Do the consequences of letting students perform private activity on their university-provided network outweigh the alternative: network monitoring?
It’s an ongoing debate I had mostly shied away from, not because I don’t care (I’m a poor, media-loving, computer-hogging, liberal arts major – read between the lines) but because I had accepted Boston University’s freshman orientation threat of punishment that would make Stalin proud was not going change before I graduated. An acceptance I had held until recently, when someone referred me to an article furiously criticizing BU because they had a network system “so incompetent” that it was impossible to trace wrongdoers.
Digging deeper out of excitement that I might possibly learn that BU’s best-kept secret is their entire network is incapable of tracking intruders, I encountered some minor disappointment: the heavily-biased article in question did a hell of a good job of not making it clear that it was only referencing a judge’s decision on a particular case. I could never find the exact specifics of the case, but I did find a court order to quash a subpoena that challenged BU to reveal its infringers. The court order was issued because “the University has adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty.” – spawning the article that sent me on this hunt.
So what did this mean? Essentially, that I had discovered nothing about BU’s network. Despite further searching, I was unable to determine if this meant BU was never able to identify intruders or if this was an exception. An e-mail sent out to the IT department about the source article yielded this response:
“I’m not familiar with the particulars of this case, nor would it likely be appropriate to recount them if I were, but my quick impression is that the article is grounded in false premises and assumptions consistent with the author’s obvious bias, and then elaborated inaccurately from there.
As I recall, the court’s decision was unrelated to the ISP’s ability or inability to reliably identify its subscribers generally, but rather in this case specifically. As you can appreciate I’m sure, there are circumstances in which transactions can be tracked to a device technically, but not necessarily to a person with certainty.”
Fortunately, in my search I discovered something else: numerous communities devoting time not just to Internet freedom as a whole, but also to Internet freedom specifically amongst universities. Lawrence Lessig, a Professor of Law at Stanford Law School, runs an organization pushing for free speech and civil rights in the digital age. Also working furiously behind the scenes it the Electronic Frontier Foundation, an organization pushing for digital rights since 1990. I wrote to them with their opinion on college network security and they referred me to several articles for and about the subject that raise some interesting points.
According to the EFF, it seems the biggest crime these schools that monitor are committing is a betrayal of academic principles. It writes that academic communities function on innovation and the spread of ideas, especially by means of such an open network such as the Internet. Surveying the network for potential wrongdoers results in a “chilling effect on academic discourse”. Theoretically, students who fear being monitored will be less inclined to experiment in new digital ideas. And they have a point. Some of the most profitable and widely used tools can be credited to college students such as Google (Stanford), Facebook (Harvard), and Napster (Northeastern – let’s not forget that despite Napster’s eventual shutdown, a little company called Apple rose up and made a multi-billion dollar business out of its model).
A second, an obvious, argument against network monitoring is invasion of privacy. The University of Wyoming once had a program that traced all file-swapping traffic on its network. Every song, video, and document swapped was examined, along with emails, personal information, and web pages. While this “fingerprinting” curriculum may very well lead to the capture of copyright violators, (and why? So the RIAA can bankrupt college kids?) it also intercepts tons of personal information. As the EFF says, amassing large data collections can lead to disaster if the collections are hacked. And let’s face it -with today’s large accessibility of digital resources, anything can be hacked.
Finally, the point that stood out the most to me, the one that brings us back to Boston University’s successfully quashed subpoena, the one that is so incredibly simple to sum up, is that network monitoring is not required by law. The law requires a service to act only when it is aware that it is assisting in infringement. “Potential” wrongdoers do not apply. Why invest the time, the money, and the manpower on monitoring a network of thirty thousand when all those assets can be focused elsewhere?
Despite lacking conclusive evidence to determine how strong Boston University’s network is, a subpoena such as the one issued to the school is a huge step in the battle for internet freedom. Ray Beckerman, a New York attorney who is also a member of the EFF, had this to say on the case:
“There’s an important lesson to be learned here. If the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification problems, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle.”
There are also others who are willing to look for alternatives. Two years ago, Fred von Lohmann of the Washington Post proposed a solution to illegal file sharing on college campuses: a blanket license paid by the university (similar to the license paid for on-campus cable and performance groups) that goes to the big corporatists as compensation for the swapping of music and movies. The effect? A slight increase in tuition, perhaps.
Of course, the plan isn’t perfect. I can only imagine the amount of parents that would be up in arms about having to pay for other students’ illegal activities. But by proposing such a logical and thoughtful solution, von Lohmann has taken steps that many haven’t: an acceptance that file sharing has become the norm, an acceptance that it is inevitable, and an acceptance that we must start adapting to it if we are to continue to function. Regardless of whatever conclusion is reached in this ongoing war between internet freedom and pro-network surveillance fighters, Boston University – any university – should not be spending time case-by-case trying to adhere to the demands of those unhappy with the way things are going.