Computers and Academic Freedom (news version) June 30, 1991 Vol. 1, No. 14 Editor: Carl M. Kadie (kadie@eff.org) To contribute to the list, send email to "caf-talk@eff.org". Your note will appear immediately on the caf-talk mailing list and in the alt.comp.acad-freedom.talk newsgroup. Back issues and a report on the number of CAF readers is available via anonymous ftp from eff.org. See file academic/README. [I'm back from a great vacation. This is the CAF-news for the week ending June 30, 1991. The first three notes discuss student exploration; if a student breaks the system, does it matter if he or she did it accidently or maliciously? The last note discusses intellectual property agreements in which the University may claim some ownership in material you developed at the University. - Carl] In this issue: Sanjay Kapur 65 My rights end where yours begin. mojo!russotto 65 >(none) William Murray 116 Dean Gottehrer 54 >Intellectual Property Agreements The addresses for the list are: comp-academic-freedom-talk@eff.org - for contributions to the list or caf-talk@eff.org listserv@eff.org - for automated additions/deletions (send email with the line "help" for details.) caf-talk-request@eff.org - for administrivia Also, if you read newsgroups, look for alt.comp.acad-freedom.talk and alt.comp.acad-freedom.news. Date: Tue, 25 Jun 1991 20:19 EDT From: Sanjay Kapur Subject: My rights end where yours begin. Message-Id: X-Organization: State University of New York, Stony Brook X-Vms-Cc: SKAPUR >Reply-To : wreck@fmsrl7.UUCP (Ron Carter) >Subject : Re: User theft of service > >WHAT ABOUT the rights of other users to learn things which ARE NOT >part of the course? Are they to be intellectually crippled by >being shackled to doing only the assignments given, only the >problems the teaching staff puts on the homework, to learning only >what one person's imagination thinks to bring up in class? Are >the users who have the smarts and joy of learning to gain more >from the course than others, to be purged from the institution >of learning for the crime of trying to learn? > Important disclaimer: In the following discussion I am NOT considering mistakes made by a user in the process of learning new things (including non-coursework items) but deliberate pranks. You do not have a right to learn things which are not part of the course IF they interfere with someone else's right to learn. IF pulling a prank causes someone to miss a deadline or drop out of a course or makes the person too nervous to enter the computer lab again, the prankster has drastically interfered with the "victim's" right to learn. You may disagree but in my opinion the purpose of pranks is not to learn anything but to annoy and harass either a fellow user or the system administrator. Also, in my opinion pranks are pulled by frustrated users trying to show off their new found power to cause injury. >God, what an impovershed world it would be if you ran things. Denying someone learning is indeed impoverishing them. Allowing them to play pranks is impoverishing everyone else. Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu Systems Staff, Computing Services, |Bitnet: SKAPUR@USB State University of New York, |SPAN/HEPnet: 44132::SKAPUR Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046 Received: from USENET by eff with netnews for caft-mail@eff.org (comp-academic-freedom-talk@eff.org); contact usenet@eff if you have questions. Date: 19 Jun 91 15:28:17 GMT Message-Id: <1991Jun19.152817.11174@eng.umd.edu> Organization: College of Engineering, Maryversity of Uniland, College Park From: mojo!russotto@mimsy.umd.edu References: , <22910619005022.0003158580NB4EM@mcimail.com>in Subject: Re: (none) In article <22910619005022.0003158580NB4EM@mcimail.com> 0003158580@mcimail.COM (William Hugh Murray) writes: >Subject: Punishment > >>Resolved: Users should not be suspended or expelled from computer >>systems as punishment for computer-policy infractions. > >Well, perhaps. However, users are rarely suspended as punishment. Rather, >they are suspended to restore order. In many cases there is no alternative >way to restore order. If this were the policy, it might always be the only >way. Sieg Heil! >>Disciplinary action should respond to the indent (sic) of >>the student and the damage caused by the student, not outside pressures > >Absolutely not. Disciplinary action should be based upon the >behavior of the student. It should be based upon the behavior without >regard to intent or consequences. It should be based upon the degree of >variance from the policy. Behavior without regard to intent or consequences? So it was OK when a sysadmin suspended a users (not mine) account because he put X-things up on display 'vs06csc' when he meant to put them up on his display, 'vs06wor', due to a mistake? After all, intent does not matter. >otherwise outrageous student behavior? The objection to suspension is >precisely because it is effective. Suspension can be measured and >responsive to the extent of the disruptive behavior. The objection to suspension is because it is harsh summary punishment by someone who doesn't have to answer to the users. Effective? Maybe. Depends on how badly the student involved will escalate the situation. If he is a good student and slinks off with his tail between his legs, and changes departments or transfers to another university or does something to get out of the admin's hair, it is extemely effective. There are other