Pressured by the double whammy of feds looking for terrorists and the music industry chasing file sharers, universities are keeping a close eye on student Internet use.
Last March, a protest against arms manufacturer Raytheon at the University of New Hampshire was derailed by campus administrators who had been covertly monitoring the e-mail list of a student group called the Peace and Justice League. According to UNH undergraduate Rob Wolfe, the group was making plans to protest Raytheon’s presence at a UNH job fair. Wolfe says that “there are no campus administrators on the [e-mail] list,” but somehow the vice president of student affairs managed to get a copy of a private e-mail about the protest.
“Raytheon canceled their appearance literally at the last minute,” he says. “It’s unclear whether this was connected to the e-mail leak, but it’s certainly atypical of Raytheon not to follow through on a campus appearance.” A spokesperson for Raytheon refused to comment on whether the company had canceled its appearance because of the protest, but did acknowledge that the company skipped the job fair and instead met individually with students who had made appointments.
The idea that university administrators are reading private e-mail might seem distinctly Big Brotherian, but the practice is increasingly commonplace. When students access the Internet via university equipment, everything they do — from sending e-mail and visiting Web sites, to sharing pictures and using certain kinds of software — is being watched.
Historically, computer network administrators have monitored student activity online for purely legitimate, technical reasons. Increasingly, however, pressure from government and industry is forcing university administrators to become digital spies. Fears of terrorism, combined with concerns about copyright violations, are creating a climate of campus surveillance.
At the University of California at Berkeley, the everyday Web-surfing habits of students are regularly watched and recorded. Berkeley’s Systems and Network Security group uses a program called BRO — named after the infamous fascist icon from George Orwell’s “1984″ — that keeps logs of every IP address students visit on the Internet from the campus network.
Cliff Frost, UC-Berkeley’s director of communication and network services, says that “this practice is under review right now,” because the campus community feels it interferes with academic freedom. He expects that the university will continue to keep logs but will discard them after a month or two. “I’d love to keep that data forever,” he adds, “if there weren’t the threats of subpoenas for vile purposes.”
He is referring partly to recent actions by the Recording Industry Association of America, which has subpoenaed universities for the names of students allegedly engaging in music piracy. Techs must comb through saved logs for personal information to fulfill the subpoenas’ demands. Some schools, including MIT, have refused to hand over the information by arguing that it is protected under the Family Educational Rights and Privacy Act. FERPA is designed to stop students’ personal data from being handed over to third parties, and no one has yet challenged the use of FERPA in these copyright cases.
But there is a little-discussed section of the USA-PATRIOT Act that renders FERPA completely useless when federal officials subpoena personal student information for terrorism-related investigations. Not only do these federal subpoenas bypass FERPA, but the people served are not permitted to discuss them with anybody.
“You can’t challenge [these subpoenas] because you can’t tell anyone you’ve received them,” says Lauren Gelman, an attorney with the Center for Internet and Society at Stanford. “At a university, one administrator can’t even tell another administrator about these subpoenas, so there is no way to know how many have gone out.” While university administrators want to comply with federal laws, many are wary of handing over private data in such a secretive manner.
And if the experiences of MIT computer network director Jeff Schiller are any indication, USA-PATRIOT Act subpoenas are being used on a regular basis to gather information about student online activity. “Things have definitely changed around here since 9/11,” Schiller says. “Nobody has come around with a blanket subpoena looking for e-mails sent by Muslims [on campus]. But we’d never seen subpoenas for information related to national security before, and now we do.” He couldn’t reveal how many of these subpoenas he’s received, but he did confirm that there has been a marked escalation in the electronic investigation of people at MIT “on terrorist grounds.”
The only way to defend student privacy against USA-PATRIOT subpoenas, says University of Michigan public policy professor Virginia Rezmierski, is for university IT departments to stop saving their logs. You can’t subpoena information that doesn’t exist. Rezmierski is the lead author of a 2001 National Science Foundation study of network monitoring and logging practices on college campuses.
“I don’t think this study made people very happy when it came out,” she says. “A lot of our findings were very disturbing.” She describes interviewing a college systems administrator for the study who told her that he had singled out one student and periodically logged everything he did on his computer “because [the student] was really competent with network operations and he seemed a suspicious type.”
She and her co-researchers also discovered that many schools routinely kept records of everything people did on campus networks. Worse, they saved this information without stripping personal identifiers out of it. “People don’t realize there are different levels of monitoring and logging,” Rezmierski says. “You can save logs in order to analyze them for technical and security purposes without saving personal information.” When schools must save logs, she emphasizes, it’s crucial that they remove any markers that connect their data to particular individuals.
She adds that if colleges don’t have policies regulating who has access to such logs, students are left vulnerable to censure by politically motivated administrators who deem certain students or student groups “suspicious” enough to monitor.
Perhaps most disturbing to critics and privacy advocates is the fact that schools are responding to subpoenas from the music recording industry with as much alacrity — and as many privacy-invading techniques — as they are to subpoenas related to national security. In their efforts to ferret out pirates, administrators are violating their own campus privacy policies, treating students who use P2P software the same way they would treat potential terrorists.
