Computers and Academic Freedom (news version) September 1991 Vol. 1, No. 30 [Best of the month of September, 1991 The first and second notes are a critique of the policy of Computing Services at Central Michigan University. In the policy, Computing Services asserts ownership on all "user" files on its system. The critique calls this assertion an attempt of theft, pointing out that University ownership would mean that the University could sell user files to outsiders. The critique calls a new policy, created with user participation.<1991Sep2.192241.1731@eff.org> <1991Sep4.003030.2331@eff.org> The third note agrees that user participation is desirable, but observes that users are often apathetic and uninterested in policy. <202C75A18080B52F@ccmail.sunysb.edu> The next two notes concern the application of library policy to computers. The first note reports that the American Library Association (ALA) says that access restrictions can be censorship. The note includes the ALA's definitions of censorship and related terms. <1991Sep23.151518.18589@eff.org> The next note tries to clarify the analogy between a traditional library and a computer. The note says that Netnews should [not be -cmk] compared to a library, rather it should be compared to the set of publications from which a library selects. The note also includes the Hypothetical Netnews Bill of Rights, a modification of the ALA's Library Bill of Rights. <1991Sep18.152828.6297@eff.org> In the next note, Mike Godwin, legal staff for the Electronic Frontier Foundation (EFF) says that the Electronic Communications Privacy Act (ECPA) could be reasonably construed to protect university email. <1991Sep23.190848.24422@eff.org> The next note says that allowing some personal and recreational use of computers that are mostly for instructional use, works fine in practice.<1991Sep26.041948.27809@visix.com> The next note concedes that an owner can do most anything he, she, or it wishes with his, her, or its computer. When that owner is an organization, however, it must act within the bounds of its charter. Thus, the U.S. Government must act within the bounds of its charter, the Constitution.<1991Sep18.200431.12028@eff.org> The next two notes are about magazine/newsgroup selection. The first note says that contrary to what they may say, many librarians avoid the selection of material that offends them. <6665D4606E821004@ccmail.sunysb.edu> The second note highlights the ALA Workbook for Selection Policy Writing. The Workbook covers everything from developing a selection policy to handling challenges to controversial materials.<1991Sep21.215316.833@eff.org> The full Workbook is available on-line; just send email to archive-server@eff.org. Include the line: send library-policies selection-workbook.ala Recently, someone at the University of Illinois posted a note that some found offensive. Some of the offended said that the poster could be punished by the University. The penultimate note is an explanation of why a state university such as the University of Illinois cannot legally punish a student for being offensive. <1991Sep17.195000.9335@m.cs.uiuc.edu> The last note is a discussion of rules that balance an individual user's rights with the need to keep the computer system running smoothly. The note includes six real-life problems, possible rules might cover the problems, and a report about how the problems were really solved.<1991Sep5.205747.17426@mp.cs.niu.edu> - Carl] In this issue: Carl M. Kadie 230 Computing Services Policy at Central Michigan University Carl M. Kadie 46 - Sanjay Kapur 53 - Carl M. Kadie 63 >Academic Privacy Question Carl M. Kadie 66 >What is a library? Mike Godwin 53 ECPA and University Email Amanda Walker 33 >Ownership rights Carl M. Kadie 30 > Sanjay Kapur 45 >Academic Privacy Question Carl M. Kadie 32 >ALA "Workbook for Selection Policy Writing" Carl M. Kadie 93 >Freedom of Expression (Re: Discrimination against ... Neil Rickert 123 Computer Policy in the Student Handbook Computers and Academic Freedom News Editor: Carl M. Kadie (kadie@eff.org) Circulation: William W. Arnold (caf-talk-request@eff.org, warnold@eff.org) Publication: Helen C. O'Boyle (helen@eff.org) To contribute to the list, send email to "caf-talk@eff.org". Your note will appear immediately on the caf-talk mailing list and in the alt.comp.acad-freedom.talk newsgroup. Back issues are available via anonymous ftp to eff.org. The directory is pub/academic/news. Abstracts of CAF-news are in file pub/academic/abstracts. The CAF archive is also available via email. For information, send email to archive-server@eff.org. Include the lines "help" and "index". Disclaimer: This CAF-news was compiled by me, Carl M. Kadie. It is not an EFF publication. The views I express and editorial decisions I make are my own. The addresses for the list are: comp-academic-freedom-talk@eff.org - for contributions to the list or caf-talk@eff.org listserv@eff.org - for automated additions/deletions (send email with the line "help" for details.) caf-talk-request@eff.org - for administrivia Also, if you read newsgroups, look for alt.comp.acad-freedom.talk and alt.comp.acad-freedom.news. From: kadie@eff.org (Carl M. Kadie) Date: Mon, 2 Sep 1991 19:22:41 GMT Message-ID: <1991Sep2.192241.1731@eff.org> References: <1991Sep2.161515.24831@eff.org> Subject: Computing Services Policy at Central Michigan University Summary: Central Michigan University Steals User Files This is a critique of the Computing Services