Electronic Monitoring in the Academy

Academic Computing Policy

In addition to the potentially widespread effects of the Urofsky decision upon matters of academic control within university computing, the struggle to assure the presence of academic freedom within the digital environment has, in the main, been engaged outside of the courtroom and beyond the view of the public and the professoriate. It has occurred in the promulgation of policies, in the acceptance of informal understandings, and through the continued definition and enlargement of academic support services within the university.

Although its name suggests an education-friendly orientation, academic computing or information technology (IT) organizations largely draw upon business models for their ideas, the corporate world for their managers, and the narrowly technically trained for their staff. While not entirely isolated from the academy, these departments normally are removed from routine teaching activities with professorial involvement limited, if at all present, to occasional consultations with academic advisory groups. Due to the understandable lack of technical familiarity on the part of most teaching staff, these entities rely upon the visions , strategies, and products of hardware and software manufacturers. The effects of this separation are apparent in reports from the academy.

The Academic Senate for California on Academic Freedom, Privacy, Copyright and Fair Use in a Technological World (1999) notes the general disconnect existing between administrative policies regarding computer-based use and those concerning conventional communications, noting that while [t]he university affords electronic mail privacy protections [to be] comparable to that which it traditionally affords paper mail and telephone communications, its Computer and Technology Use guidelines contain a statement [regarding the lack of online privacy] that is perhaps realistic but lacks any support for academic freedom. Citing prohibitions on the use of University information resources for any unlawful , unethical, or unprofessional purpose or activity , the paper suggests that [s]uch broad language fails to protect academic freedom, and suggests anonymous censorship [achieved through monitoring] that would not be acceptable for print material in a college library. The paper concludes by adopting the recommendation of the National Education Association (1997) that absent strong federal or state statutes protecting Email communications in the educational setting, the best safeguard is to negotiate strong collective bargaining contract language in this area .

Snyder (2001) describes an incident at Marquette University in which administrative computing personnel initiated the installation of monitoring software on the network. The applications were to be placed both on publicly available computers and those assigned to faculty members , and would allow the staff to resolve computer problems remotely from their desks; they could also identify out-of-date and unsanctioned software, change system parameters, modify addresses, and carry out a host of other functions.

In explaining the immediate and negative faculty reaction to the program ”one which ultimately defeated its imposition ”the author notes that it is not the function of the IT staff to determine what material faculty members select to prepare their courses, what they choose to load onto their computers, what software is best suited for instruction, and how and when it may be used . This is because these judgments involve larger issues of curriculum, subject matter, research, and those areas of student life that relate to the educational process. Although acknowledging that universities as legal entities possess an unquestionable proprietary interest in their equipment, Snyder refuses to treat this as unique. Instead, he swiftly moves to associate this status with conventional counterparts, stating that faculty members are no more amenable to network snooping than they are to having their paper files randomly inspected by administrators .

As reported by O Neil (2004), academic-initiated surveillance of Web-based commentaries known as blogs have also generated administrative and faculty controversy. In one instance, a professor s comments advocating a ban on homosexual teachers made on a university-hosted server caused a reaction within the faculty senate, including suggestions that such comments surpassed the limits of academic freedom. Pressures from monitoring by a public interest group caused Northwestern University to consider removing astounding online statements made by a professor, claiming that Jewish deaths during World War II were caused by suicides and disease. Although refusing to condone the view, the University resisted requests to remove the offending pages from its server. The effects of the ambiguous linkage between academic information technology services and law enforcement are demonstrated by an incident at the College of Charleston. According to an Associated Press (2003) report, a professor returned to his office to find his computer missing, but all other items within his office were untouched. No notification was transmitted to the professor. Upon investigation, he was informed that the FBI, aided by campus security and local police forensics personnel, had seized the computer to follow up on allegations that child pornography was present within the unit s storage, which ultimately was found to be baseless. Faculty mustered against the College s policy, which affords to itself the right to access electronic information where there is a reasonable belief by the appropriate college personnel that there has been or continues to be a violation of college rules and regulations, local, state and federal laws .

