[...]
I don't know of the OSU lawyer has reviewed this policy. I would not
be surprised to learn that he or she had and had given it an OK.
The policy mentions no due process protection. It does not say spell
out the management procedures that must be respected by users. It
does not say who determines that a user "cannot accept these standards
of behavior". It does not say how long such a user will be "denied
access". It does not say that users may ask for a hearing or appeal a
decision.
A University lawyer would probably assume that the University's
general due process protections would be applied. While the ACS
administration would probably assume that they could continue to
practice their policy of 'if we decide that you break a rule (that we
created, and you may not even know about), we can expel you from the
computer forever. You will have no notice of your rights, no formal
hearing, and no appeal.'
If the University lawyer can't be trusted authoritatively review the
legality of a policy, what can you do? I suggest:
Everyone making policy should be familiar with the contractual (and
constitutional and moral) constraints on University policy.
Policy should be written and explicit. Don't rely on or vague
unwritten policy.
Faculty and students should participate in policy creation and application.
Don't be reactive. Hard cases make for bad policies. (Both the NCSA
and ACS policies were created immediately after the organizations
punished users for behavior that these after-the-fact policies
prohibited.)
Have the policy reviewed by both the University lawyer and the
University's Committee on Academic Freedom. You may also wish
to posted to drafts of policy this newsgroup.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
From comp-academic-freedom-talk-request@eff.org Thu Aug 15 03:38:54 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA13812; Thu, 15 Aug 91 03:38:51 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA21202
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Thu, 15 Aug 91 03:38:22 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA15332; Thu, 15 Aug 91 04:38:03 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA15325; Thu, 15 Aug 91 04:37:58 -0400
Date: Thu, 15 Aug 91 04:37:58 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108150837.AA15325@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Aug 15 02:58:17 EDT 1991
In this issue:
warnold@eff.org (W : Readership Information
kadie@eff.org (Car : Re: Computers and Academic Freedom (news version) 1.20
apctrc!zjlb48@uune : Re: Computers and Academic Freedom (news version) 1.20
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Date: Tue, 13 Aug 1991 13:10:04 GMT
From: warnold@eff.org (William W. Arnold)
Message-Id: <1991Aug13.131004.24136@eff.org>
Subject: Readership Information
Here is the july readership information for the Computers and
Academic Freedom news group, as posted on news.lists.
For some unknown reason alt.comp.acad-freedom.news is not on
the list.
As you can see we have quite a ways to go before we take over the
number 1 slot, But I'm sure we'll make it eventually :-)
+-- Estimated total number of people who read the group, worldwide.
| +-- Actual number of readers in sampled population
| | +-- Propagation: how many sites receive this group at all
| | | +-- Recent traffic (messages per month)
| | | | +-- Recent traffic (kilobytes per month)
| | | | | +-- Crossposting percentage
| | | | | | +-- Cost ratio: $US/month/reader
| | | | | | | +-- Share: % of newsrders
| | | | | | | | who read this group.
V V V V V V V V
1 200000 4752 73% 1700 4451.6 9% 0.03 13.9% alt.sex
704 7800 189 47% 158 482.8 36% 0.05 0.6% alt.comp.acad-freedom.talk
At this time there are also 82 people on the .talk mailing list, 54 people on
the .batch list, and 157 people on the .news list.
--
| William W. Arnold | warnold@eff.org | has8wwa@cabell.vcu.edu |
| Co-moderator: Computers and Academic Freedom Mailing list |
-------------------
Date: Tue, 13 Aug 91 15:21:41 -0400
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <9108131921.AA01484@eff.org>
Subject: Re: Computers and Academic Freedom (news version) 1.20
[This was (somehow) submitted to caf-news, so I'm posted it to
caf-talk - Carl]
-------------------
Date: Tue, 13 Aug 1991 15:19:07 GMT
From: apctrc!zjlb48@uunet.uu.net (Joe L. Blanton)
References: <1991Aug13.000324.11047@eff.org>
Subject: Re: Computers and Academic Freedom (news version) 1.20
Some of these accusations deserve a comment:
< Keep in mind I'm not ragging Carl, or the collection of Academic
< Freedom News from where this comes, I just wanted to say a few
< things -- primarily that OSU flat looks silly in the way that
< they have handled this whole situation. They probably just don't like
< Mr. Brack ;-).
>Last quarter Steven Brack, a student at Ohio State, was indefinitely
>expelled from Ohio State's Academic Computing Services (ACS)
>computers. Next month he is scheduled for his first hearing before
>the Judiciary Committee. The original charges were very vague (for
>example, he was accused of violating "miscellaneous rules"). At Mr.
>Brack's request, he was recently given a list of specific charges.
>
>Mr. Brack is accused of (this list is based on my notes from a
>telephone conversation; any mistakes are mine):
>
>1) typing the command "shutdown" on a Unix computer
Any good administrator will not allow ordinary students access to any
of the super-user type commands (primarily found in /etc). These
can be restricted through a variety of methods from file and directory
permissions, separate filesystems, and appropriate paths.
>
>2) posting obscenities (i.e. the phrase "fuck you") to national
>builtin boards (i.e. the alt.flame and rec.aquaria newsgroups)
That's his right, in my opinion. If alt.flame (notorious for occasional
obscenity) or rec.aquaria members are upset, then they should be the
ones to say something (Hey, they may have for all I know.)
>
>3) being expelled by ACS from all University networks
This is an accusation? It looks more like a result.
>
>4) continuing his behavior on a student account on the engineering computer
Exactly what 'behavior' is unclear, but I think they are saying ---
"We said 'stop it, oooh'" and he didn't
>
>5) The free print job of another student's account was charged to Mr.
>Brack's social security
??? This was a confusing note, does this mean another students job was
attributed to Mr. Brack? Maybe this just means that OSU claims
he continued to use the printer via another student's account.
>
>6) Another student's account at Ohio State was used to access Mr.
>Brack's public account at the University of Denver.
This really isn't Mr. Bracks problem, for all OSU knows, Brack may have
had nothing to do with this incident. Further, that sounds like a
disciplinary problem related to the student who allowed Steven Brack
to use his account.
>
>7a) keeping nonacademic files on the Mac server
It would be really interesting to see if there was a posting (or how new
it was) regarding whether only academic files could be kept on their
MAC server. (Har, it would really be hilarious to check and see how many
users had non-academic files....)
>
>b) used multiple (i.e. two) Macs at the same time
Wow, crucify him, and anyone else who ever used two computers at the
same time (X windows environments excluded 8->) .
>
>8) Stored 24 copies of a program, maliciously
I assume they were large programs, but can they prove it was malicious?
Maybe it was a shell script 'gone wild'
>
>9) [same as #6?] Used an ACS computer, on which he did not have an
>account, to access his account at the University of Denver.
(right [same as #6])
>
>- Carl
>
>p.s. A collection of caf-talk notes relating to Steven Brack and
>Ohio State are available via anonymous ftp from eff.org as file
>academic/ohio-state.
Again, I'm not ragging the author of this article, who was nice enough to
transcribe and post his notes; I read this and thought -- what a bunch
of contrived nonsense, those OSU guys need to get a handle on the
administration of their computer systems.... and definitely need to
bring something more concrete to bear when they decide to expell people.
Disclaimer: These are my opinions, but are not meant to represent the
opinions of my employer, university, or anyone else I may have met or have
yet to meet in my lifetime.
flames > /dev/null
From comp-academic-freedom-talk-request@eff.org Thu Aug 15 06:51:36 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA14386; Thu, 15 Aug 91 06:51:33 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA23123
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Thu, 15 Aug 91 06:51:00 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA16251; Thu, 15 Aug 91 07:50:37 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA16246; Thu, 15 Aug 91 07:50:30 -0400
Date: Thu, 15 Aug 91 07:50:30 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108151150.AA16246@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Aug 15 07:47:49 EDT 1991
In this issue:
zane@ddsw1.MCS.COM : Mail Your Congressperson Through the Net
kadie@eff.org (Car : Free Forum vs. Class-Work Only machines
warnold@eff.org (W : Re: Free Forum vs. Class-Work Only machines
dysart@magnus.acs. : Re: Free Forum vs. Class-Work Only machines
kadie@eff.org (Car : Re: Free Forum vs. Class-Work Only machines
Sanjay Kapur
Subject: Mail Your Congressperson Through the Net
Mail Your Congressperson Through the Net
I realized that congresspeople should be on the net so
that they are closer to their constituency. Of course, I
mailed my congressperson asking him to look into it. Of
course, he didn't.
Therefore, I thought that people on the net should
still be able to mail their congressperson through the net.
I got the idea from the Cleveland Free-Net's Mail Your
Congressperson thing. (I am not sure of the exact name.) I
was excited by the name and looked into it. Unfortunately,
all it does is give you the address of a congressperson. It
is a good service, but not worthy of the name.
So I got this idea. Mail me at zane@ddsw1.MCS.COM
with the subject "MAIL CONGRESS." (If you don't have that
subject it will be harder for me.) In the letter you should
tell me the name, house (Senate or HoR), and state that you
want to write to. Due to a slight problem in my list, I have only
the initial of the last name and the first name for many of the names.
(The last name has been blurred.) Therefore, I would need
the first name of the person too.
The rest of the letter should be the letter you want
sent to the congressperson. This should be completely
formatted, except for page breaks. I will place the headers
on the letter. (That which states your name, address, date,
and the congressperson's name and address.) I don't have a
laser printer, so it will be printed at only 160 X 72 dpi.
(If someone is willing to give me a laser printer, or even
an inkjet printer, I would gladly accept. :-)
After your signature (if the mail you send me contains
a usenet sig, I will delete that.) I will append a small
note saying:
---
The Mail Your Congressperson Through the Net Project
Call (708)-362-9659 and ask for Sameer Parekh,
or mail zane@ddsw1.MCS.COM for more information.
Hopefully, many letters to congresspeople will invoke
their curiosity.
I am a student with a student's money, so I can not
send these letters for free. I am asking that if you send
five or more letters, to send me check for 35 cents per
letter. (Or, if mail rates rise, 6 cents over the price of 1
stamp.) I realize that it would be a waste to mail money of
amount close to the price of the letter, which is why I am
asking that you only send the check after you have requested
5 letters.
Please send the check to:
Sameer Parekh
Libertyville High School
708 W. Park Ave.
Libertyville, IL 60048
Thanks.
--
The Ravings of the Insane Maniac Sameer Parekh -- zane@ddsw1.MCS.COM
More used address: zane@infopls.mcs.com
kill all overthrow government kill kill bomb bomb hi NSA
-------------------
Date: Wed, 14 Aug 1991 14:52:36 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.145236.23462@eff.org>
Subject: Free Forum vs. Class-Work Only machines
On July 31 in message <1489@cameron.egr.duke.edu>,
jpe@egr.duke.edu (John P. Eisenmenger) writes:
[...]
>My machines are there to support the educational process. A student saving
>megabytes of data, or using 90% of available CPU time for some cause s/he
>supports could interfere with the other students getting their homework
>assignments done. Our priorities have to lie with the students trying to
>do their classwork.
[...]
I'm interested in distinguishing computers on which users are allowed
free expression and those in which all extracurricular activity is
legitimately prohibited.
In many (maybe most cases) the whole issue can be finessed with
quotas, adequate CPU and disk space, etc. But let's consider
a scenario where the issue comes to a head:
LOADED) CPU time and disk space is very tight.
The computer (and its terminals & modems) are
needed for class work all the time
FORCLASS) The computer was acquired and is maintained for particular classes
CONSISTENT) The prohibition is applied consistently (even the operators are
prohibited from sending and receiving email not related to their
duties.)