Policy at Central Michigan University. The policy as written gives Central Michigan authority to steal user file. It also denies users their due process rights. The policy should be replaced by a policy created with participation of users. >Excerpts from "Everything You Ever Wanted To Know About Computing >Services At Central Michigan University (And Were Afraid To Ask)", >Computer Services Document No. CSVD0092. It is given to new users. >---- begin quote --- >_The contents of all storage media owned or stored on Computer >Services computing facilities are the property of Central Michigan >University unless a written contract signed by suitable contracting >authority exists to the contrary._ [The _..._ marks underlining in the >original document. - Carl] According to this paragraph, if a faculty member writes a journal article on a Computer Services computer, it becomes the property of Central Michigan. This is theft by Computer Services of property that rightfully belongs to the faculty member. As a practical matter, this paragraph is ridiculous. Is Computer Services claiming to own the copyright on user-created documents? If so, a faculty member who read this paragraph could not legally give a journal permission to publish the paper he or she wrote. If the faculty member did try to give a permission-to-copy, he or she would be guilty of fraud. The paragraph contradicts policy and law with regard to privacy. The contents of personal file cabinets, even if owned by the State, remain the property of their assigned user. Unreasonable searches are prohibited by the Constitution. The University of Illinois, for example, requires a warrant before a search of university-owned personal file cabinet. Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office or dormitory space (for example, files in a graduate student's desk). [Aside: I suggest than writers to CAF-talk mark proposed principles as I have done above. Start with the word "Principle:" as the first item on a line. Mark the end of the proposal with a blank line. This will make it easy to extract proposed principles later. - Carl] The Joint Statement on Rights and Freedoms of Students (ftp.eff.org:pub/academic/student.rights) suggests these guidelines (which Central Michigan's policy violates.) "1. Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed." >An individual using Computer Services facilities must do so in the >knowledge that he/she is using University resources in support of >his/her work. The University owns everything stored in its facilities >unless it has agreed otherwise. Further, the University has the right >of access to the contents at any time for any purpose for which it has >a legitimate "need to know". The University will make all reasonable >efforts to maintain the confidentiality of the storage contents and to >safeguard the contents from loss, but cannot be held liable for the >inadvertent or unavoidable loss or disclosure of the contents. >Normally, the only "need to know" access to storage media contents >will be conducted by the Director of Computer Services, the Associate >Director of Computer Services (operations), or the Systems >Programmers. If University really owns the contents of the everything on the computer, then there is no confidentiality to maintain. The computer files may, however, now be covered by the Family Educational Rights and Privacy Act. (I doubt if Computer Services really indented that.) This search policy could be improved by replacing the "need to know" language with the more mature language of the University's general search policy. >... >_The facilities are provided without charge for purposes of academic >advancement and administrative data processing for faculty, staff, and >students of Central Michigan University. Use by others or for other >purposes is strictly prohibited unless specifically authorized in >writing by the Director of Computer Services._ It sounds like Sys Programmer can decide for his or herself to search a faculty-created file, but that a faculty member must get written permission from the Directory of Computer Services before sending email to a friend. >Computer Services computing facilities are provided in support of >teaching and academic advancement and administrative data processing >at Central Michigan University. Any faculty member, staff member, >emeritus faculty/staff, or student having a current bona fide >connection with Central Michigan University is permitted, upon proper >validation by Computer Services, to use the instructional/research >portion of these facilities without charge regardless of whether or >not they are in a "computer-intensive" class or are teaching such a >class. The facilities available to the individual will be determined >by Computer Services based on intended use of the facilities by the >individual and the resources available at the time of validation. >Facilities are not provided for the use of spouses, parents, children, >or friends of validated users. >... Good. >...Detection of illegal usage or practices designed to operate to the >detriment of the user community will result in the withdrawal of >services to the individual determined to be at fault. Computer >Services will be the sole arbiter of this decision and services to the >individual will only be restored to the individual upon successful >appeal to the Director of Computer Services or his designees. >... I would suggest Computer Services policymakers look at Central