In addition to concerns surrounding student trust in the confidentiality of material placed within his computer, the professor stated that due to the incident, my mental freedom is gone . Perhaps most hopeful, or at least most indicative, of the gap between administrative and faculty concerns is the response of the College s president, who requested that the faculty technology committee report with suggestions on improving privacy policies.

A similar incident with clear implications in the area of sensitive academic scholarship is reported by McCaughey (2003). In this case, the author, a professor of women s studies, found her computer taken without warrant on the strength that it was university property. The author had received e-mail messages from a campus group that claimed responsibility for defacing campus grounds with anti-rape slogans. In reflecting upon the implications of the search and copying of her files, some containing material pertaining to alternative sexual lifestyles ” the subject of scholarly research ” the author states that it also felt like a major intrusion, a violation .I put my most cherished thoughts into that computer, articulate my toughest arguments, and passionately invest my hopes and ideals. She further notes:

Public universities and other state agencies could attempt to redefine people s relationships with their computers, construing them as little more than surveillance tools or de facto bugs . Those of us who value academic freedom must push for open dialogue about what the computer means to us as university workers. (McCaughey, 2003)

These events illustrate that at the most basic levels of technology implementation, there exist significant institutional barriers. Arguably the fault of all parties, they prevent effective communication between cultures that value technical and administrative efficiency and those that prioritize the continuity of factors necessary to sustain the conditions associated with academic freedom. Although sensitization of faculty senates, administrators, and students could resolve some of this tension, additional and arguably more powerful factors have converged to affect the climate in significantly more disruptive ways.

Academic Monitoring and Commerce

The circumstances surrounding the founding of the AAUP attest to the fact that commercial interests have long been involved in the academic structure. Significantly, participation by individuals and business entities has defined the American college and university from the start. They have provided the means for the establishment of private institutions and, even in public ones, have funded large projects. In both cases, these activities have often reduced the need for dependence upon government largess and its byproduct, tight supervision. In this vein, they have also allowed the realization of projects that, if dependent upon public sympathy and acquiescence, might never have been undertaken. As noted by Hofstadter and Metzger (1955), the founding presence of entrepreneurs upon governing boards opened the academy to new ideas and perspectives which frequently translated into a public engagement that was, and arguably remains, unrivaled in England and on the Continent.

That influence flows from economic actors is an old story. The new dimension relates less to the theme than to the approach. As is typical with the digital dynamic, the contemporary assertion of power is achieved through the articulation of seemingly neutral standards. These in turn , are readily accepted on the basis of unexamined claims to expertise.

Early in his work on the subject of computing and society, Joseph Weizenbaum (1976), already a renowned computer scientist, set the tone for the evaluation of the public expertise originating from his discipline: But I am professionally trained in computer science, which is to say (in all seriousness) that I am extremely poorly educated (p. 8). The observation has largely been lost in the modern processes by which universities have become canvasses for wholesale computerization. Relying largely upon the visions and plans proffered by for-profit corporations, including computer manufacturers, publishers, and media conglomerates loaded with technical but not educational knowledge, academic administrators purchase, often without faculty consultation, the equipment that is assured to deliver efficient management and the frequently undefined advantages of the cutting-edge. The effects reach beyond logistics, extended to pedagogical philosophy.