FAIR) Enforcement of the policy never violates user privacy. (For
example, there are no searches of disk space without the same
authorization that would be need to search assigned office space.)
Punishment for violations are similar to the punishment an
instructor can give out (informal warnings, formal reprimands,
formal suspensions for a few days, etc). All formal punishments
are reported to the University; the student can ask for
a hearing and can appeal.
ALTERN) There is an alternative computer on which extracurricular
activities are allowed.
Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
ALTERN) I think that extracurricular activities (such as reading this
mailing list) can be prohibited without violating the academic freedom
of the system users.
Moreover, (for the sake of discussion) I claim that each condition is
necessary and that together they are sufficient. I would be interested
in arguments that challenge (or support) this claim.
Also, how do real class-work-only machines stack up against
these criteria?
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Wed, 14 Aug 1991 16:13:52 GMT
From: warnold@eff.org (William W. Arnold)
Message-Id: <1991Aug14.161352.24646@eff.org>
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.145236.23462@eff.org> kadie@eff.org (Carl M. Kadie) writes:
[definitions deleted, see kadie's post]
>
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
>
>Moreover, (for the sake of discussion) I claim that each condition is
>necessary and that together they are sufficient. I would be interested
>in arguments that challenge (or support) this claim.
>
I would like to disagree, the correct condition would be
(CONSISTENT & FAIR & (LOADED or FORCLASS or ALTERN))
I must also stress the definition of FORCLASS, It must be for a
particular class or group of classes. the statement "In support of all
classes" is not sufficient.
Possibly we should replace FORCLASS with FORPURPOSE, ie the machine is
there for some specific purpose, be it class work, or research, or some
other valid academic activity.
And of course, the definition of extracurricular activities changes
depending on who is doing what. To use your example, this mailing list
would be a valid use of computer facilities, If you are writing a
report on "The history, present, and future of academic freedom in our
public universities."
>Also, how do real class-work-only machines stack up against
>these criteria?
The problem on most of them is that the rules are either !CONSISTENT or
!FAIR or not either.
>
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
>I do not represent EFF; this is just me.
--
| William W. Arnold | warnold@eff.org | has8wwa@cabell.vcu.edu |
| Co-moderator: Computers and Academic Freedom Mailing list |
| I speak for myself, not {him, her, it}. |
-------------------
Date: Wed, 14 Aug 1991 16:53:50 GMT
From: dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart)
Message-Id: <1991Aug14.165350.16513@magnus.acs.ohio-state.edu>
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.145236.23462@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
>
>Moreover, (for the sake of discussion) I claim that each condition is
>necessary and that together they are sufficient. I would be interested
>in arguments that challenge (or support) this claim.
>
As for me (personally, *not* representing my employer The Ohio State
University), I think the only required conditions are:
1. System(s) is(are) expressly provided to support whatever
project or projects are specified, be these class use,
research use, administrative use, or whatever.
and
2. Fairness is maintained and misuse governed by appropriate
University-wide guidelines.
Now, isn't misuse of a computer that exists for instructional purposes
the same logical thing as performing unauthorized experiments in the
undergraduate general chemistry laboratory? In the latter case, nobody
would yell too loudly if the student were thrown out of the lab and
were therefore unable to complete his assignments and thus failed the class.
--
Mitch Dysart
dysart@magnus.acs.ohio-state.edu
-------------------
Date: Wed, 14 Aug 1991 18:22:41 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.182241.26728@eff.org>
References: <1991Aug14.145236.23462@eff.org>, <1991Aug14.165350.16513@magnus.acs.ohio-state.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart) writes:
[...]
>As for me (personally, *not* representing my employer The Ohio State
>University), I think the only required conditions are:
>1. System(s) is(are) expressly provided to support whatever
> project or projects are specified, be these class use,
> research use, administrative use, or whatever.
>and
>2. Fairness is maintained and misuse governed by appropriate
> University-wide guidelines.
>Now, isn't misuse of a computer that exists for instructional purposes
>the same logical thing as performing unauthorized experiments in the
>undergraduate general chemistry laboratory? In the latter case, nobody
>would yell too loudly if the student were thrown out of the lab and
>were therefore unable to complete his assignments and thus failed the class.
[...]
So the question is, "are CONSISTENCY & FAIRNESS & FORPURPOSE
sufficient conditions?" [As Billy Arnold suggested, I'm replacing
FORCLASS with FORPURPOSE. Also, we can assume that resources are
abundant (NOT LOADED) and that no alternative exists (NOT ALTERN).]
I think these conditions would be sufficient to prohibit unauthorized
chemistry experiments; I do not, however, think that they are
sufficient to prohibit free expression.
The difference between free chemistry and free expression is that
free expression is central to academic freedom.
To quote from the first paragraph Joint Statement on Rights and
Freedoms of Students:
"Academic institutions exist for the transmission of knowledge, the
pursuit of truth, the development of students, and the general
well-being of society. Free inquiry and free expression are
indispensable to the attainment of these goals its members of the
academic community, students should be encouraged to develop the
capacity for critical judgment and to engage in a sustained and
independent search for truth."
Needless do say that free chemistry gets no such endorsement. Likewise,
free expression (but not free chemistry) is explicitly protected
by the First Amendment (at least at public universities) and in the
student code of most universities).
The closest analogy to the use of computers for extracurricular
expression is the use of classrooms for extracurricular expression.
To quote from the Student Code of the University of Illinois (my school):
"III. Campus Expression
A. Discussion and expression of all views is permitted within the
University subject only to requirements for the maintenance of order.
Support of any cause by orderly means which are not in violation of
law and which do not disrupt the operation of the University nor
interfere with the rights of others is permitted.
B. Members and organizations in the University community may invite
and hear any persons of their own choosing, subject only to reasonable
requirements on time, place, and manner for use of University facilities."
Also
"The University's control of campus facilities should not be used as
a device of censorship."
If the computer is not loaded, then extracurricular expression will
not disrupt the operation of the University. If there is no
alternative machine, then reasonable requirements on the time, place,
and manner of computer expression can't completely exclude use of that
machine.
The bottom line is this: The default mode for universities is (should
be?) to allow, protect, and promote free expression. This default
can only be overwritten for a good cause (like lack of resources and/or
availability of an alternative). It can not (should not) be
overwritten by mere administrative say-so.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Wed, 14 Aug 1991 14:49 EDT
From: Sanjay Kapur
Message-Id:
Subject: Re: Free Forum vs. Class-Work Only machines
>The difference between free chemistry and free expression is that
>free expression is central to academic freedom.
>
A chemist would disagree.
-------------------
Date: Wed, 14 Aug 1991 21:25:24 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.212524.241@eff.org>
Subject: System Maintenance/Security requirements
[Submitted to alt.comp.acad-freedom.talk by David Covin.
I've reformatted the paragraphs. - Carl]
-------------------
Date: Wed, 14 Aug 1991 21:46:49 GMT
From: covin@tartarus.uchicago.edu (David Covin)
Message-Id:
Subject: System Maintenance/Security requirements
A few questions, for the benefit of those of us (am I the only one?)
who do *not* have any experience as a system administrator, only as a
user:
1) Why should students not be permitted to give out their
passwords to others?
-- I know of at least one student (at another
university) whose account has been suspended indefinitely because a
friend of hers deduced her password (and, I presume, used it at least
once, to log in remotely). From bits and pieces of anecdotes I've
heard elsewhere, such a rule seems fairly common.
-- My obviously limited analysis of the situation shows
only the following reasons which might be behind such a policy:
Concern that nonstudent hackers will grunge up the system.
Desire not to give university computing resources free to non-
University-affiliated people.
The second of these seems a reasonable policy
concern, but an unlikely motivation. I.e., it is certainly the right
of the university to restrict use of its facilities to its own
students, faculty, etc; but I would be surprised to see a sufficent
combination of official concern (it's never seemed to me that anyone
would care much if a friend came to visit and logged into my account
for an hour or two) and frequent abuse (anyone able to log into an
account from across the country, probably has computer facilities
available at the other site as well, and is just doing it for fun...
How much value in computer services do people think is "lost" to
unauthorized users, in a typical year at a typical University,
anyway?) to warrant such a seemingly draconian policy. But then, I
may be ignorant; hence, I ask. :-)
The first, on the other hand, seems a likely
motivation but an unreasonable concern. Why would a system that is
safe from student hackers on student accounts be particularly
vulnerable to nonstudent hackers on student accounts? Particularly if
you hold the student responsible for anything nasty done by access
that student gave to someone else.
2) Why, specifically, would it be necessary for system
maintenance to read a user's files without his or her prior
permission?
3) Why do users concerned with having their private files read
by system administrators without their permission, not simply encrypt
the files they do not wish read? (Ok, this isn't a sysadmin question
:-) )
--
David Covin covin@despair.uchicago.edu
-------------------
Date: Wed, 14 Aug 91 18:27 EDT
From: Diane Kovacs
Message-Id: <9108142230.AA01352@eff.org>
Subject: RE: System Maintenance/Security requirements
Status: O
As an undergraduate I lost a computer account because I allowed my husband to
use it and he was caught by the computer lab monitor....when I objected that
it was all family anyway...and that husband had his own account and was
working on both at the same time......I was told to leave. I later applied
for the another account and received it with no problem.
I think policies like that are absolutely absurd. I share my password with
friends now so they can ftp and retrieve files from my accounts. I'm not
planning on stopping....but I do change the password at least once per
month to prevent any stranger who happens on to it from exploiting my accounts.
Diane
-------------------
Date: 14 Aug 91 23:38:22 GMT
From: fwp1@Jester.CC.MsState.Edu (Frank Peters)
Message-Id: <1450@ra.MsState.Edu>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In article <1991Aug14.212524.241@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>[Submitted to alt.comp.acad-freedom.talk by David Covin.
> I've reformatted the paragraphs. - Carl]
>
> 1) Why should students not be permitted to give out their
>passwords to others?
There are basically three reasonable reasons I have heard for such
a policy.
a) Even on systems that use some sort of quota system to allocate
resources the total of all user allocations exceeds the available
resources. For example, the disk sum of user disk quotas typically
exceeds the total available disk space. This is done on the assumption
that the average user won't use his/her full quota. The purpose
served is usually to curb extreme hogs rather than to attempt to
reflect the average user.
Of course, sites that don't run any quotas still make budget
decisions and the like based upon some concept of an average
user.
When a user shares her userid with a friend (either locally or
at another institution) she is essentially destroying the
validity of this estimate. Now, even though I have X users
in my password file I have X + Y actual users where Y is the
number of shared userids. Those Y userids typically have
more files and more CPU utilization than would an average
userid.
b) As suggested by Mr. Covin, university computing resources are
purchased for the use of people associated with the university.
c) This one is almost political rather than technical or even practical.
The issue is allocation of blame for abuse (whether excessive resource
use or security violation attempts). A frequent problem with shared
userids is that the user attempts to use this as an excuse to
shirk responsibility for the abuse. After all, he did nothing wrong
(assuming he didn't himself perpetrate the abuse). He shared his
userid with a friend, which isn't against the rules, and his friend
is the one who caused the problem. And that friend is typically
out of reach of administrative discipline.
Making it explicitly against policy to share passwords neatly nips
this sort of squirming in the bud.