Earlier this year, administrators at Penn State decided to hunt down and punish students on the campus network who were using Direct Connect, a program that can be used to trade music files. Although Penn State promises students that their computer use won’t be monitored, administrators tracked down over 200 students using Direct Connect in April and shut down their campus network accounts. Contrary to its expressed policy, the school was retaining logs of network activity that could be traced to individual students.
Penn State’s vice provost of information technology, Russell Vaught, refused to say how the students had been identified, explaining only that his office had “acted within the law.” But undergraduate Mike O’Connor, director of technology affairs for Penn State’s undergraduate student government, showed me an e-mail he’d received from Vaught that acknowledged university techs had watched the online activities of students to find out which ones were using Direct Connect. Vaught’s office may not have broken the law, but O’Connor says that he and other students believe that “Penn State violated its own policy in using these methods.”
For a few months last year, the University of Wyoming used a program called AudibleMagic to look at the content of every piece of data traveling over the campus network suspected of containing copyrighted material. Administrators could gain access to any student’s private data if they suspected he or she might be pirating music. Lambasted in the press, administrators stopped using the program in May. Robert Aylward, the vice president of information technology at the university, says that it no longer uses AudibleMagic and has switched to a program called Packeteer, which tracks data flow on the network but doesn’t look at the content of that data.
However, an AudibleMagic rep says that other universities are adopting its technology.
There are countless products and services like AudibleMagic on the market, all enabling network administrators to place students under surveillance in the name of copyright protection, network monitoring and national security. On college campuses today, the question isn’t whether your computer activity is being watched; it’s who might use your private information against you.
More Related Stories
- Cannes: Directing 101 with James Franco
- Welcome to the jungle: The definitive oral history of '80s metal
- Burt Bacharach opens up on daughter's suicide
- Steven Spielberg to produce "Halo" television series
- Amazon set to launch fine-art gallery
- Twitter torches Dan Brown's "Inferno"
- Brad Pitt keeps breaking his silence on how boring marriage to Jennifer Aniston was
- Lars von Trier's "Nymphomaniac" to use porn star body doubles
- New Beyoncé single leaked
- The sweet, sure to be short-lived "The Goodwin Games"
- Damon Lindelof admits barely-clothed scene in "Star Trek" was "gratuitous"
- Justin Timberlake: I'm a mediocre folk singer!
- Ray Manzarek, founding member of The Doors, dies at 74
- Beware of book blurbs
- Did a Salon excerpt ruin Penn Jillette's chance to win "Celebrity Apprentice"?
- Zach Galifianakis to take formerly homeless woman to "Hangover 3" premiere
- Seth MacFarlane will not host Oscars again
- "SNL's" uncomfortable Garner/Affleck moment
- "Celebrity Apprentice" finale ratings hit a new low
- Worst National Anthem fails
- The truth in Kanye's anti-prison rap
Featured Slide Shows
The week in 10 picsclose X
- 1 of 11
Lisa Montgomery embraces her nephew Thursday after a tornado tore apart her home in Cleburne, Texas. The twister killed six people and destroyed entire swaths of the North Texas town.
Credit: AP/LM Otero
Jack McMahon, the defense attorney for abortion doctor Kermit Gosnell, speaks outside the Criminal Justice Center in Philadelphia Tuesday. His client was convicted of killing three babies in his clinic, and will serve multiple life sentences.
Credit: AP/Matt Rourke
A photo taken Monday captures Vice President Joe Biden's response to a Milwaukee second-grader's innovative proposal to end America's epidemic of gun violence. This guy!
Credit: AP/Jenny Aicher
Sen. Rand Paul, R-Ky., flanked by a grouper-eyed Michele Bachmann, addresses the IRS' admission that it targeted Tea Party groups in advance of the 2012 election. In an op-ed for CNN Thursday, the Kentucky senator slammed the president for his faux outrage.
Credit: AP/Molly Riley
Ousted IRS chief Steven Miller is sworn in on Capitol Hill Friday. Miller testified before the House Ways and Means Committee on the extra scrutiny the agency gave conservative groups applying for tax-exempt status.
Credit: AP/J. Scott Applewhite
Attorney General Eric Holder pauses as he testifies on Capitol Hill before the House Judiciary Committee Wednesday. Holder is under fire, among other things, for the Justice Department's gathering of phone records at the Associated Press.
Credit: AP/Carolyn Kaster
O.J. Simpson sits during an evidentiary hearing at Clark County District Court in Las Vegas, Nev., Thursday. Simpson, who is currently serving a nine-to-33-year sentence in state prison for armed robbery and kidnapping, is using a writ of habeas corpus to seek a new trial.
Credit: AP/Las Vegas Review-Journal/Jeff Scheid
Major Tom to ground control: On Sunday astronaut Chris Hadfield recorded the first music video from space, a cover of David Bowie's "Space Oddity."
Credit: AP/NASA/Chris Hadfield
When it rains it pours. President Barack Obama speaks during a news conference Thursday with Turkish Prime Minister Recep Tayyip Erdogan, inexplicably inspiring an #umbrellagate Twitter meme.
Credit: AP/Jacquelyn Martin
A smoke plume rises high above a road block at the intersection of County A and Ross Road east of Solon Springs, Wis., Tuesday. No injuries were reported, but the the wildfire caused evacuations across northwestern Wisconsin.
Credit: AP/The Duluth News-Tribune/Clint Austin
Recent Slide Shows
- 1 of 11