Distance education, a centerpiece of these initiatives, has been adopted by many mainstream institutions. Although some early research in the efficacy and impact of its approach did exist at the time of these decisions, there are no claims that they were of sufficient quality to provide justification for the commitment (Merisotas, 1999) and no evidence that they were even consulted. Instead, as Lieberwitz (2002) states:

These bold moves by universities mix the for-profit, public, and nonprofit sectors as if the choice of institutional structures were simply a matter of convenience with no consequences of the nature of the university or of education. (Lieberwitz, 2002,p . 107)

This modality poses a number of issues relating to surveillance. Of particular significance are the effects upon the curriculum. Again, Lieberwitz (2002) is instructive in her reminder that corporate involvement brings with it certain biases that extend to the substantive content of course offerings, particularly as they relate to profitability. It is also logical to assume that material deemed inhospitable to business sponsors could be the subject scrutiny. The linear, planned nature of electronic courseware simplifies the examination process beyond anything that might be contemplated or tolerated within the traditional classroom. Indeed, Simmons (2001) recounts how the University of Georgia s Board of Regents instituted a General Education Committee to review potential online materials, noting that [t]his review process creates a mechanism by which the academic freedom of the ˜star faculty may be in jeopardy, noting that the General Education Committee may be motivated by concerns of marketability or public approval of course content (p. 9). Further, with distance education s emphasis on e-mail, bulletin boards and Web-based presentations, it is not difficult to conceive of or to implement methods by which faculty-student interactions and submissions produced within a course can be monitored , either explicitly or surreptitiously, by outside observers who need not be academics. As David Noble (1998) has observed , the possibility of this situation is further increased by the fact that many online learning projects are often thinly veiled field trials for product and market development, that while [students] are studying their courses, their courses are studying them .

It has already been hinted that results of such evaluations might lead to radical changes within the composition (or presence) of online faculty. Noble (1998) relates Educom s then president Robert Heterick s statement that [t]he potential to remove the human mediation in some areas and replace it with automation ”smart, computer-based, network-based systems ”is tremendous. It s gotta happen .

The naivety and disturbing implications of this sentiment are only slightly offset by artificial intelligence pioneer Alan Turing s yet unrealized hope that he might computationally construct just a mediocre brain, something like the President of the American Telephone and Telegraph Company (Hodges, 1983,p. 251). The dangers posed by the assumptions supporting Dr. Heterick s assertions remain unresolved .

Monitoring within Academic Research

Although the 1998 State of the Union address presented President Clinton with an enormous opportunity to announce policy initiatives relating to education and the Internet, the first mention of the new digital infrastructure was mainly devoted to expanding its global commercial potential. Consistent with this theme, Congress in the same year passed the Digital Millennium Copyright Act (DMCA). Its primary instrument, the anti-circumvention provision ^{[ 7]} , was intended to dissuade the theft of protected material by prohibiting applications and mechanisms which could be used to defeat protections placed by legitimate owners . Subsequent exploration of its uses reveals that this aim has been expanded to intrude upon academic research and teaching.

In 2000, Princeton computer science professor, Edward Felton accepted a challenge from a corporate coalition , the Secure Digital Music Initiative (SDMI), to break security protocols that had been developed to lock digital music from piracy. Upon preparing to release his findings within an academic conference, Dr. Felton was threatened in writing by the SDMI with prosecution under DMCA anti-circumvention provisions. Only after counter-threats of legal action were portions of the work inevitably allowed to be communicated. Research in an area with obvious links to general computer security was reportedly thwarted and, in at least one case, ended as a result of the SDMI monitoring (Samuelson, 2001). Knowledge of the Felton case and the awareness of the ease in which online information may be monitored by commercial interests caused cryptographer Niels Ferguson to decline Web publication of his work, which documented infirmities with Intel hardware (Bowman, 2001).

Ubiquitous corporate monitoring of Web-based sites has caused deletions of information relating to computing. Perhaps most famous is Microsoft s response to a Slashdot discussion, frequented by numerous academics and students, about a non-protected Kerberos specification relating to the interfacing of servers. When Microsoft offered readers an opportunity to view its code, with the requirement that a confidentiality agreement be clicked prior to viewing, several responders proceeded to post the information to the general readership . At this point, the corporation, relying upon the DMCA, demanded that the information be retracted from the Slashdot forum. Law professor Julie Cohen (2000), in considering whether such data could be posted as a matter of fair use ^{[ 8]} under copyright law, warns that the mere invocation of access controls can be employed to defeat this traditional staple of intellectual interchange.