A fourth, less reasonable motive involves trying to determine
when a userid has been compromised. If, through whatever means,
I determine that another person is using your userid how do I
decide whether that person has permission or not. If sharing
passwords is a violation then I can probably safely act on the
assumption that the use is unauthorized (after all, nobody
breaks the rules right :-). If sharing passwords isn't against
policy then I must pretty much let that user continue until I
can get in touch with the owner of the userid.
> 2) Why, specifically, would it be necessary for system
>maintenance to read a user's files without his or her prior
>permission?
In the day to day course of running a system I can't think of a
reason. The need to search a users files should be limited to
extreme cases (like searching a home in the real world).
It does, however, make the job of system administration a lot
easier. An administrator can determine why a specific user's
disk use suddenly went through the roof or find a copy of that
important letter that the boss needs while the user is out of
town. If the owner of the system wants it run on that basis
and users of the system are aware of the policy in advance I
don't see the harm.
> 3) Why do users concerned with having their private files read
>by system administrators without their permission, not simply encrypt
>the files they do not wish read? (Ok, this isn't a sysadmin question
Convenience.
Frank Peters
Mississippi State University
Computing Center
-------------------
Date: Wed, 14 Aug 91 20:54:18 EDT
From: Ami Ganguli
Message-Id: <9108150054.AA05174@trantor.irus.rri.uwo.ca>
Subject: Re: System Maintenance/Security requirements
>> 2) Why, specifically, would it be necessary for system
>>maintenance to read a user's files without his or her prior
>>permission?
>
>In the day to day course of running a system I can't think of a
>reason. The need to search a users files should be limited to
>extreme cases (like searching a home in the real world).
>
>It does, however, make the job of system administration a lot
>easier. An administrator can determine why a specific user's
>disk use suddenly went through the roof or find a copy of that
>important letter that the boss needs while the user is out of
>town. If the owner of the system wants it run on that basis
>and users of the system are aware of the policy in advance I
>don't see the harm.
The user should also have the option of painlessly disallowing
unauthorized access. ie. On a UNIX system, require that the administrator not
be allowed to use superuser access to look at user accounts, so that users can
restrict access as they wish.
-------------------
Date: Wed, 14 Aug 1991 21:28 EDT
From: Sanjay Kapur
Message-Id: <063EBABC8C008141@ccmail.sunysb.edu>
Subject: Re: System Maintenance/Security requirements
> The user should also have the option of painlessly disallowing
>unauthorized access. ie. On a UNIX system, require that the administrator not
>be allowed to use superuser access to look at user accounts, so that users can
>restrict access as they wish.
That should depend on the local policy.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Wed, 14 Aug 1991 21:36 EDT
From: Sanjay Kapur
Message-Id: <0763B5A2BC008141@ccmail.sunysb.edu>
Subject: Re: System Maintenance/Security requirements
>From: fwp1@Jester.CC.MsState.Edu (Frank Peters)
>
>A fourth, less reasonable motive involves trying to determine
>when a userid has been compromised. If, through whatever means,
>I determine that another person is using your userid how do I
>decide whether that person has permission or not. If sharing
>passwords is a violation then I can probably safely act on the
>assumption that the use is unauthorized (after all, nobody
>breaks the rules right :-). If sharing passwords isn't against
>policy then I must pretty much let that user continue until I
>can get in touch with the owner of the userid.
>
> Frank Peters
> Mississippi State University
> Computing Center
This is not in the least unreasonable. To take extreme examples:
1) Try to get into a secure military installation with some other person's id.
2) Try to get into a health club with some other person's id.
In both the above cases if a friend(2) or even a co-worker(1) gets in they
may be liable for civil, criminal and disciplinary action.
In the two examples cited above, neither the secure site nor the health club
will suffer monetary loss or any real loss of security. Still it is
prohibited.
Granted a University is different and to someone who has used an older
friend's id to get into a bar would think so also.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 15 Aug 91 03:36:50 GMT
From: pwh@bradley.bradley.edu (Pete Hartman)
Message-Id: <1991Aug15.033650.8313@bradley.bradley.edu>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In <1991Aug14.212524.241@eff.org> kadie@eff.ORG (Carl M. Kadie) writes:
> 1) Why should students not be permitted to give out their
>passwords to others?
Simple: Accountability. If some serious damage is linked to a given
account, and the user is allowed to plead "I didn't do it, it was one of
my friends who has my password", it would become an order of magnitude
more difficult to pin down problems.
> 3) Why do users concerned with having their private files read
>by system administrators without their permission, not simply encrypt
>the files they do not wish read? (Ok, this isn't a sysadmin question
>:-) )
Laziness?
-------------------
Date: Thu, 15 Aug 91 00:25:09 EDT
From: Ami Ganguli
Message-Id: <9108150425.AA17520@vega.irus.rri.uwo.ca>
Subject: Re: System Maintenance/Security requirements
>> The user should also have the option of painlessly disallowing
>>unauthorized access. ie. On a UNIX system, require that the administrator
>>not be allowed to use superuser access to look at user accounts, so that
>>users can restrict access as they wish.
>
>That should depend on the local policy.
Should it? What I meant originally was that the user should have some
way or restricting the administrator from routinely reading his or her files.
There should still be some mechanism for the adminstrator to get access to the
files, given proper justification.
The reason I maintain that there should always be some way of limiting
administrator access is that nobody has given any reason for an administrator
to snoop in user files against the user's wishes. The reason given by Frank
Peters is convenience ( ie. accessing a memo while the user away, or finding
out why the users disk usage went up without having to bother the user ), which
is fine _as_long_as_the_user_agrees_.
What we need to establish here is to what extent the administrator can
curtail the users' privacy merely by notifying the user beforehand that this
is the policy. ie. Would the phone company be justified in listening in on
personal calls ( perhaps to find out if a home phone is being illegally used
as a business phone ) if it gave notice before installing the phone that such
intrusions were 'policy'? Perhaps they would, but it would certainly make me
think twice before getting a phone.
... Ami.
-------------------
Date: 15 Aug 91 04:58:56 GMT
From: webber@csd.uwo.ca (Robert E. Webber)
Message-Id: <4228@julian.uwo.ca>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In article <1991Aug14.212524.241@eff.org>
.[Submitted to alt.comp.acad-freedom.talk by David Covin.
. I've reformatted the paragraphs. - Carl]
From comp-academic-freedom-talk-request@eff.org Fri Aug 16 09:49:29 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA22192; Fri, 16 Aug 91 09:49:26 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA06371
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Fri, 16 Aug 91 09:48:54 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA19437; Fri, 16 Aug 91 10:48:33 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA19430; Fri, 16 Aug 91 10:48:30 -0400
Date: Fri, 16 Aug 91 10:48:30 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108161448.AA19430@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Fri Aug 16 10:46:26 EDT 1991
In this issue:
kadie@eff.org (Car : Re: Free Forum vs. Class-Work Only machines
Sanjay Kapur
References: <96C3B1454C00965B@ccmail.sunysb.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
[Mr. Kapur is giving the reason why his university has denied use
classroom space to students even if space if available.]
SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) writes:
[...]
>The reason(s) cited for refusal are derived from the big loophole in the
>above statement:
>The facilities administrator believes that the "occasion will not be
>conducted in a manner appropriate to an academic community"
>These policies were put in place after "incidents" happened. Just as with
>computing policies.
In email to me, Mr. Kapur said that the school feared armed violence
or vandalism based on previous experience with similar events.
I don't that a complete ban of extracurricular free expression on
computers would be needed "to insure that [...] the occasion is
conducted in a manner appropriate to an academic community." I would
think that something more along the lines of having the professor or
student read the computer policy would suffice.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Thu, 15 Aug 1991 19:27 EDT
From: Sanjay Kapur
Message-Id:
Subject: Re: Free Forum vs. Class-Work Only machines
>Can we think about the issues of privacy in terms of faculty instead of
>students? I think many of the comments here have concerned the undergraduates
>_privilege_ to use computers...but what about the account that a researcher
>is paying for through grants? It is distinctly different...as is the
>account that a faculty member receives as part of their departmental allocation.
>We are 'paying' for our access. We should be able to store data/information
>in our accounts without fear. We should be able to correspond with whomever
>we desire on the networks without fear of our conversations being monitored.
At least at Stony Brook, Students and Faculty get the same privileges. In
fact, it is easier for an undergrad to get an account than it is for a faculty
member. A faculty member has to go through paperwork which the student
avoids.
>
>If someone suspects us of illegal activity (say selling secrets to Iraq 8).
>They should have to get a *warrant* to inspect our space. I live in an
>apartment...I pay for my space...this does not mean that the landlord can
>just walk in on me whenever he feels like it (though I fully expect him
>to walk in in emergency or ask me for permission to inspect or show the
>place...by then I've had time to clean up).
>
Sorry, private building landlords do have th implicit right to enter your
apartment to do anything they like without any notice. They may waive this
right under a contract but rarely do.
I have known landlords to enter apartments under the following conditions
without any notice:
1) Extermination
2) routine repairs to a/c units, bathrooms etc.
3) painting doors/walls etc.
The tenant went to a lawyer who read the contract and told the tenant that the
only option the tenant has is to move out and forfiet the lease payments.
>At my site I am confident that my privacy is respected...unless there is an
>emergency.
>
Who decides when an emergency has happened.
>Also re: telephone lines.. as I here it they have to get a
>warrant to check to see if you are running a business...maintenance is
>different but they don't have to 'listen' to check lines...they have a
>little analyzer thingy that can detect line noise and stuff that they plug in.
>Read _Cuckoos Egg_ if you want a description of how hard it is to get the phone
>company to violate confidentiality.
>
The phone company will not violate confidentiality for you or for Richard
Stoll, but it does so all the time for its own purposes.
>
>*****************************************************************
> Diane K. Kovacs - Moderator GovDoc-L
> Kent State University Libraries
> Kent, Ohio 44242
> Phone: (216)672-3045
>
> Bitnet: DKOVACS@kentvm or LIBRK329@kentvms
>Internet: DKOVACS@kentvm.kent.edu or LIBRK329@ksuvxa.kent.edu
>
>The opinions I express are mine and no one elses.
>*****************************************************************
>
>
Anyone who assumes that the phone company is the ultimate in client
confidentiality should see telephone company officials squirm when asked
questions about this subject at congressional hearings on C-SPAN.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 15 Aug 91 20:21 EDT
From: Diane Kovacs
Message-Id: <9108160024.AA02487@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
Sanjay,
I'm sure glad I don't work at Suny Stony Brook.
And I do believe that the State of New York has laws governing
access to tenants apartments...it is illegal without permission from
the tenant *or* access rights agreed on via the lease. In Illinois-
I attended UIUC as did Carl 8) - I called the police when my landlord
decided to paint my apartment while I was sleeping in it....the workman
refused to leave when I asked him to. The workman was told that he would
either leave or go to jail for trespassing. On another occasion the landlord
destroyed my garden -that he had agreed to allow me via the lease- the
police informed him that he needed to reimburse me for the plants that he
destroyed...and he did. What is actually enforced, I agree, is different
from what is legal.
Aren't the forms that faculty fill out lengthier because they are getting
larger more empowered accounts and they are paying for them?
All of the issues you throw out do not negate the fact that this is a
Democracy and we do have the right to protect our privacy.
It does not matter what *reality* is, or who else is violating our
right to privacy the fact is that we can and should demand due process.
When we stop demanding due process and watching out for violations of our
rights...as citizens and human beings then we will lose them.
By the way...my husband and I were gaming on the computer system where I
lost my account...gaming was only allowed after 10 p.m. and it was the
old PLATO system...Carl will remember? There was no file-sharing or
transfer for regular old users like us. I had a CAI account for developing
tutor programs...Michael was running two characters in AVATAR at the same time.