options open to the student. >>Resolved: The punishment that a computer administrator can impose on a >>student should be not exceed (sic) that which an instructor can impose. > >Why do I have the feeling that this resolution is proposed by a student? >Why is the issue punishment? While I can visualize vindictive >administrators imposing punishment, the administrative remedies of which >students complain are mostly remedial, not punitive. It is true that >student's accounts are suspended, but the intent is not aimed at the >student. Rather, it is aimed at restoring and preserving order. WHOA! I thought you said INTENT didn't matter????????? >Administrators of commercial systems are not having this problem; it is >primarily a university problem. It results from student hubris and it >must be curbed. > >William Hugh Murray >Executive Consultant, Information System Security >to Deloitte & Touche >WMURRAY@MCIMAIL.COM Damn right. Gotta slap them students DOWN. We'll show them who the Gods are around here.. (you do realize that it is GODS who punish hubris...) -- Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu .sig under construction, like the rest of this campus. Date: Sat, 29 Jun 91 16:00 GMT From: William Hugh Murray <0003158580@mcimail.com> Subject: Message-Id: <85910629160058/0003158580NB2EM@mcimail.com> > "A toy shouldn't break just because a child plays with it." There is an underlying problem here that is contributing to the tension between student users and system administrators. While I am content to believe that innocent students have been victimized by system administrators suffering from megalomania, I do not believe that the few documented cases of megalomania can be the cause of all this furor. Instead, I suggest that the tension results from expected differences in perception of the situation. The student knows that systems are robust. "Pac-Man" never broke. "King's Quest" never broke. You could push as hard as you wanted to; it never broke. You could not get out of the "land." It did not break. Yet. Push! Problems are related to hardware and software, not users. The rules of the game are implicit in the game. If you can do it, it is legitimate. The way you "win the game" is to explore the land to its outermost boundaries. The system administrator knows that systems are fragile. Most have come about by elaboration of earlier systems. They were not designed of a piece. Even when we do a major upgrade, we often include function from earlier systems, usually as an accomodation to users. This functionality often includes gratuitous generality and flexibility. The systems have often been extended to support user populations which are much larger and less orderly than the ones for which the systems were conceived. The result is systems which are not as robust as might be indicated or expected for their current use and user populations. The system administrator knows this. Each also knows different things about the consequences. The system administrator knows that there are hundreds of users out there waiting for the prompt. If they do not see it, they are at least anxious, many are panicky, and some are justified. Unless you contain the damage early, you may never completely recover. You may not recover without disruption. The student believes that "Ctrl-Alt-Del" will fix most anything. The consequences, whatever they may be, are limited. While intellectually he may understand differently, deep down inside, where he knows how to feel hungry and grow fingernails, he knows that they are limited. Much of what the student "knows" he learned in single user systems. He does not appreciate multi-user systems. All system intrusions and many accidents are preceeded by anomalous behavior. There are warnings. As a security consultant, I participate in many "post-mortems." It is rare to see a system failure caused by user behavior in which there were no warnings. System administrators know this from experience. They have learned that the "way to win the game" is to be on the alert for such behavior and nip it in the bud. The student insists "judge me by my motive," not by my behavior alone. Of course, his motive is usually benign; perhaps a little mischievous, but never malicious. Most often he was "merely exploring" or seriously "experimenting." He believes that in the academic community, these motives sanction anything. (In reality, academic experimentation involves controls to which this behavior does not pretend.) But no matter, whatever else he intended, he did not intend to break the system. The administrator says "I cannot know your motive in advance unless you tell me about. If it is innocent, tell me; if it were innocent, you would have told me. At best, I can only know about your motive in hindsight. Your motive is not relevant; the system is fragile and you can break it without intent. It is not your sandbox; there are other interests to be protected. I must react on a timely basis to the behavior that I see. Others will have to deal with motive after the fact. And here is the nub of the tension. The administrator and the student are looking at the same behavior but from very different perspectives. Each projects onto the other things that the other cannot know about. The student expects the administrator to appreciate and be tolerant of his motive. The administrator expects the student to appreciate the vulnerability of the system, the extent of the consequences of