With the advent of powerful search engines, ongoing surveillance of Internet-based information is easily accomplished. Often, the mere threat of litigation, now ironically delivered by openly developed e-mail protocols, is sufficient to prevent, redact, or eliminate published material. Nowhere is the threat more seriously received than within the academy.

Monitoring and the Instantiation of the Corporate Regime

A recent cartoon cover of New Yorker magazine portrayed the spotlight-illuminated figure of a young girl, cornered in an alley by police, effecting her arrest for possession of illegal music. The scenario, happily, was fictional. Its inspiration, however, is based upon the factual circumstances surrounding civil proceedings initiated by the Recording Industry Association of America (RIAA) against the youngster. Following a general public and media outrage, the matter was settled for $2,000.00, a not insubstantial sum for a youngster living in a New York City Housing Authority complex (Borland, 2003).

Any surprise generated by this affair might be lessened by a consideration of the rhetoric produced by RIAA and its supporters. Emblematic is the statement of Steve Heckler, Senior Vice President of Sony Pictures Entertainment: The [music] industry will take whatever steps it needs to protect itself and protect its revenue streams (Smith, 2000). Perhaps in anticipation of more considered legal review, which many scholars suggest will reveal the infirmities of present digital protection laws (Litman, 2001), holders of digital property have adopted Heckler s radical stance, using a number of methods to alter generational attitudes toward the issue of ownership. Perhaps the most subtle and potentially long- lasting method is sponsored by a British coalition of publishers, broadcasters, music concerns, and other copyright holders. This group, in conjunction with the Department of Education and Skills, is designing programs to integrate property owner-friendly accounts into pre-college curricula (Docherty, 2001). More poignant attempts to solidify the new doctrines at collegiate levels are found in the use of various pressures to compel the cooperation of administrative and academic personnel. University students represent a significant segment of those who download music using illegal online services. They are also a relatively discrete group, easily targeted through the use of online monitoring. Through a combination of public relations, economic influence, and the intimidation of lawsuits, corporate interests have begun the instantiation of a regime hallmarked by the unquestioning acceptance of digital property ownership. As noted by Green (2003), although most academic institutions allow nearly unrestricted Internet access to areas that most employers would prohibit, the exception is in the music download area.

[M]ost colleges and universities do have Internet codes of conduct that cover digital content and copyright. Two- thirds of the 559 two- and four-year institutions participating in the 2003 Campus Computing Survey report that their codes of conduct specifically restrict downloading commercial music/video from the Web. (Green, 2003)

This, according to Green, represents nearly 80% of private and 75% of public four-year institutions.

Where less dramatic methods have failed, corporate copyright holders have instituted or threatened legal action of significant proportion. The use of threats have largely succeeded in achieving alliances, albeit often unwilling ones, with academic administrations . Faced with the prospect of university complicity in expensive civil suits , academic computing staffs have engaged in the monitoring of networks for indications of downloading activity. Read (2004) reports that the University of Florida has instituted what appears to be the most aggressive response of any American college to illegal song-swapping by engaging mechanisms which defeat most on-campus file exchanges. Students and faculty have complained that the prohibition effectively terminates many legitimate forms of online interchange, thereby directly assaulting academic freedom. Further, privacy advocates note that the system allows for the identification of individual student behaviors and is capable of unilaterally terminating computer access for up to five days without due process review. As a further contribution to the instantiation of proper behavior within the new regime, the software requires offenders to click their agreement that they will not again engage in the prohibited conduct. The application is being considered for marketing at other institutions.

Absent from the University of Florida report is evidence of any consideration of the social and psychological effects of subjecting students (and, one would assume, faculty) to constant monitoring and the summary enforcement. Such worries have been raised by those working within the area of online education (Noble, 1998) and easily transfer to the instant situation. In both instances, it appears that the overwhelming desire to satisfy powerful interests eclipse prolonged reflection.