Cordially,
Diane
-------------------
Date: 15 Aug 91 20:01:12 GMT
From: agora!greg@geech.gnu.ai.mit.edu (Greg Broiles)
Message-Id: <1991Aug15.200112.10347@agora.uucp>
References: <1991Aug14.145236.23462@eff.org>, <1991Aug14.165350.16513@magnus.acs.ohio-state.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.165350.16513@magnus.acs.ohio-state.edu> dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart) writes:
>In article <1991Aug14.145236.23462@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>>
>>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>>ALTERN) I think that extracurricular activities (such as reading this
>>mailing list) can be prohibited without violating the academic freedom
>>of the system users.
>>
>
>Now, isn't misuse of a computer that exists for instructional purposes
>the same logical thing as performing unauthorized experiments in the
>undergraduate general chemistry laboratory? In the latter case, nobody
>would yell too loudly if the student were thrown out of the lab and
>were therefore unable to complete his assignments and thus failed the class.
I see computing resources as more closely analagous to libraries. I think
lots of people would yell loudly if a student was thrown out of a library
for reading a book not directly related to a class they were taking.
--
".. organized crime is the price we pay for organization." - Raymond Chandler
Greg Broiles | CI$: 74017,3623 | greg@agora.rain.com
PO Box 8988, Portland, OR 97207-8988 | MCIMail: gbroiles
-------------------
Date: Fri, 16 Aug 1991 04:20:42 GMT
From: jgreely@morganucodon.cis.ohio-state.edu (J Greely)
Message-Id:
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.145236.23462@eff.org> kadie@eff.org
(Carl M. Kadie) writes:
>I'm interested in distinguishing computers on which users are allowed
>free expression and those in which all extracurricular activity is
>legitimately prohibited.
That *does* simplify things. Of course, making things so black and
white almost completely divorces the discussion from reality, but
that's not unusual.
>FORCLASS) The computer was acquired and is maintained for particular classes
This should be "FORANYSPECIFICPURPOSE".
>FAIR) Enforcement of the policy never violates user privacy.
I agree, with the condition that "user privacy" be clearly defined.
> Punishment for violations are similar to the punishment an
> instructor can give out (informal warnings, formal reprimands,
> formal suspensions for a few days, etc).
You're hung up on "punishment". Any action that system administrators
take with regard to a student's use of the system is apparently a form
of punishment, which I think is nonsense.
> All formal punishments
> are reported to the University; the student can ask for
> a hearing and can appeal.
So, every time you clean up a file system, you should report it to the
University? If someone (oh, let's take an *unusual* example :-))
ftp's GIF files that fill up a file system (knowingly violating a
written policy), is told to remove them, fails to remove them in a
reasonable amount of time, and then discovers they've been deleted,
all of this should be reported to the university, and the student
should be given a chance to appeal? I can think of some examples
where your concerns are relevant, but by no stretch of the imagination
do I think it can be applied across the board.
>ALTERN) There is an alternative computer on which extracurricular
> activities are allowed.
This is irrelevant to the discussion.
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
Well, if a chemistry lab isn't fully utilized, and I have a key to it
for class work, can I make explosives in my spare time? The
university doesn't have any alternate facilities where I can make
explosives, so I should be able to use this one, right? No? There
goes my academic freedom...
If you can't stand the air
conditioning, stay out of the
computer room.
--
J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)
-------------------
Date: 16 Aug 91 07:43:42 GMT
From: zane@ddsw1.MCS.COM (Sameer Parekh)
Message-Id: <1991Aug16.074342.12863@ddsw1.MCS.COM>
Subject: Mail Your Congressperson Through the Net
I would like to change a small item in my Mail Your Congressman
Project.
Instead of sending money for each letter you would like sent, I
would find it easier if people who want my service to continue would just
send any donation that they find reasonable. I think you would find that
method much simpler.
Please mail the checks to this modified address:
Sameer Parekh
c/o Media Dept.
Libertyville High School
708 W. Park Ave.
Libertyville, IL 60048
Thanks.
--
Sameer Parekh -- zane@ddsw1.MCS.COM zane@infopls.chi.il.us
Ask me about the Mail Your Congressperson Through the Net projectb
kill all overthrow government kill kill bomb bomb hi NSA
From comp-academic-freedom-talk-request@eff.org Fri Aug 16 09:49:29 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA22190; Fri, 16 Aug 91 09:49:24 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA06367
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Fri, 16 Aug 91 09:48:46 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA19426; Fri, 16 Aug 91 10:48:21 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA19421; Fri, 16 Aug 91 10:48:14 -0400
Date: Fri, 16 Aug 91 10:48:14 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108161448.AA19421@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Fri Aug 16 10:46:11 EDT 1991
In this issue:
kadie@eff.org (Car : Re: Free Forum vs. Class-Work Only machines
Sanjay Kapur
References: <1991Aug14.145236.23462@eff.org>, <1991Aug15.004054.2852@zorch.SF-Bay.ORG>
Subject: Re: Free Forum vs. Class-Work Only machines
xanthian@zorch.SF-Bay.ORG (Kent Paul Dolan) writes:
> kadie@eff.org (Carl M. Kadie) writes:
>> ALTERN) There is an alternative computer on which extracurricular
>> activities are allowed.
>This one's the kicker -- I see nowhere supported by
>_anything_ a "right" to use someone else's computer
>resources for any purpose whatever. The access to
>computers for students _must_ continue to be
>voluntary on the part of the institution, but I think
>one can argue that it should be _fairly_ given if it
>is given at all, and work on defining "fairly".
Would you also then say that students have no right to use a classroom
for, say, a club meeting? Assume that the classroom is not otherwise
being used (NOT LOADED) and that no alternative space, such as a
student union, exists (NOT ALTERN).
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Thu, 15 Aug 1991 11:59 EDT
From: Sanjay Kapur
Message-Id: <7FFF5E2F2C008A49@ccmail.sunysb.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
>
>Would you also then say that students have no right to use a classroom
>for, say, a club meeting? Assume that the classroom is not otherwise
>being used (NOT LOADED) and that no alternative space, such as a
>student union, exists (NOT ALTERN).
>
>- Carl
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
>I do not represent EFF; this is just me.
At Stony Brook, technically, clubs have to get formal approval to use a class
room. The request is denied at times even when the room is free.
There is a long form with lots of required information that has to be
completed before the request is even considered.
The form has to be completed even to use an empty room in the Student Union.
Scheduling conflicts are not the only reason requests are denied.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 15 Aug 1991 16:50:25 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug15.165025.22392@eff.org>
References: <7FFF5E2F2C008A49@ccmail.sunysb.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
[We are discussing the question of whether students (and faculity)
have a right to use university resources (classrooms, computers, etc)
in pursuit of extracurricular expression. For the sake of argument we
are assuming that the resource has spare capacity and that no similar
alternative resource is available. - Carl]
SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) writes:
>At Stony Brook, technically, clubs have to get formal approval to use a class
>room. The request is denied at times even when the room is free.
>There is a long form with lots of required information that has to be
>completed before the request is even considered.
>The form has to be completed even to use an empty room in the Student Union.
>Scheduling conflicts are not the only reason requests are denied.
What are the other reasons?
Here is what the "Joint Statement on Rights and Freedoms of Students" says:
"2. Students should be allowed to invite and to hear any person of
their own choosing. Those routine procedures required by an
institution before a guest speaker is invited to appear on campus
should be designed only to insure that there is orderly scheduling of
facilities and adequate preparation for the event, and that the
occasion is conducted in a manner appropriate to an academic
community. The institutional control of campus facilities should not
be used as a device of censorship."
The Student Code of University of Illinois (my school) is almost
identical to this. The Student Code is part of the contract between me
and the University. Thus, the University of Illinois is contractually
obligated to share its (classroom or meeting room) facilities with me
so that I can pursue my extracurricular free expression. I do not
have to rely on the institution to volunteer.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Thu, 15 Aug 1991 17:48:37 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug15.174837.23862@eff.org>
Subject: CAF-News Abstracts
These are abstracts of the Computers and Academic Freedom News
(CAF-news). Referenced issues of CAF-news are available via anonymous
ftp to eff.org in directory "academic/news".
New issues of CAF-news are available via the newsgroup
alt.comp.acad-freedom.news. If you read newsgroups but your site
doesn't get alt.comp.acad-freedom.news, (politely) ask your sys admin
to subscribe. CAF-news is also available via e-mail. For more info
send email to listserv@eff.org. Include the lines "help" and
"longindex".
- Carl
---------
cafv01n01
[This is the first issue of the caf-news. It is made up of a selection
of notes from the caf-talk mailing list. It covers notes posted
from April 9th to April 14th. Expect more information about the
caf-news after I catch up with old caf-talk notes. - Carl]
cafv01n02
[This issue covers notes posted in the caf-talk mailing list from
April 14th to April 21st. Next Wednesday, I'll publish selected notes
up through April 28th. After that the caf-news will be published on
Sunday, and will cover notes posted the preceeding week. Also,
starting with the next issue, the formatting of the notes will be
improved (there will not be so many header lines).
This issue includes the policy statements from the American and
Canadian Library Associations and the American Association of
University Professors. Several notes suggest ways that these policy
statements should be applied to computers. Netnews censorship and
Purdue and Case Western is also discussed (with notes from both the
censor and the censored).
- Carl]
cafv01n03
[This issue covers notes posted in the caf-talk mailing list from
April 21th to April 28th. Starting this coming Sunday, caf-news will
be published on Sunday and will cover notes posted the previous week.
In this issue, system administrators from Case Western and Purdue tell
why they censored outgoing newsgroup messages. The necessity of their
censorship is discussed (with comments by some of the people who were
censored.)
I critique a new e-mail policy by a department of the University of
Illinois. According to the security officer of department, the policy
permits disk-space searches of people who attack the University or the
department in email. As of today (May 1st), the policy stands;
according to the department, the policy will not be rescinded until
(unless) a new policy is created.
Other notes discuss the nature of academic freedom and the use of
University facilities.
- Carl]
cafv01n04
[This issue includes three proposed user policies. One of the policies
says that "personal development" use is OK, but "personal use" is not.
Several notes address the practicality and wisdom of such a
distinction. Other notes discuss the policy of checking that user's
newsgroup postings are proper according to the (sys admin's
understanding) of a newsgroup's charter. Finally, more news about the
NCSA e-mail policy: The old policy stands until (and unless) a new
policy is created.
- Carl
p.s. I sent Issue #3, covering the week ending April
28, on Wednesday, May 1st. If you did not receive that issue, please
send e-mail to kadie@eff.org]
cafv01n05
[With the end of the school year at many places, traffic on the list
has slowed. Readership, however, is now up to 250 in at least six
countries.
This issue includes information on how to get back issues of caf-news
from the archives and information on how to get copies of the computer
policies of many schools. It also has a report of attempted expression
suppression (under the guise of political correctness?).
The main topic in this issue is a discussion of exactly how the principles
of academic freedom should be applied to computers and networks (with
excerpted comments from Sanjay Kapur, Edward Vielmetti, George Rickerson,
Aydin Edguer, and Rich Kulawiec.