breakage, and the reponsibility of the administrator to the majority user population. The student expects the administrator to act as good parent, with tolerance, restraint and deliberation. The administrator feels pressure to act immediately to contain the behavior before it gets out of control. Some of you may recognize this dilemma as similar to a basic one between children and parents. The student knows the source of the behavior and intends to do no harm. The administrator does not know the source or the intent, but has learned to expect the worst. The student sees the system as a toy; his toy. He believes it to be robust, but even the strongest toys break. No big deal; he was only playing. He did not intend to break it. There are always more toys. What is all the excitement about? That guy must be out to get him. It must be personal. What other explaination can there be? The administrator sees the system as a piece of the infrastructure, as capital equipment. He has tried to make it sufficiently robust to withstand normal use, but he knows its complexity makes that a risky effort at best. He knows that it is no one's toy and that playing with it puts it at unneccessary risk. (Even the best toys will break if hit with a big enough hammer.) He knows that it can be broken without intent. He knows that the consequences of breakage are grave, perhaps or partially irremedial, and not related to the motive of the breaker. Its not personal. He is only doing his job. Each sees his view as eminently reasonable; almost everyone that he knows holds the same view. Indeed, each is likely to conclude that, as even-handed as I have tried to be, I really agree with him. I do not argue for either of these views, but simply that they are the origins of the tension. It may be that this tension is so intrinsic to the situation that it cannot be alleviated; I do not believe so. Rather I believe that the problem can be dealt with by the kind of prior understanding and agreement that I have earlier proposed here. William Hugh Murray Message-Id: <9106291747.AA21148@eff.org> From: "Dean Gottehrer" Subject: Re: Intellectual Property Agreements Intellectual property (as generally referred to by universities) comes in two varieties--copyright and patents. Most universities that I know about provide that copyright ownership remain in the hands of the person who created the material. I am aware of several instances where the work made for hire provision of the copyright law has been used to insist that the copyright be in the hands of the university. (A work made for hire is one that is created when someone hires someone else to create a work. A good example is a reporter writing for a magazine or newspaper. The employer hires the reporter to create these works, provides the resources to create them and under the work made for hire provision of the copyright law owns the copyright in the work. Works made for hire, however, have to be done under a contract that says the work is made for hire.) I don't know of any university that says a faculty member's lecture notes are university intellectual property. The faculty member created the notes and there is a long tradition that faculty own their lecture notes and even I believe a few court cases on the subject. But a university that hires a faculty member specifically to produce, say, a televised class in which the university contributes production costs and staff to help produce the series has a good argument that the programs are works made for hire. The way to ensure a faculty member's rights in this kind of situation is to make sure that a contract exists specifying who owns what, who has the right to show the program and where any revenues from the program go. If you are being hired to do something where revenues are being divvied up, be sure to consult a lawyer knowledgeable about copyright law. I suspect, but have never done a survey, that most universities are insisting these days on owning the patent rights to any inventions developed in their labs. While lecture notes are an intellectual invention that can be done anywhere, research that results in a new invention that is done in a lab provided by the university often can not be accomplished elsewhere. The university's argument is tantamount to saying that it provided material resources that made the invention possible and it should own the patent on the invention. It is perhaps not mere coincidence that in the overwhelming majority of cases patents are worth more than copyrights and that money has determined policy. In any event, for those of you contemplating making millions from your research, these policies can be opened to negotiation. Any university that says it is not willing to negotiate over such a policy is simply letting you look to another that is willing. The fact is, however, that most faculty will not write books like Rambo or Samuelson's economics text that bring in big bucks nor will they devise some new gene that will cure AIDS or cancer. Unless you think your intellectual property is capable of earning you additional money, I wouldn't worry about the agreement. But if you have any concerns, you ought to consult your local version of the AAUP or AFT or a lawyer before you sign away your rights to something that could be worth a lot of money. Dean Gottehrer Anchorage, Alaska I am not an attorney and therefore cannot give legal advice. If you seek legal advice, talk to an attorney.