Michigan's general disciplinary policy. Also, they should read the Joint Statement on Rights and Freedoms of Students section on "Procedural Standards in Disciplinary". The phrase "practices designed to operate to the detriment of the user community" is too vague. Principle: A reasonable user should be able to determine if his or her behavior will violate policy. This paragraph suggests that the only penalty for "practices designed to operate to the detriment of the user community" is permanent expulsion from the computer. This is too harsh. "[P]rocedural fair play requires that the student be informed of the nature of the charges against him, that he be given a fair opportunity to refute them" [Joint Statement]. The policy does not respect these rights. Also, due process requires that "[w]hen the misconduct may result in serious penalties and if the student questions the fairness of disciplinary action taken against him, he should be granted, on request, the privilege of a hearing before a regularly constituted hearing committee. ... No member of the hearing committee who is otherwise interested in the particular case should sit in judgment during the proceeding." [Joint Statement] In other words, Computer Services asserts that it is the prosecutor and final judge. But, no department on campus has this authority; it is a violation of user due-process rights. Principle: Suspension or expulsion from a computer is a serious penalty. Users facing these penalties should be given due process protection similar to that given to those facing other serious penalties such as a formal disciplinary warning, a failing grade for cheating, or suspension from class. >_Special information regarding audit records on the IBM 3090 computer._ >Any individual using Computer Services facilities must realize that >all mainframe computer systems maintain audit trail logs or log files >within the mainframe computer. Such information as the user >identification, date and time of the session, the software used, the >files used, the computer time, and storage used, the user account, and >other run-related information is normally available for diagnostic, >accounting, and load analysis purposes. >In the case of the IBM 3090, Computer Services normally retains the >information contained in these files for up to one year. Under certain >circumstances, this information is reviewed by the Computer Services >personnel outlined above, either at the request of an academic >department, or in situations where it is necessary to determine what >has occurred to cause a particular system problem at a particular >time. For example, analysis of audit files may indicate why a >particular data file is being erased, when it was erased, and what >user identification has erased it. Inspection of audit records may be >used to dispel or confirm a professor's suspicions of academic >dishonesty. >... >Access to audit records on the IBM 3090 will only be performed by the >Computer Services personnel designated above. The review of audit >information will only be performed when there is a legitimate "need to >know" based on a request from an academic department, an Executive >Officer of Central Michigan University, or the Director of Computer >Services, or when such a review is deemed necessary in order to >maintain a satisfactory computing environment for the University >Community. In such cases, a written record will be maintained of the >occasion, containing the name of the person accessing the audit >records, the date and time of access, whose records were accessed, the >extent (date and time range) of the information retrieved, and the >circumstances occasioning the access. This record will be kept in the >Computer Services administrative manual files under the the >designation "IBM 3090 audit record accesses". >--- end quote --- The Family Educational Rights and Privacy Act regulates university records. It does not sound as if the log and the "audit record accesses" comply with the law. Also, the phrase "or when a review is deemed necessary in order to maintain a satisfactory computer environment" is a vague catch-all that would seem to permit review at any time. It does not even say who authorized to do the "deeming". Finally, Principle: "[P]olicies and procedures should be developed at each institution within the framework of general standards and with the broadest possible participation of the members of the academic community." [Joint Statement] Following this principle, the Central Michigan policy should be replaced by a policy created with the participation of users. - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: kadie@eff.org (Carl M. Kadie) Date: Wed, 4 Sep 1991 00:30:30 GMT Message-ID: <1991Sep4.003030.2331@eff.org> References: <1991Sep2.161515.24831@eff.org> <1991Sep2.192241.1731@eff.org> <1563@ra.MsState.Edu> Subject: Computing Services Policy at Central Michigan University In article <1991Sep2.192241.1731@eff.org> kadie@eff.org (Carl M. Kadie) writes: >>According to this paragraph, if a faculty member writes a journal >>article on a Computer Services computer, it becomes the property of >>Central Michigan. This is theft by Computer Services of property >>that rightfully belongs to the faculty member. >>As a practical matter, this paragraph is ridiculous. Is Computer >>Services claiming to own the copyright on user-created documents? If >>so, a faculty member who read this paragraph could not legally give a >>journal permission to