- Carl]
cafv01n06
[Three topics are discussed in this issue: What is the relation
between newsgroup systems and traditional libraries? How should
privacy rights be applied to diskspace and email? How do general
University policies evolve? The last question is addressed with a
survey University of Illinois policy from 1904 to present. It is
interesting to see both the trend and how external forces such as
Alcohol Prohibition and the Red Scares effected policy. - Carl]
cafv01n07
[This issue considers the circumstances under which a (computer)
postmaster should read the body of misaddressed e-mail. In also
includes a brief history of Academic Freedom in the US and comments
whether system admins should stand up for user rights. Sally Webster
solicits "ethics war stories". A computer-user right is asserted: the
right to participate in policy formulation and application. Finally,
Boston University's computer policy is criticized as one sided. -
Carl]
cafv01n08
[SPECIAL ISSUE: The Best of April
This is a compilation of the best notes from April. It includes the
original announcement for the CAF archive and copies of general policy
statements from the American Library Association, the Canadian Library
Association, and the American Association of University Professors.
It also includes reports of a victory for freedom of expression at
Denver University, newsgroup censorship at Purdue and Case Western,
and one-sided e-mail policy at the University of Illinois.
- Carl]
cafv01n09
[This issue covers more topics than usual. The most important
information is a description of Berkeley's Open Computing Facility
(OCF), an organization that *democratically* manages computer resources
for thousands of users. The OCF constitution and bylaws are included.
Other topics discussed are arbitrary searches (re Boston University),
the need for clear and explicit policy (re U. of Illinois/NCSA), what
telephone company employees do when they overhear a phone call, how
email problems can be fixed without reading the body of notes, and
what do to about (perceived) disk-quota abuse.
The final note announces new distribution methods for the lists and
tells how to switch.
- Carl
p.s. I hope to switch caf-news to the official digest format soon. ]
cafv01n10
[SPECIAL ISSUE: The Best of May
This is a compilation of the best notes from May. It includes several
notes detailing how academic freedom might be applied to computers.
Issues considered include privacy, participation, quota enforcement,
freedom to read, and personal use. Several notes tell how academic
freedom is (or is not) being applied at particular universities
including the University of Illinois and Boston University. From
Berkeley comes a description of Berkeley's Open Computing Facility
(OCF), an organization that *democratically* manages computer
resources for thousands of users. Also, the compilation includes a
case study that tells how a general student policy has evolved
since 1904. After reading the case study you will be able to say "hey,
this computer policy looks like something from the 1930's." Finally,
there is a note that tells how to get back issues from the CAF archive.
- Carl]
cafv01n11
[This compilation includes a call for student and faculty
participation in policy formation and application. The call is
endorsed by a sys admin at Berkeley's Open Computing Facility, a place
where such participation is the standard operating procedure. Also, the
question "Should users be automatically suspended from the computer if
they are suspected of an infraction?" is discussed. There is a
critique of the (soon to be revised?) Ohio State CIS email policy. Due
process is discussed with examples of punishment without due process
from UMCP and Ohio State. Pragmatic benefits of due process are
asserted. Finally, the question "Does the availability of GIF images
of nude people constitute sexual harassment?" is discussed. - Carl]
cafv01n12
[This compilation includes more discussion about GIF images
of nude people. A correspondent tells how librarians deal with
similar material. Also, sexual harassment issues are again addressed.
Another note argues that the mistreatment of even a fraction of a
system's users is important. And a sys admin describes the
inconvenience of creating and enforcing a formal policy.
Finally, two related propositions are debated:
Resolved: Users should not be suspended or expelled from computer
systems as punishment for computer-policy infractions.
Resolved: The punishment that a computer administrator can impose on a
student should be not exceed that which an instructor can impose.
- Carl]
cafv01n13
[This week's selection is mostly about user-sys admin relations. In
the first note, a sys admin describes the pressures of his job. In the
next series of notes, users describe bad experiences at the University
of Kentucky, at the University of Maryland, in industry, and at the
University of Illinois. The topic is concluded with notes from sys
admins and users that tell the secrets of great user-sys admin
relations (good communication and moderation-in-action.)
Next, a note argues against charging users with "theft of service"
because the charge is too broad. The last note tell how you might be
able to switch from e-mail delivery of CAF-news to newsgroup delivery.
I will be out of town the next two weekends, so distribution
of issues #14 and #15 may be delayed. - Carl]
cafv01n14
I'm back from a great vacation. This is the CAF-news for the week
ending June 30, 1991. The first three notes discuss student
exploration; if a student breaks the system, does it matter if he or
she did it accidently or maliciously? The last note discusses
intellectual property agreements in which the University may claim
some ownership in material you developed at the University. - Carl]
cafv01n15
[SPECIAL ISSUE: The Best of June
This issues starts with reports of user abuse at Ohio State and in
industry and a report of sys admin abuse at the University of
Kentucky. The next note shows what can happen when users are denied
due process; they may take matters into their own hands causing much
more serious problems. A note by William Murray attributes most
user/sys admin conflict to honest differences in how each perceive
computer systems.
Two notes discuss graphics files of naked people. The notes argue that
University's can not prohibit such files without violating the rights
of their student. Library policy with regard to pictures of naked
people and the issue of sexual harassment are considered.
The final six notes tell how to make things run smoothly. Users and
sys admins should give each other the benefit of the doubt; "ALL
problems of abuse etc. come about due to lack of communications
between the Systems staff and the users." An experienced sys admin
reports that it is almost never necessary to suspend users. Another
reports that user participation in policy making really works. Both
of these observations are supported by the Joint Statement on the
Rights and Freedoms of Students.
- Carl]
cafv01n16
First an apology. In the previous issue (cafn01v15), Wes Morgan
described the pressures sys admins face caused in part by users. In my
opening remarks, I said that the article was about "sysadmin abuse"
[by users]. That was hyperbole. I can say categorically, that I have
no reason to believe that Mr. Morgan has ever been abused (in any
literal sense) by his users. (In fact, I think he is well liked and
respected by the users of his machines.) I apologize for any grief my
poorly chosen phrase caused.
The first article of this collection, describes how
Supreme Court's recent endorsement of the gag rule (with respect
to abortion clinics) might effect universities. The next note
shows the estimated readership and propagation of the CAF-talk
newsgroup.
The bulk of this issue discusses the case of Steven Brack at Ohio
State University. Steven is formally charged with (among other things)
"obscenity" (i.e. he wrote "fuck you" to an open newsgroup). In a
small digression from this particular case, Helen C. O'Boyle, a grad
student at Virginia Commonwealth University, talks about the general
problem of punishment before (or without) a hearing. The issue
ends with a request by me, on behalf of Steven, for e-mail letters
of support.
cafv01n17
[The first note in this collection argues that "to make judgments
about either Mr. Brack or Ohio State's ACS group at this point would
be grossly unfair." The next three notes follow up on this discussion.
(The second note strongly criticizes a comment I made last week.)
The next two notes discuss freedom of expression on the net. The
second note includes a *proposed* U.S. constitutional amendment that
would explicitly guarantee many civil liberties on computers, networks,
and other technology. If you are interested in these topics, you may
enjoy the comp.org.eff.talk and comp.org.eff.news newsgroups.
Two notes discuss a user's recourse if he or she is treated unfairly.
A user shares her personal experience that in practice effective
recourse is more difficult than theory would suggest.
The penultimate note asks about computers and academic freedom
when more grade and high schools are on the net. In the last note,
a sys admin reports that he is able maintain his system without
reading user email. - Carl]
cafv01n18
[The first four notes address the question "Under what conditions
should a user's computer files be searched?" Helen C. O'Boyle reports
that when faculty and students at Virginia Commonwealth University
asked that "emergency searches" be reported to the user with 24 hours,
the computer staff refused. Other notes list the (general) search
policies of the Joint Statement on Rights and Freedoms of Students,
the U.S. Bill of Rights, the Code of the University of Illinois, and a
proposed law on computer searches.
The final four notes discuss cases. There is a report that at Wayne
State University the official "Student Due Process Policy" was
completely ignored. A student at Ohio State, who was once expelled
from ACS/IRCC computers, offers a reminder that we are only getting
Steven Brack's side of the story. In the next note, I critique as new
Ohio State ACS computer policy because it seems to permit computer
expulsions without due process. In the final note, a student tells how
he quit Hamline University after he was expelled from the computer
with notice, explanation, or recourse. - Carl]
cafv01n19
[I am happy to report that the CAF project is growing. Helen C.
O'Boyle, William W. Arnold, and I will be working together to manage
CAF-news and CAF-talk. We will take turns (month by month) editing
CAF-news.
The first five notes in this collection discuss searches of computer
files. Issues covered include probable cause, enforcement of probable
cause requirements, the reasonableness of expecting privacy, and system
defaults that can be set to make problems with user-user snooping much
less likely.
In the news, a report of student a the University of Georgia who was
suspend from the University after distributing an encrypted password
file. It appears that the student received due process.
The next notes outline the contractual and constitutional constraints
on sys admin (and University) authority. They explains that
universities are under a contractual obligation to treat students
fairly. Every administrator and student should read these notes.
The final notes discuss an initiative to develop a sample computer
policy that would respect academic freedom. The notes include a
request (by me) that we wait until more students return to campus next
month to pursue this project. Other notes propose outlines of a sample
policy. - Carl]
cafv01n20
[SPECIAL ISSUE: The Best of July
The first notes discuss cases. Ohio State University and Steven Brack
are back in the news. Recall that Mr. Brack was permanently expelled
(without the chance for a formal hearing or appeal) from OSU's
Academic Computer Services (ACS) computers. Now a Judicial Committee
hearing will decide if Mr. Brack be should punished some more
(apparently for the same alleged offenses). Mr. Brack is charged with,
among other things, obscenity (i.e. typing "fuck you" in newsgroup
note.) The third note about the Ohio State case is a reminder that
only Mr. Brack's side of this case has been presented in this forum.
In addition to the Ohio State case, there is a report of student of
the University of Georgia being suspended for knowingly aiding
crackers by supplying them with an encrypted password file. (The
student seems to have received due processes.) There are also reports
of due-process procedures being ignored at Virginia Commonwealth
University and at Wayne State University.
The next three notes are about searches of computer files. The first
quotes the Joint Statement on Rights and Freedoms of Students on
(noncomputer) searches. The next describes proposed federal rules
on computer searches by the police. The third argues that a probable
cause rule is enforceable.
There are three notes about policy. In the first, I critique Ohio
State ACS computer policy because it seems to allow expulsion from
their computers without the opportunity for a formal hearing or an
appeal. The next note outlines the topics that a model policy should
cover. The last lists a proposed U.S. constitutional amendment. It
would guarantee Constitutional protection (like freedom of
expression) of computer users.
The last two notes outline the contractual and constitutional
constraints on sys admin (and University) authority. They explain that
universities are under a contractual obligation to treat students
fairly. Every administrator and student should read these notes.
- Carl]
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Thu, 15 Aug 1991 14:42 EDT
From: Sanjay Kapur
Message-Id: <96C3B1454C00965B@ccmail.sunysb.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
>
>SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) writes:
>
>>At Stony Brook, technically, clubs have to get formal approval to use a class
>>room. The request is denied at times even when the room is free.
>
>>There is a long form with lots of required information that has to be
>>completed before the request is even considered.
>
>>The form has to be completed even to use an empty room in the Student Union.
>
>>Scheduling conflicts are not the only reason requests are denied.
>
>
>What are the other reasons?
>
>
>Here is what the "Joint Statement on Rights and Freedoms of Students" says:
>
> "2. Students should be allowed to invite and to hear any person of
>their own choosing. Those routine procedures required by an
>institution before a guest speaker is invited to appear on campus
>should be designed only to insure that there is orderly scheduling of
>facilities and adequate preparation for the event, and that the
>occasion is conducted in a manner appropriate to an academic
>community. The institutional control of campus facilities should not
>be used as a device of censorship."