Even without academic-sponsored monitoring mechanisms, colleges and universities are increasingly being called upon to assist in the prosecution of student violators. The Associated Press (2004) reports that a recent stream of suits has been filed against students. Although many of the individuals are currently named as John Does known only by their Internet Protocol (IP) addresses ^{[ 9]} , RIAA lawyers are attempting to compel their disclosure by administrators through subpoena. According to the article, [t]he association praised efforts by colleges and universities to use technology and school policies to crack down on music piracy on their own computer networks. But it said the most egregious offenders on campus deserved to be sued . It appears that if protection of students from the harsh realities of the legal system constituted a motive for university collaboration, the effort has not achieved complete success.

Academic Monitoring and National Security

Following the events of September 11, a focus on the role of the computer in homeland defense has superceded much of the attention formerly accorded to the protection of intellectual property. An almost immediate response to the attacks was the announcement of an Internet-based system designed to track the movements and activities of foreign students within the United States (Department of Justice, 2002). The Student and Exchange Visitor Information System (SEVIS) does not fulfill an entirely new role. Information on visiting students has, in the past, been collected by the federal government. What differentiates SEVIS is its ability to centralize the data and subject it to autonomous procedures such as provided by data mining techniques. This latter capability presents concerns based upon the high stakes decisions that may be committed to imperfectly-designed software, causing the possibility of false inferences reinforced by the high level of faith generally accorded to computer-based decision software. These concerns are heightened by the presence of comprehensive information obtained as a result of the comprehensive data linkages provided by Internet connectivity. Although certainly a point made profoundly debatable by the severity of the precipitating terrorist act, the implications of permanent law enforcement monitoring capabilities within an academic institution deserves constant evaluation.

Another recent expression of this focus is a petition submitted by federal law enforcement agencies to require the Federal Communications Commission (FCC) to require that Internet broadband delivery systems be made amenable to the use of surveillance technologies (Foster, 2004). Citing the Communications Assistance for Law Enforcement Act (CALEA) of 1994 ^{[ 10]} , which mandates that telephone carriers design their systems to be accessible to police monitoring protocols, the petition attempts to make CALEA applicable to Internet-based voice applications.

A coalition of universities, educational technology providers, and academic librarians has determined, without federal contradiction, that the changes would apply to the academic environment. They have protested the measure as having the potential of imposing enormous burdens on Internet architecture. Equally problematic would be the effects upon the privacy of students, faculty, and staff. The ability of law enforcement to gain direct access to personal identifying information through the use of IP address acquisition could accomplish a task that normally requires a court order. In addition, the reconfiguration of computer networks would encompass academic libraries, which would then become passive transmitters of information concerning the borrowing habits of faculty and students. Finally, the CALEA revision proposal has been identified as inhibiting the progress of Internet research and development by requiring that all innovations be made compatible with the federally proposed interface standards (Comments of the American Association of Community Colleges et al., 2004). Computerized responses to national security issues will continue to evolve along two parallel tracks. The selected methods of monitoring will understandably be influenced by the perceived gravity of threats. In addition, the continuing convergence of networked technologies will offer new and powerfully intrusive abilities , which, brought online during times of extreme tension, will be difficult to resist. As in all cases involving digital capabilities, rational judgment will only be accomplished through reflective, human agency.

^{[ 7]} The DMCA anti-circumvention provision is contained within Section 1201 of the Copyright Act.

^{[ 8]} Under American copyright law, fair use may generally be defined as the ability to legally employ reasonable portions of copyrighted material for purposes relating to criticism, education, commentary , news reporting, and parody.

^{[ 9]} Internet Protocol addresses may briefly be defined as a number that is uniquely associated with individual computers connected to the Internet.

^{[ 10]} Communications Assistance for Law Enforcement Act is contained in 47USC, 1001-1010.