publish the paper he or she wrote. If the >>faculty member did try to give a permission-to-copy, he or she would >>be guilty of fraud. fwp1@Jester.CC.MsState.Edu (Frank Peters) writes: [...] > Copyright is not ownership. Ownership is not copyright. [...] >Central Michigan University claims ownership of a particular copy of a >work stored on their media. They claim that they can read it or move >it or remove it or modify it as necessary. That is, they can do as >they wish with that particular copy of the work. I'm sorry for the mistake. I usually do know the difference between owning a copy and owning a copyright. Basic property rights include: The right to sell (lease, etc) The right to use (and to forbid the use of others) Are they really claiming the right to sell "their" copy of files created by users? Are they really claiming an unlimited right to edit user files and to forbid users from accessing "their own" files. Must a user ask permission before deleting a "university" file? I think that instead of claiming ownership, they would be wiser to get a license to do necessary system administration tasks. On most systems this license is implicit. - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) Date: 3 Sep 91 06:41:00 GMT Message-ID: <202C75A18080B52F@ccmail.sunysb.edu> Subject: Computing Services Policy at Central Michigan University >From: kadie@eff.org (Carl M. Kadie) > >Summary: Central Michigan University Steals User Files > >This is a critique of the Computing Services Policy at Central >Michigan University. The policy as written gives Central Michigan >authority to steal user file. It also denies users their due process >rights. The policy should be replaced by a policy created with >participation of users. > I agree that policy should be made with the participation of users and I also agree with most (though not all) of your critique of the policy. I just have one major point: Users at most schools don't give a damn about the computer policy. They are simply not interested in spending the time it would take to come up with a reasonable policy. The problem at most places is apathy. If the above were not so, how has the Central Michigan policy survived? I would ask susbcribers to this newsgroup to conduct a highly unscientific and random poll of the users of computers at their site and ask users the following type of questions. Please do not bias the sample group of users. You will bias the sample by educating them about what the policy is or what it should be before asking these questions: 1) Do they know that there is a computer policy? 2) Do they know what it says? 3) Will they be willing to spend a few hours a week developing or improving such a policy? 4) Do they know who all can read their files? Even protected files? Do they care? 5) Do they protect their account by not sharing passwords? 6) Do they know that there is a group of people who do systems work? 7) Do they know what the systems staff does with the system? 8) Are they dissatisfied with the way the systems staff does its work? I have talked with several hundred users over the past few years about these topics and I have come across only two persons who answered all the questions above positively. (maybe they were afraid of admitting to 8) above to me, but do you want someone, who is afraid of the systems staff, to make policy?) Those two individuals who were initially interested in helping design a policy purchased their own Personal Computers and lost all interest in developing a policy also. Maybe there are users who are interested in this at my campus, I just have not been lucky enough in locating them. Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu Systems Staff, Computing Services, |Bitnet: SKAPUR@USB State University of New York, |SPAN/HEPnet: 44132::SKAPUR Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046 Xref: eff alt.comp.acad-freedom.talk:1022 alt.censorship:1621 From: kadie@eff.org (Carl M. Kadie) Subject: Re: Academic Privacy Question Message-ID: <1991Sep23.151518.18589@eff.org> References: <07829621CE001F77@ccmail.sunysb.edu> Date: Mon, 23 Sep 1991 15:15:18 GMT Matthew T. Russotto (russotto@eng.umd.edu, russotto@wam.umd.edu) writes: [...] > I was merely pointing out that not all restriction of access is censorship [...] SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) writes: [...] >In my opinion it is a very bad form of censorship, even though no librarian >will admit that it is. Everyone has their blind spots (me included). This >form of censorship is particularly bad because it is practiced by those who >claim to fight censorship, yet they do not recognize their own actions. [...] I'm happy to report that librarians *do* see restricted access as a possible form of censorship. Here is the American Library Association's definition of censorship (this is updated from the ALA definitions given in the book _50 Ways to Fight Censorship_): ----------- Books/Materials Challenge Terminology Expression of Concern -- An inquiry that has judgmental overtones. Oral Complaint -- An oral challenge to the presence and/or appropriateness of the material in question Written Complaint -- A formal, written complaint filed with the institution (library, school, etc.) challenging the presence and/or appropriateness of specific material. Public Attack -- A publicly disseminated statement challenging the value of the material, presented to the media and/or others outside the institutional organization in