>
>- Carl
>
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
>I do not represent EFF; this is just me.
The reason(s) cited for refusal are derived from the big loophole in the
above statement:
The facilities administrator believes that the "occasion will not be conducted
in a manner appropriate to an academic community"
These policies were put in place after "incidents" happened. Just as with
computing policies.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 15 Aug 1991 19:35:52 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug15.193552.26018@eff.org>
References: <1991Aug15.174837.23862@eff.org>
Subject: Re: CAF-News Abstracts
I've corrected several factual errors in "eff.org:academic/abstracts".
I apologize for the mistakes.
Here is a diff of the old version compared to the new version.
The old is marked with ">". The new is marked with "<".
- Carl
------------------------
22c22
< statements should be applied to computers. Netnews censorship at
---
> statements should be applied to computers. Netnews censorship and
24c24
< censor and the censored of Purdue).
---
> censor and the censored).
32,35c32,35
< In this issue, a system administrator from Purdue tell why he censored
< outgoing newsgroup messages. The necessity of the censorship at Case
< Western and Purdue censorship is discussed (with comments by people
< close to the incidents.)
---
> In this issue, system administrators from Case Western and Purdue tell
> why they censored outgoing newsgroup messages. The necessity of their
> censorship is discussed (with comments by some of the people who were
> censored.)
207,212c207,212
< industry and a report from the University of Kentucky on the pressures
< faced by sys admins (caused in part by users). The next note shows
< what can happen when users are denied due process; they may take
< matters into their own hands causing much more serious problems. A
< note by William Murray attributes most user/sys admin conflict to
< honest differences in how each perceive computer systems.
---
> industry and a report of sys admin abuse at the University of
> Kentucky. The next note shows what can happen when users are denied
> due process; they may take matters into their own hands causing much
> more serious problems. A note by William Murray attributes most
> user/sys admin conflict to honest differences in how each perceive
> computer systems.
228d227
<
229a229,237
> First an apology. In the previous issue (cafn01v15), Wes Morgan
> described the pressures sys admins face caused in part by users. In my
> opening remarks, I said that the article was about "sysadmin abuse"
> [by users]. That was hyperbole. I can say categorically, that I have
> no reason to believe that Mr. Morgan has ever been abused (in any
> literal sense) by his users. (In fact, I think he is well liked and
> respected by the users of his machines.) I apologize for any grief my
> poorly chosen phrase caused.
>
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Thu, 15 Aug 1991 20:06:28 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug15.200628.27084@eff.org>
Subject: "Censorship and Selection"
If you are interested in how librarians select select books and
magazines (and newsgroups?) and how they fight censorship attempts,
I recommend the books:
Censorship and Selection: Issues and Answers for Schools
Before and After the Censor: a Resource Manual on Intellectual Freedom
Intellectual Freedom Manual
(full references at the end of this note)
The books explain the policies of the American Library Association
with respect to selection, diversity of material, labeling, access
for minors, etc.
Here are two highlights from the books:
1) All books include step-by-step instructions for the librarian on
how to handle censorship attempts. These include sample response
letters and tips on how to deal with the press.
2) The books say that no challendged item should be removed on the
say-so on one person. [This quote is from "Selection and Censorship"
and concerns challeges to library materials at grade and highschools]
"No duly selected materials whose appropriateness is challenged
shall be removed from the school except upon the recommendation of a
review committe (as provided for below) with the concurrence of the
Superintendend or, upon the Superintendent's recommendation, the
concurrence of the Board of Eduation, or upon formal action of the
Board of Education when a recommendation of a review committee is
appealed to it."
- Carl
References
------------
Reichman, Henry, 1947-
Censorship and selection : issues and answers for schools / by
Henry Reichman. Chicago, Ill. : American Library Association ;
Arlington, Va. : American Association of School Administrators, c1988.
ix, 141 p. ; 23 cm.
Bibliography: p. 129-132.
ISBN 0838933505 (pbk. : alk. paper) : $$12.95
ISBN 0876521294 (American Association of School Administrators :
pbk. : alk. paper) : $$12.95
1. Children's literature--Censorship. 2. School libraries--
Censorship--United States. 3. Censorship--United States. 4.
Education--Curricula--Censorship. 5. School libraries--Book selection
6. Teaching, Freedom of--United States. I. Title.
ocm18-068958
----
Before and after the censor : a resource manual on intellectual
freedom. :Michigan: : Michigan Association for Media in Education and
Michigan Library Association, Intellectual Freedom Committees, 1987.
160 p. : forms ; 28 cm.
Bibliography: p. 149-153.
1. Libraries--Censorship--Handbooks, manuals, etc. 2.
Censorship--Handbooks, manuals, etc. 3. Freedom of information--
Handbooks, manuals, etc. I. Michigan Association for Media in
Education. Intellectual Freedom Committee. II. Michigan Library
Association. Intellectual Freedom Committee.
ocm17-358690
----
Intellectual freedom manual / compiled by the Office for
Intellectual Freedom of the American Library Association. 3rd ed.
Chicago : The Association, c1988.
p. cm.
Bibliography: p.
ISBN 0838933688 (alk. paper)
1. Libraries--Censorship--Handbooks, manuals, etc. 2. Freedom
of information--Handbooks, manuals, etc. 3. Censorship--Handbooks,
manuals, etc. I. American Library Association. Office for Intellectual
Freedom.
ocm18-683362
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: 15 Aug 91 21:21:41 GMT
From: morgan@ms.uky.edu (Wes Morgan)
Message-Id: <1991Aug15.212141.11573@ms.uky.edu>
References: <1991Aug14.145236.23462@eff.org>, <1991Aug15.004054.2852@zorch.SF-Bay.ORG>, <1991Aug15.152232.20198@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
kadie@eff.org (Carl M. Kadie) writes:
>xanthian@zorch.SF-Bay.ORG (Kent Paul Dolan) writes:
>
>>> ALTERN) There is an alternative computer on which extracurricular
>>> activities are allowed.
>
>>This one's the kicker -- I see nowhere supported by
>>_anything_ a "right" to use someone else's computer
>>resources for any purpose whatever.
>
>Would you also then say that students have no right to use a classroom
>for, say, a club meeting? Assume that the classroom is not otherwise
>being used (NOT LOADED) and that no alternative space, such as a
>student union, exists (NOT ALTERN).
Would you say that I have to provide a system on which my users can
write games, since we don't allow games on our common systems?
They have the *privilege* of using it, just as they have the *privilege*
of attending the university in the first place. If a student is in the
UK College of Engineering, he enjoys the *privilege* of access to my
systems; his counterparts in, say, Architecture, do not enjoy that
*privilege*. It is not, nor will it ever be, a right; access to com-
puter systems is not listed in UK's "Student Rights and Responsibilities".
Attendance at a university is a contracted service, not a right. Under
that contract, one may have certain *privileges*.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
-------------------
Date: 15 Aug 91 21:27:57 GMT
From: morgan@ms.uky.edu (Wes Morgan)
Message-Id: <1991Aug15.212757.12545@ms.uky.edu>
References: <9108142230.AA01352@eff.org>
Subject: Re: System Maintenance/Security requirements
LIBRK329@ksuvxa.kent.edu (Diane Kovacs) writes:
>As an undergraduate I lost a computer account because I allowed my husband to
>use it and he was caught by the computer lab monitor....when I objected that
>it was all family anyway...and that husband had his own account and was
>working on both at the same time......I was told to leave.
Why did he need to work on both accounts? Didn't you know how to move files
between your accounts?
Your account was issued to you, not to "you and anyone else to whom you
care to give it". Many sites run accounting and billing on a per-user
basis; sharing your password could very well skew the billing.
>I later applied
>for the another account and received it with no problem.
That is nice to hear; mistakes shouldn't be punished forever. 8)
>I think policies like that are absolutely absurd. I share my password with
>friends now so they can ftp and retrieve files from my accounts.
And they share it with their friends, who write it down somewhere and lose
it, et cetera, et cetera....
There's an old rule that applies here:
For every X people who are SUPPOSED to know a given password,
X^2 people ACTUALLY know it.
If the operating system on your machine will allow users to copy each
other's files, there is no need whatsoever for anyone else to know your
password.
>I'm not
>planning on stopping....but I do change the password at least once per
>month to prevent any stranger who happens on to it from exploiting my accounts.
That, at least, is reassuring.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
-------------------
Date: Thu, 15 Aug 1991 21:08:41 GMT
From: morgan@ms.uky.edu (Wes Morgan)
Message-Id: <1991Aug15.210841.9294@ms.uky.edu>
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
kadie@eff.org (Carl M. Kadie) writes:
>
>FORCLASS) The computer was acquired and is maintained for particular classes
>
Well, this one can be somewhat ambiguous. For instance, *all* students in
the College of Engineering receive accounts on the systems which I admini-
ster, whether or not they are taking Engineering classes. In fact, most
Engineering students only take one or two Engineering classes during their
first two years; they're too busy filling all the prerequisites. We pro-
vide them with accounts for the purpose of Unix familiarization and elec-
tronic mail. The upperclassmen, however, *are* taking Engineering classes,
and they are using the system for their work. How do we classify this
system?
>ALTERN) There is an alternative computer on which extracurricular
> activities are allowed.
What if the "alternative computer" is not free? If class accounts are
free, but "personal" accounts cost the student real money, are they
equivalent?
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
My general policy is simple. I don't monitor user's mail, but I do
an "ls -l" of /usr/mail regularly. Any grossly huge (>250000) mail-
boxes will receive a note from me explaining how to save mail messages
to their personal disk space. I'll send three of these notes before I
do anything else. If the user chooses to ignore my notes, I'll move his
entire mailbox into his diskspace, where it counts against his quota. That
usually gets the point across.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
-------------------
Date: Thu, 15 Aug 91 18:31 EDT
From: Diane Kovacs
Message-Id: <9108152234.AA00248@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
Can we think about the issues of privacy in terms of faculty instead of
students? I think many of the comments here have concerned the undergraduates
_privilege_ to use computers...but what about the account that a researcher
is paying for through grants? It is distinctly different...as is the
account that a faculty member receives as part of their departmental allocation.
We are 'paying' for our access. We should be able to store data/information
in our accounts without fear. We should be able to correspond with whomever
we desire on the networks without fear of our conversations being monitored.
If someone suspects us of illegal activity (say selling secrets to Iraq 8).
They should have to get a *warrant* to inspect our space. I live in an
apartment...I pay for my space...this does not mean that the landlord can
just walk in on me whenever he feels like it (though I fully expect him
to walk in in emergency or ask me for permission to inspect or show the
place...by then I've had time to clean up).
At my site I am confident that my privacy is respected...unless there is an
emergency.
Also re: telephone lines.. as I here it they have to get a
warrant to check to see if you are running a business...maintenance is
different but they don't have to 'listen' to check lines...they have a
little analyzer thingy that can detect line noise and stuff that they plug in.
Read _Cuckoos Egg_ if you want a description of how hard it is to get the phone
company to violate confidentiality.
*****************************************************************
Diane K. Kovacs - Moderator GovDoc-L
Kent State University Libraries
Kent, Ohio 44242
Phone: (216)672-3045
Bitnet: DKOVACS@kentvm or LIBRK329@kentvms
Internet: DKOVACS@kentvm.kent.edu or LIBRK329@ksuvxa.kent.edu
The opinions I express are mine and no one elses.
*****************************************************************
-------------------
Date: Thu, 15 Aug 1991 22:36:55 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug15.223655.366@eff.org>
References: <1991Aug14.145236.23462@eff.org>, <1991Aug15.210841.9294@ms.uky.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
morgan@ms.uky.edu (Wes Morgan) writes:
[...]
>What if the "alternative computer" is not free? If class accounts are
>free, but "personal" accounts cost the student real money, are they
>equivalent?
[...]
I think its OK to charge real money for the alternative computer. The
U. of Illinois code adds a phrase to the line in the Joint Statement:
"Those routine procecures required by an institution before a guest
speaker is invited to appear on campus should be designed only to
ensure that there is .... adequate financial underwriting for cost of
services to be provided by the University, ...."
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
From comp-academic-freedom-talk-request@eff.org Sat Aug 17 16:36:33 1991
Received: from c.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA27678; Sat, 17 Aug 91 16:36:28 -0500
Received: from eff.org by c.cs.uiuc.edu with SMTP id AA08649
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Sat, 17 Aug 91 16:35:51 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA16251; Thu, 15 Aug 91 07:50:37 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA16246; Thu, 15 Aug 91 07:50:30 -0400
Date: Thu, 15 Aug 91 07:50:30 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108151150.AA16246@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Aug 15 07:47:49 EDT 1991
In this issue:
zane@ddsw1.MCS.COM : Mail Your Congressperson Through the Net
kadie@eff.org (Car : Free Forum vs. Class-Work Only machines
warnold@eff.org (W : Re: Free Forum vs. Class-Work Only machines
dysart@magnus.acs. : Re: Free Forum vs. Class-Work Only machines
kadie@eff.org (Car : Re: Free Forum vs. Class-Work Only machines
Sanjay Kapur
Subject: Mail Your Congressperson Through the Net
Mail Your Congressperson Through the Net
I realized that congresspeople should be on the net so
that they are closer to their constituency. Of course, I
mailed my congressperson asking him to look into it. Of
course, he didn't.
Therefore, I thought that people on the net should
still be able to mail their congressperson through the net.
I got the idea from the Cleveland Free-Net's Mail Your
Congressperson thing. (I am not sure of the exact name.) I
was excited by the name and looked into it. Unfortunately,
all it does is give you the address of a congressperson. It
is a good service, but not worthy of the name.
So I got this idea. Mail me at zane@ddsw1.MCS.COM
with the subject "MAIL CONGRESS." (If you don't have that
subject it will be harder for me.) In the letter you should
tell me the name, house (Senate or HoR), and state that you
want to write to. Due to a slight problem in my list, I have only
the initial of the last name and the first name for many of the names.
(The last name has been blurred.) Therefore, I would need
the first name of the person too.
The rest of the letter should be the letter you want
sent to the congressperson. This should be completely
formatted, except for page breaks. I will place the headers
on the letter. (That which states your name, address, date,
and the congressperson's name and address.) I don't have a
laser printer, so it will be printed at only 160 X 72 dpi.
(If someone is willing to give me a laser printer, or even
an inkjet printer, I would gladly accept. :-)
After your signature (if the mail you send me contains
a usenet sig, I will delete that.) I will append a small
note saying:
---
The Mail Your Congressperson Through the Net Project
Call (708)-362-9659 and ask for Sameer Parekh,
or mail zane@ddsw1.MCS.COM for more information.
Hopefully, many letters to congresspeople will invoke
their curiosity.
I am a student with a student's money, so I can not
send these letters for free. I am asking that if you send
five or more letters, to send me check for 35 cents per
letter. (Or, if mail rates rise, 6 cents over the price of 1
stamp.) I realize that it would be a waste to mail money of
amount close to the price of the letter, which is why I am
asking that you only send the check after you have requested
5 letters.
Please send the check to:
Sameer Parekh
Libertyville High School
708 W. Park Ave.
Libertyville, IL 60048
Thanks.
--
The Ravings of the Insane Maniac Sameer Parekh -- zane@ddsw1.MCS.COM
More used address: zane@infopls.mcs.com
kill all overthrow government kill kill bomb bomb hi NSA
-------------------
Date: Wed, 14 Aug 1991 14:52:36 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.145236.23462@eff.org>
Subject: Free Forum vs. Class-Work Only machines
On July 31 in message <1489@cameron.egr.duke.edu>,
jpe@egr.duke.edu (John P. Eisenmenger) writes:
[...]
>My machines are there to support the educational process. A student saving
>megabytes of data, or using 90% of available CPU time for some cause s/he
>supports could interfere with the other students getting their homework
>assignments done. Our priorities have to lie with the students trying to
>do their classwork.
[...]
I'm interested in distinguishing computers on which users are allowed
free expression and those in which all extracurricular activity is
legitimately prohibited.
In many (maybe most cases) the whole issue can be finessed with
quotas, adequate CPU and disk space, etc. But let's consider
a scenario where the issue comes to a head:
LOADED) CPU time and disk space is very tight.
The computer (and its terminals & modems) are
needed for class work all the time
FORCLASS) The computer was acquired and is maintained for particular classes
CONSISTENT) The prohibition is applied consistently (even the operators are
prohibited from sending and receiving email not related to their
duties.)
FAIR) Enforcement of the policy never violates user privacy. (For
example, there are no searches of disk space without the same
authorization that would be need to search assigned office space.)
Punishment for violations are similar to the punishment an
instructor can give out (informal warnings, formal reprimands,
formal suspensions for a few days, etc). All formal punishments
are reported to the University; the student can ask for
a hearing and can appeal.
ALTERN) There is an alternative computer on which extracurricular
activities are allowed.
Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
ALTERN) I think that extracurricular activities (such as reading this
mailing list) can be prohibited without violating the academic freedom
of the system users.
Moreover, (for the sake of discussion) I claim that each condition is
necessary and that together they are sufficient. I would be interested
in arguments that challenge (or support) this claim.
Also, how do real class-work-only machines stack up against
these criteria?
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Wed, 14 Aug 1991 16:13:52 GMT
From: warnold@eff.org (William W. Arnold)
Message-Id: <1991Aug14.161352.24646@eff.org>
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.145236.23462@eff.org> kadie@eff.org (Carl M. Kadie) writes:
[definitions deleted, see kadie's post]
>
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
>
>Moreover, (for the sake of discussion) I claim that each condition is
>necessary and that together they are sufficient. I would be interested
>in arguments that challenge (or support) this claim.
>
I would like to disagree, the correct condition would be
(CONSISTENT & FAIR & (LOADED or FORCLASS or ALTERN))
I must also stress the definition of FORCLASS, It must be for a
particular class or group of classes. the statement "In support of all
classes" is not sufficient.
Possibly we should replace FORCLASS with FORPURPOSE, ie the machine is
there for some specific purpose, be it class work, or research, or some
other valid academic activity.
And of course, the definition of extracurricular activities changes
depending on who is doing what. To use your example, this mailing list
would be a valid use of computer facilities, If you are writing a
report on "The history, present, and future of academic freedom in our
public universities."
>Also, how do real class-work-only machines stack up against
>these criteria?
The problem on most of them is that the rules are either !CONSISTENT or
!FAIR or not either.
>
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
>I do not represent EFF; this is just me.
--
| William W. Arnold | warnold@eff.org | has8wwa@cabell.vcu.edu |
| Co-moderator: Computers and Academic Freedom Mailing list |
| I speak for myself, not {him, her, it}. |
-------------------
Date: Wed, 14 Aug 1991 16:53:50 GMT
From: dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart)
Message-Id: <1991Aug14.165350.16513@magnus.acs.ohio-state.edu>
References: <1991Aug14.145236.23462@eff.org>
Subject: Re: Free Forum vs. Class-Work Only machines
In article <1991Aug14.145236.23462@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>
>Under these conditions (LOADED & FORCLASS & CONSISTENT & FAIR &
>ALTERN) I think that extracurricular activities (such as reading this
>mailing list) can be prohibited without violating the academic freedom
>of the system users.
>
>Moreover, (for the sake of discussion) I claim that each condition is
>necessary and that together they are sufficient. I would be interested
>in arguments that challenge (or support) this claim.
>
As for me (personally, *not* representing my employer The Ohio State
University), I think the only required conditions are:
1. System(s) is(are) expressly provided to support whatever
project or projects are specified, be these class use,
research use, administrative use, or whatever.
and
2. Fairness is maintained and misuse governed by appropriate
University-wide guidelines.
Now, isn't misuse of a computer that exists for instructional purposes
the same logical thing as performing unauthorized experiments in the
undergraduate general chemistry laboratory? In the latter case, nobody
would yell too loudly if the student were thrown out of the lab and
were therefore unable to complete his assignments and thus failed the class.
--
Mitch Dysart
dysart@magnus.acs.ohio-state.edu
-------------------
Date: Wed, 14 Aug 1991 18:22:41 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.182241.26728@eff.org>
References: <1991Aug14.145236.23462@eff.org>, <1991Aug14.165350.16513@magnus.acs.ohio-state.edu>
Subject: Re: Free Forum vs. Class-Work Only machines
dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart) writes:
[...]
>As for me (personally, *not* representing my employer The Ohio State
>University), I think the only required conditions are:
>1. System(s) is(are) expressly provided to support whatever
> project or projects are specified, be these class use,
> research use, administrative use, or whatever.
>and
>2. Fairness is maintained and misuse governed by appropriate
> University-wide guidelines.
>Now, isn't misuse of a computer that exists for instructional purposes
>the same logical thing as performing unauthorized experiments in the
>undergraduate general chemistry laboratory? In the latter case, nobody
>would yell too loudly if the student were thrown out of the lab and
>were therefore unable to complete his assignments and thus failed the class.
[...]
So the question is, "are CONSISTENCY & FAIRNESS & FORPURPOSE
sufficient conditions?" [As Billy Arnold suggested, I'm replacing
FORCLASS with FORPURPOSE. Also, we can assume that resources are
abundant (NOT LOADED) and that no alternative exists (NOT ALTERN).]
I think these conditions would be sufficient to prohibit unauthorized
chemistry experiments; I do not, however, think that they are
sufficient to prohibit free expression.
The difference between free chemistry and free expression is that
free expression is central to academic freedom.
To quote from the first paragraph Joint Statement on Rights and
Freedoms of Students:
"Academic institutions exist for the transmission of knowledge, the
pursuit of truth, the development of students, and the general
well-being of society. Free inquiry and free expression are
indispensable to the attainment of these goals its members of the
academic community, students should be encouraged to develop the
capacity for critical judgment and to engage in a sustained and
independent search for truth."
Needless do say that free chemistry gets no such endorsement. Likewise,
free expression (but not free chemistry) is explicitly protected
by the First Amendment (at least at public universities) and in the
student code of most universities).
The closest analogy to the use of computers for extracurricular
expression is the use of classrooms for extracurricular expression.
To quote from the Student Code of the University of Illinois (my school):
"III. Campus Expression
A. Discussion and expression of all views is permitted within the
University subject only to requirements for the maintenance of order.
Support of any cause by orderly means which are not in violation of
law and which do not disrupt the operation of the University nor
interfere with the rights of others is permitted.
B. Members and organizations in the University community may invite
and hear any persons of their own choosing, subject only to reasonable
requirements on time, place, and manner for use of University facilities."
Also
"The University's control of campus facilities should not be used as
a device of censorship."
If the computer is not loaded, then extracurricular expression will
not disrupt the operation of the University. If there is no
alternative machine, then reasonable requirements on the time, place,
and manner of computer expression can't completely exclude use of that
machine.