order to gain public support for further action. Censorship -- The change in the access status of material, made by a governing authority or its representatives. Such changes include: exclusion, restriction, removal, or age/grade level changes. Adopted by the Intellectual Freedom Committee at the 1986 American Library Association Annual Conference [Made available by permission of the American Library Association.] ------------ [This, and many other ALA policy statements, are available from the Computers-and-Academic-Freedom Library Policy archive. The archive is accessible via anonymous ftp to ftp.eff.org (192.88.144.3). It is in directory "pub/academic/library". File README is a detailed description of the items in this directory. The archive is also accessible via email. For information on email access send email to archive-server@eff.org. In the body of your note include the lines "help" and "index".] - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: kadie@eff.org (Carl M. Kadie) Subject: Re: What is a library? Message-ID: <1991Sep18.152828.6297@eff.org> References: <1991Sep17.180603.10263@eff.org> <9109181420.AA16344@dsacg2.dsac.dla.mil> Date: Wed, 18 Sep 1991 15:28:28 GMT nbc2134@dsacg2.dsac.dla.mil (Robert F Solon) writes: .... >To what extent should Nos. 1 and 2 apply? Is every newsgroup a >library, or only Usenet as a whole? What about archives? Are they >libraries? Is each major hierarchy a library? ... I would say that every newsgroup is a publication. Usenet is a set of publications. Netnews is a larger set of publications. Each major hierarchy is a smaller set of publications. None of these are libraries. The Netnews service on a particular machine is a library service. The sys admin who selects which newsgroups will be carried on a particular machine is acting as a librarian. (Most sys admins also, of course, have other duties.) An archive on a particular machine may also be a library. (Archives and news servers on other machines are other libraries.) Maybe if I do a little creative rewriting it will be clear: --------- Hypothetical Netnews Bill of Rights All computers offering Netnews are forums for information and ideas, and that the following basic policies should guide their services. 1. Newsgroups and other Netnews resources should be provided for the interest, information, and enlightenment of all people of the community the Netnews provider serves. Materials should not be excluded because of the origin, background, or views of those contributing to their creation. 2. Computers offering Netnews should provide materials and information presenting all points of view on current and historical issues. Materials should not be proscribed or removed because of partisan or doctrinal disapproval. 3. Netnews providers should challenge censorship in the fulfillment of their responsibility to provide information and enlightenment. 4. Netnews providers should cooperate with all persons and groups concerned with resisting abridgment of free expression and free access to ideas. 5. A person's right to use a Netnews service should not be denied or abridged because of origin, age, background, or views. 6. Netnews providers which provides resources for user expression or assembly should make such resources available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use. ------ - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: kadie@eff.org (Carl M. Kadie) Subject: ECPA and University Email Message-ID: <1991Sep23.190848.24422@eff.org> Date: Mon, 23 Sep 1991 19:08:48 GMT Last week in email, I asked Mike Godwin if the Electronic Communications Privacy Act (ECPA) could be reasonably construed to protect university email. (Mike is the Staff Lawyer for the Electronic Freedom Foundation.) With Mike's permission, I'm posting his reply. - Carl --------- Carl, I don't think it's been resolved whether ECPA reaches university e-mail, but I think there is an argument that it does. Consider two key terms in ECPA: a: "electronic communication service" [defined in 18 USC 2510] means any service which provides to users thereof the ability to send or receive wire or electronic communications. b: "remote computing service" [defined in 18 USC 2711] means the provision *to the public* [emphasis mine] of computer storage or processing services by means of an electronic communications services. Now, one obvious difference between (a) and (b) is the phrase "to the public"--a university email system might well qualify as (a), but probably would not qualify as (b). But some sections of ECPA add the language "to the public" to (a), which suggests a narrower class of (a) that may exclude such things as university e-mail systems and internal corporate e-mail systems. Does this mean that a university e-mail system is not covered by ECPA because it doesn't provide services "to the public"? I don't think so, if the system provides services to students. Students are not employees--they are educational consumers. In other words, they are more like "public" than like "employees." Presumably, access to the university system is something that's paid for, at least in part, by a student's tuition and fees--i.e., the student is paying for the service. Obviously there's a counterargument here--that "public" just means "general public"--but the issue of interpretation hasn't yet been resolved. Hope this helps. --Mike --------- -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: amanda@visix.com (Amanda Walker) Subject: Re: Ownership rights Message-ID: <1991Sep26.041948.27809@visix.com> Sender: news@visix.com References: <17840DD99E401E65@ccmail.sunysb.edu> <1991Sep23.041527.1439@eng.umd.edu> <1991Sep23.152244.18876@eff.org> Date: Thu, 26 Sep 91 04:19:48 GMT kadie@eff.org (Carl M. Kadie) writes: I see no reason that a machine can't be mostly for instructional use and a little bit for recreational and personal use. For example, the policy of the machine might be that classwork has priority over game playing, that some newsgroups are available just because the users find them interesting, and that email may be used for personal use. This is in fact how network access has been treated at the educational institutions I've attended and worked for. Officially, the equipment and the network connection are there to support instruction and research, but a certain amount of personal use is allowed. One aspect of this approach is that personal use becomes a marginal service: in effect, it is provided in exchange for not having to police the resources. Problems arise when policing the resources starts looking easier than providing open access (scandals, flamewars that bleed off of the net and into "real life," and so on)... Personally, I'd rather see having a machine or cluster whose sole reason for existence is to provide universal email and news to the entire campus, but in most cases hardware is scarce enough to preclude taking this approach. Amanda Walker amanda@visix.com Visix Software Inc. ...!uunet!visix!amanda -- "Freedom is fragile and must be protected. To sacrifice it, even as a temporary measure, is to betray it." --Germain Greer From: kadie@eff.org (Carl M. Kadie) Subject: Re: Ownership rights Message-ID: <1991Sep18.200431.12028@eff.org> References: <1991Sep18.195255.11706@eff.org> Date: Wed, 18 Sep 1991 20:04:31 GMT [This is my response to "What is Usenet?" - Carl] "What is Usenet?" says that the owner can do anything he or she likes. This is generally true, but what if the owner is "The People"? How do We The People decide what we want to do with Our property. I think the answer is that we follow the rules agreed to in the Constitution. As interpreted by the Supreme Court, those rules, for example, prohibit viewpoint discrimination in government-owned forums. (For references that support this opinion, see CAF-news #25, ftp.eff.org:pub/academic/news/cafv01n25.) I'm not suggesting that Netnews as a whole is government owned and must not practice viewpoint discrimination. I believe, however, that a public university could not legally prohibit so-called prolife postings while allowing so-called prochoice postings. Furthermore, my understanding of the law is that the state has wide latitude in deciding which topics it will allow in newly created forums. In other words, a public university administrator has the legal authority to allow gun control discussion while prohibiting abortion discussions. But how *should* an administrator decide which topics to include and which to exclude? I think library policy offers an excellent guide. - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: SKAPUR@ccmail.sunysb.edu (Sanjay Kapur) Subject: Re: Academic Privacy Question Message-ID: <6665D4606E821004@ccmail.sunysb.edu> Sender: SKAPUR@ccmail.sunysb.edu Date: 17 Sep 91 15:01:00 GMT Approved: usenet@eff.org >From: sean@ms.uky.edu (Sean Casey) > >Libraries select their materials based on demand, cost, and >administrative overhead. Most people involved in libraries that I've >talked with would like any material to be available immediately upon >demand. But they're not going to carry what no one will ever look at, >they won't buy things they can't afford, and they can only keep as >many books as they can succesfully track. > Do you really believe that? Librarians will swear up and down that this is what they do and this is what they are taught in library school but I simply do not believe it. There is too much factual evidence to the contrary. >For many Usenet sites, including the ECC at UKY, the newsfeed is free. >The cost of maintaining usenet is the cost of disk space, plus a >certain (small, in my own experiences with B and C news) adminstrative >overhead. Carrying or not carrying a newsgroup amounts to 2 minutes of >editing a file. > >A decision not to carry "vice" groups surely cannot be argued on >the basis of resources. Instead, the decision has apparently been made >by a subjective interpretation of which newsgroups the administrators >feel are appropriate. > Just as the decision not to carry Penthouse or Playgirl or Hustler by a library. Certainly there is demand for them. People will read them. Compared to other magazines, journals and books, the cost is low. What is the justification "your local librarian" gives for not carrying them? My best guess for the real reason: Fear of censorship. Also quite a few librarians are women and tend to be offended by the degradation of women in these magazines. I know Librarians should not let their personal opinions interfere with the management of a library, but Librarians are also human beings. > >Sean >-- Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu Systems Staff, Computing Services, |Bitnet: SKAPUR@USB State University of New York, |SPAN/HEPnet: 44132::SKAPUR Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046 From: kadie@eff.org (Carl M. Kadie) Subject: Re: ALA "Workbook for Selection Policy Writing" Message-ID: <1991Sep21.215316.833@eff.org> References: <1991Sep21.193707.22331@eff.org> Date: Sat, 21 Sep 1991 21:53:16 GMT Here are some suggestions from the Workbook: You should have a selection policy. The policy should name by professional position those persons who will have selection responsibility. The policy should explain the selection criteria and procedure. (The Workbook contains many suggestions.) The policy should address controversial materials. It should include a statement on intellectual freedom and why it is important. The policy should include a procedure on reconsideration. The Workbook include sample procedure, letters, forms, and principles. For example: e. In accordance with statement of philosophy, no questioned materials shall be removed from the school pending a final decision. Pending the outcome of the request for reconsideration, however, access to questioned materials can be denied to the child (or children) of the parents making the complaint, if they so desire. (The Workbook includes a complete sample policy.) - Carl -- Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu I do not represent EFF; this is just me. From: kadie@m.cs.uiuc.edu (Carl M. Kadie) Subject: Re: Freedom of Expression (Re: Discrimination against ... Message-ID: <1991Sep17.195000.9335@m.cs.uiuc.edu> References: <1991Sep14.225304.5115@ux1.cso.uiuc.edu> <1991Sep17.150121.24441@ux1.cso.uiuc.edu> Date: Tue, 17 Sep 1991 19:50:00 GMT dorner@pequod.cso.uiuc.edu (Steve Dorner) writes: > Your identity CAN be discovered, you CAN face University > discipline for such postings, and there ARE people willing to > make the effort to see that it happens. ffujita@s.psych.uiuc.edu (Frank Fujita) writes: >Freedom of expression does not apply to the use of UIUCnet. If one >owns a press, one is free to print what one likes. If one does not >own a press, the govt is not obliged to provide you with one. > >I do not know if there are any strictures that have been violated, >but our freedom of expression would not make such strictures >unconstitutional. Students on this campus have a contractual and constitutional right to free expression. The contractual right comes from our "Code on Campus Affairs". It says: "STATEMENT ON INDIVIDUAL RIGHTS I. Preamble A student at the University of Illinois at the Urbana-Champaign campus is a member of the University community of which all members have at least the rights and responsibilities common to all citizens, free from institutional censorship;" ... "III. Campus Expression A. Discussion and expression of all views is permitted within the University subject only to requirements for the maintenance of order. [...] B. Members and organizations in the University community may invite and hear any persons of their own choosing, subject only to reasonable requirements on time, place, and manner for use of University facilities. C. The campus press and media are to be free of censorship. The editors and managers shall not be arbitrarily suspended because of student, faculty, administration, alumni, or community disapproval of editorial policy or content." ... "VI. Student Affairs [...] B. Freedom of Inquiry and Expression 1. Students and student organizations should be free to examine and to discuss all questions of interest to them, and to express opinions publicly and privately. [...] 2. Students should be allowed to invite and hear any person of their own choosing. [...] The University's control of campus facilities should not be used as a device of censorship. It should be made clear to the academic and larger community that sponsorship of guest speakers does not necessarily imply approval or endorsement of the views expressed either by the sponsoring group or the institution." The Constitutional right comes from the First (and 14th) Amendments. The University's uiuc.general is a "limited public forum" under the Supreme Court' Public-Forum Doctrine. (Uiuc.general is limited in the sense that only people with computer accounts can access it. It is not limited to a particular set of topics.) Here are is the law for limited public forums: [Quotes are from the decision "San Diego Committee v. Governing Bd., 790 F.2d 1471 (1986)". Quotes within quotes are from the Supreme Court.] '"[C]ontent-based prohibition must be narrowly drawn to effectuate a compelling state interest."' "Having established a limited public forum [the school] cannot, absent a compelling governmental interest, exclude speech otherwise within the boundaries of the forum ...." "Thus the identical broad free speech rights attach to [traditional] and [limited] types of public forums, [ref] although in the latter type of forums those broad rights apply only within the particular boundaries of the specific forum that has been established." For more details see the most recent issue of the "Computers and Academic Freedom News" (vol. 1, no. 25). It is available on-line from m.cs.uiuc.edu as newsgroup alt.comp.acad-freedom.news. If you can't get it there, it is available via anonymous ftp it from ftp.eff.org:pub/academic/news/cafn01n25. - Carl -- Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign From: rickert@cs.niu.edu (Neil Rickert) Date: 5 Sep 91 20:57:47 GMT Message-ID: <1991Sep5.205747.17426@mp.cs.niu.edu> References: <1991Aug23.145258.12240@eff.org> Subject: Computer Policy in the Student Handbook In article <1991Sep5.181039.22607@eff.org> kadie@eff.org (Karl Kadie) writes: >I wrote: > >>>Can you give examples of situations in which a sys admin needs a great >>>deal of flexibility? Perhaps