The bottom line is this: The default mode for universities is (should
be?) to allow, protect, and promote free expression. This default
can only be overwritten for a good cause (like lack of resources and/or
availability of an alternative). It can not (should not) be
overwritten by mere administrative say-so.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Wed, 14 Aug 1991 14:49 EDT
From: Sanjay Kapur
Message-Id:
Subject: Re: Free Forum vs. Class-Work Only machines
>The difference between free chemistry and free expression is that
>free expression is central to academic freedom.
>
A chemist would disagree.
-------------------
Date: Wed, 14 Aug 1991 21:25:24 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug14.212524.241@eff.org>
Subject: System Maintenance/Security requirements
[Submitted to alt.comp.acad-freedom.talk by David Covin.
I've reformatted the paragraphs. - Carl]
-------------------
Date: Wed, 14 Aug 1991 21:46:49 GMT
From: covin@tartarus.uchicago.edu (David Covin)
Message-Id:
Subject: System Maintenance/Security requirements
A few questions, for the benefit of those of us (am I the only one?)
who do *not* have any experience as a system administrator, only as a
user:
1) Why should students not be permitted to give out their
passwords to others?
-- I know of at least one student (at another
university) whose account has been suspended indefinitely because a
friend of hers deduced her password (and, I presume, used it at least
once, to log in remotely). From bits and pieces of anecdotes I've
heard elsewhere, such a rule seems fairly common.
-- My obviously limited analysis of the situation shows
only the following reasons which might be behind such a policy:
Concern that nonstudent hackers will grunge up the system.
Desire not to give university computing resources free to non-
University-affiliated people.
The second of these seems a reasonable policy
concern, but an unlikely motivation. I.e., it is certainly the right
of the university to restrict use of its facilities to its own
students, faculty, etc; but I would be surprised to see a sufficent
combination of official concern (it's never seemed to me that anyone
would care much if a friend came to visit and logged into my account
for an hour or two) and frequent abuse (anyone able to log into an
account from across the country, probably has computer facilities
available at the other site as well, and is just doing it for fun...
How much value in computer services do people think is "lost" to
unauthorized users, in a typical year at a typical University,
anyway?) to warrant such a seemingly draconian policy. But then, I
may be ignorant; hence, I ask. :-)
The first, on the other hand, seems a likely
motivation but an unreasonable concern. Why would a system that is
safe from student hackers on student accounts be particularly
vulnerable to nonstudent hackers on student accounts? Particularly if
you hold the student responsible for anything nasty done by access
that student gave to someone else.
2) Why, specifically, would it be necessary for system
maintenance to read a user's files without his or her prior
permission?
3) Why do users concerned with having their private files read
by system administrators without their permission, not simply encrypt
the files they do not wish read? (Ok, this isn't a sysadmin question
:-) )
--
David Covin covin@despair.uchicago.edu
-------------------
Date: Wed, 14 Aug 91 18:27 EDT
From: Diane Kovacs
Message-Id: <9108142230.AA01352@eff.org>
Subject: RE: System Maintenance/Security requirements
Status: O
As an undergraduate I lost a computer account because I allowed my husband to
use it and he was caught by the computer lab monitor....when I objected that
it was all family anyway...and that husband had his own account and was
working on both at the same time......I was told to leave. I later applied
for the another account and received it with no problem.
I think policies like that are absolutely absurd. I share my password with
friends now so they can ftp and retrieve files from my accounts. I'm not
planning on stopping....but I do change the password at least once per
month to prevent any stranger who happens on to it from exploiting my accounts.
Diane
-------------------
Date: 14 Aug 91 23:38:22 GMT
From: fwp1@Jester.CC.MsState.Edu (Frank Peters)
Message-Id: <1450@ra.MsState.Edu>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In article <1991Aug14.212524.241@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>[Submitted to alt.comp.acad-freedom.talk by David Covin.
> I've reformatted the paragraphs. - Carl]
>
> 1) Why should students not be permitted to give out their
>passwords to others?
There are basically three reasonable reasons I have heard for such
a policy.
a) Even on systems that use some sort of quota system to allocate
resources the total of all user allocations exceeds the available
resources. For example, the disk sum of user disk quotas typically
exceeds the total available disk space. This is done on the assumption
that the average user won't use his/her full quota. The purpose
served is usually to curb extreme hogs rather than to attempt to
reflect the average user.
Of course, sites that don't run any quotas still make budget
decisions and the like based upon some concept of an average
user.
When a user shares her userid with a friend (either locally or
at another institution) she is essentially destroying the
validity of this estimate. Now, even though I have X users
in my password file I have X + Y actual users where Y is the
number of shared userids. Those Y userids typically have
more files and more CPU utilization than would an average
userid.
b) As suggested by Mr. Covin, university computing resources are
purchased for the use of people associated with the university.
c) This one is almost political rather than technical or even practical.
The issue is allocation of blame for abuse (whether excessive resource
use or security violation attempts). A frequent problem with shared
userids is that the user attempts to use this as an excuse to
shirk responsibility for the abuse. After all, he did nothing wrong
(assuming he didn't himself perpetrate the abuse). He shared his
userid with a friend, which isn't against the rules, and his friend
is the one who caused the problem. And that friend is typically
out of reach of administrative discipline.
Making it explicitly against policy to share passwords neatly nips
this sort of squirming in the bud.
A fourth, less reasonable motive involves trying to determine
when a userid has been compromised. If, through whatever means,
I determine that another person is using your userid how do I
decide whether that person has permission or not. If sharing
passwords is a violation then I can probably safely act on the
assumption that the use is unauthorized (after all, nobody
breaks the rules right :-). If sharing passwords isn't against
policy then I must pretty much let that user continue until I
can get in touch with the owner of the userid.
> 2) Why, specifically, would it be necessary for system
>maintenance to read a user's files without his or her prior
>permission?
In the day to day course of running a system I can't think of a
reason. The need to search a users files should be limited to
extreme cases (like searching a home in the real world).
It does, however, make the job of system administration a lot
easier. An administrator can determine why a specific user's
disk use suddenly went through the roof or find a copy of that
important letter that the boss needs while the user is out of
town. If the owner of the system wants it run on that basis
and users of the system are aware of the policy in advance I
don't see the harm.
> 3) Why do users concerned with having their private files read
>by system administrators without their permission, not simply encrypt
>the files they do not wish read? (Ok, this isn't a sysadmin question
Convenience.
Frank Peters
Mississippi State University
Computing Center
-------------------
Date: Wed, 14 Aug 91 20:54:18 EDT
From: Ami Ganguli
Message-Id: <9108150054.AA05174@trantor.irus.rri.uwo.ca>
Subject: Re: System Maintenance/Security requirements
>> 2) Why, specifically, would it be necessary for system
>>maintenance to read a user's files without his or her prior
>>permission?
>
>In the day to day course of running a system I can't think of a
>reason. The need to search a users files should be limited to
>extreme cases (like searching a home in the real world).
>
>It does, however, make the job of system administration a lot
>easier. An administrator can determine why a specific user's
>disk use suddenly went through the roof or find a copy of that
>important letter that the boss needs while the user is out of
>town. If the owner of the system wants it run on that basis
>and users of the system are aware of the policy in advance I
>don't see the harm.
The user should also have the option of painlessly disallowing
unauthorized access. ie. On a UNIX system, require that the administrator not
be allowed to use superuser access to look at user accounts, so that users can
restrict access as they wish.
-------------------
Date: Wed, 14 Aug 1991 21:28 EDT
From: Sanjay Kapur
Message-Id: <063EBABC8C008141@ccmail.sunysb.edu>
Subject: Re: System Maintenance/Security requirements
> The user should also have the option of painlessly disallowing
>unauthorized access. ie. On a UNIX system, require that the administrator not
>be allowed to use superuser access to look at user accounts, so that users can
>restrict access as they wish.
That should depend on the local policy.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Wed, 14 Aug 1991 21:36 EDT
From: Sanjay Kapur
Message-Id: <0763B5A2BC008141@ccmail.sunysb.edu>
Subject: Re: System Maintenance/Security requirements
>From: fwp1@Jester.CC.MsState.Edu (Frank Peters)
>
>A fourth, less reasonable motive involves trying to determine
>when a userid has been compromised. If, through whatever means,
>I determine that another person is using your userid how do I
>decide whether that person has permission or not. If sharing
>passwords is a violation then I can probably safely act on the
>assumption that the use is unauthorized (after all, nobody
>breaks the rules right :-). If sharing passwords isn't against
>policy then I must pretty much let that user continue until I
>can get in touch with the owner of the userid.
>
> Frank Peters
> Mississippi State University
> Computing Center
This is not in the least unreasonable. To take extreme examples:
1) Try to get into a secure military installation with some other person's id.
2) Try to get into a health club with some other person's id.
In both the above cases if a friend(2) or even a co-worker(1) gets in they
may be liable for civil, criminal and disciplinary action.
In the two examples cited above, neither the secure site nor the health club
will suffer monetary loss or any real loss of security. Still it is
prohibited.
Granted a University is different and to someone who has used an older
friend's id to get into a bar would think so also.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 15 Aug 91 03:36:50 GMT
From: pwh@bradley.bradley.edu (Pete Hartman)
Message-Id: <1991Aug15.033650.8313@bradley.bradley.edu>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In <1991Aug14.212524.241@eff.org> kadie@eff.ORG (Carl M. Kadie) writes:
> 1) Why should students not be permitted to give out their
>passwords to others?
Simple: Accountability. If some serious damage is linked to a given
account, and the user is allowed to plead "I didn't do it, it was one of
my friends who has my password", it would become an order of magnitude
more difficult to pin down problems.
> 3) Why do users concerned with having their private files read
>by system administrators without their permission, not simply encrypt
>the files they do not wish read? (Ok, this isn't a sysadmin question
>:-) )
Laziness?
-------------------
Date: Thu, 15 Aug 91 00:25:09 EDT
From: Ami Ganguli
Message-Id: <9108150425.AA17520@vega.irus.rri.uwo.ca>
Subject: Re: System Maintenance/Security requirements
>> The user should also have the option of painlessly disallowing
>>unauthorized access. ie. On a UNIX system, require that the administrator
>>not be allowed to use superuser access to look at user accounts, so that
>>users can restrict access as they wish.
>
>That should depend on the local policy.
Should it? What I meant originally was that the user should have some
way or restricting the administrator from routinely reading his or her files.
There should still be some mechanism for the adminstrator to get access to the
files, given proper justification.
The reason I maintain that there should always be some way of limiting
administrator access is that nobody has given any reason for an administrator
to snoop in user files against the user's wishes. The reason given by Frank
Peters is convenience ( ie. accessing a memo while the user away, or finding
out why the users disk usage went up without having to bother the user ), which
is fine _as_long_as_the_user_agrees_.
What we need to establish here is to what extent the administrator can
curtail the users' privacy merely by notifying the user beforehand that this
is the policy. ie. Would the phone company be justified in listening in on
personal calls ( perhaps to find out if a home phone is being illegally used
as a business phone ) if it gave notice before installing the phone that such
intrusions were 'policy'? Perhaps they would, but it would certainly make me
think twice before getting a phone.
... Ami.
-------------------
Date: 15 Aug 91 04:58:56 GMT
From: webber@csd.uwo.ca (Robert E. Webber)
Message-Id: <4228@julian.uwo.ca>
References: <1991Aug14.212524.241@eff.org>
Subject: Re: System Maintenance/Security requirements
In article <1991Aug14.212524.241@eff.org>
.[Submitted to alt.comp.acad-freedom.talk by David Covin.
. I've reformatted the paragraphs. - Carl]