we can propose some rules that are clear >>>enough to satisfy me and flexible enough to satisfy you. > >rickert@cs.niu.edu (Neil Rickert) writes: > >[...] >> I see a student has 50 processes running wild (our current per-user >> limit), >> and I see a faculty member has 3 processes very carefully 'nice'd. >> I need the flexibility to decide that the student problem is >> inconsequential, probably caused by a shell script named 'test' which does >> an 'if test ...', and I need the flexibility to kill two of the >> professor's >> processes because, in spite of the 'nice', they are memory hogs and are >> thrashing so severely as to cause severe interference with other users. > >(These are great examples. Sorry, I've taken so long to respond.) > >I agree that a Sys Admin should be able to make these decisions. Your >purpose in killing the professor's jobs was to stop the system from >thrashing. It was not to punish the professor. You did not act >capriously. > >(You should of course tell the professor what you did. Otherwise >the professor will likely just start the jobs up again.) Naturally I informed him. >Hopefully, a discussion with the professor will lead to some >solution that will allow her to run her jobs without impacting >the system so much (one job at a time, an account on a other machine, >running at night, etc.) In this case the professor had discussed it with me before starting the jobs, but it was difficult to estimate the impact which was more serious than at originally anticipated. >> I see student A has started a daemon which watches for new logins, and >> does 'write's to them. I see student B has started a daemon which watches >> for new processes and attempts to 'kill' them. > >> I need the flexibility to determine that student A has done something >> abusive and anti-social, while student B has merely seen a neat looking >> program named 'init', tried it to see what it does, then attempted to kill >> it after realizing his mistake. (Naturally I removed the world execute >> permissions of 'init' after this happened). > >First, what rules might be broken? > >There might be a rule against harassment. Where "harassment" is >knowingly sending unwanted personal communications on the computer. >Person A would know his or her communications was unwanted if he or >she had received notice (say, via email, or by being told). Personal >communications on the computer would include talk requests, email, and >programs that wrote to the user's terminal. In the particular case I have in mind, I found out about this from a complaint by another user. The complainer had great difficulty logging in because the messages were interrupting prompts for terminal type, etc. I certainly considered that harrassment. My action was to kill the job and send the offender a warning. >(You should, of course, tell A what you did, otherwise A will likely >just start the jobs up again.) I would not normally kill a user's job without informing that user, most commonly by email. >With person B, you can of course kill the 'init' process. Email or a >meeting with the person will probably convince you that person B did >not intent to break the rule. In this case "person B" brought the matter to my attention, since his action prevented further use of the system by him. But in this case I could joke with the student about him doing something dumb, instead of having to reprimand him. >> I need the flexibility to decide that a student who is 'telnet'ing to port >> 2000 as some place halfway across the country is violating our rules >> against playing games in the middle of the day. I need the flexibility to >> decide that another student who is running a program called 'hangman' is >> just working on an assignment in his programming class. > >I'm not fond of restrictions on what kind of program can be run. I'd >much rather have limits on the effects of those programs (e.g. how >much CPU time programs can use, etc.) Kind-of-program restrictions are >as hard to enforce as topic restrictions on email. You might not be fond of restriction. But when a large proportion of our terminal ports are tied up by game players, and legitimate users with homework assignments due are thereby prevented from accessing the system, I must act. Email warnings are always given first, and further action is only taken if the warnings are ignored. >What is worse, running a program of the wrong kind or official >snooping to make sure that your program is not the wrong kind? Most system admins don't have the time or the patience to be "snooping" on what people are doing. But they do have to monitor the system, look at process queues, mail queues, etc. In the process of routine system monitoring they may observe abuse. I don't consider that "snooping". >Is there middle ground? At the U. of Illinois if they think that too >many people are living in a dorm room, they give 24 hours notice that >there will be an inspection. Note that in the (real) examples I gave, the only cases that I acted immediately were when there was an immediate impact on the system which interfered with other users. Under any other circumstances giving notice should be standard procedure. I presume that at U. of Illinois if they noticed smoke billowing from a dorm room, or if the sound level from a stereo was so high as to be intolerable to neighbors, they would not give 24 hours notice but would take some immediate action. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940