Educause Security Discussion mailing list archives
Re: Risks of using "free" public blogs and/or wikis for class activities
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Sun, 24 Jun 2007 20:24:34 -0600
I'd consult with your legal counsel on their take on issues like legal discovery before making decisions based on how you think it might play out. I don't think it would play out as described here. When one of our students does something stupid off campus like theft I don't recall anyone coming after the university because they were "acting as a student of our school". (If there is a pattern of problems, they may ask the university to help find a solution.) Seems like you might actually be worse off if you gave them a university blog account and then they did something bad with it. You certainly can't make a policy that says students can't use blog services (or MySpace/Facebook) on their own time, and you'd have a tough time saying they couldn't do it from on-campus either. Same goes for faculty/staff on their own time - any policy like that intrudes into private life. I'd be very surprised if any campuses passed a policy saying that official courses cannot use any third party web services. I'm not a lawyer, so ask your lawyers what would be best before making a policy decision based on legal reasoning. Brad Judy Information Technology Services University of Colorado at Boulder
-----Original Message----- From: HALL, NATHANIEL D. [mailto:halln () OTC EDU] Sent: Saturday, June 23, 2007 9:35 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Risks of using "free" public blogs and/or wikis for class activities I have a couple of thoughts on this. 1) Data exposure - This is a common problem amongst colleges and universities (C&U), even with their own services. I frequently hear of C&U who have exposed personal student and employee data because an instructor put the information on their own publicly available web or FTP server. That said, the information is easier to find if it is only contained within your network and not across the Internet. 2) Legal discovery - Let's say you receive complaints against a student or instructor for comments made on a 3rd party service. What do you do? Sure it isn't your server, but they were acting as a student or employee of your school. What if it goes to court? You could look really bad because the school didn't support the needs of the instructor or because the school didn't know what the instructor or students were saying on a "school endorsed" server. I am in the process (have been for a while) of creating and enforcing policies to prevent such issues. I recommend you do the same. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator Ozarks Technical Community College -----Original Message----- From: "Clifford Collins" <Collinsc () FRANKLIN EDU> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Sent: 6/22/07 2:14 PM Subject: [SECURITY] Risks of using "free" public blogs and/or wikis for class activities A faculty member on our campus recently approached our IT group to have a blog and/or wiki set up to support her classes next month. This request was out of the blue and didn't go through normal channels (department head, planning committees, etc). IT's response was that some thought, planning and a server were necessary to do it right and therefore more time would be needed to provide a supportable solution. Now the faculty member is saying she will just use one of the many "free" ones on the Internet. I'm interested in people's view of any risks or other down-sides to such an approach. Pointers to papers, analysis and whatnot would be appreciated as well. Your thoughts? Clifford A. Collins Network Security Administrator Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- Risks of using "free" public blogs and/or wikis for class activities Clifford Collins (Jun 22)
- <Possible follow-ups>
- Re: Risks of using "free" public blogs and/or wikis for class activities Cal Frye (Jun 22)
- Re: Risks of using "free" public blogs and/or wikis for class activities Valdis Kletnieks (Jun 23)
- Re: Risks of using "free" public blogs and/or wikis for class activities HALL, NATHANIEL D. (Jun 23)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 24)
- Re: Risks of using "free" public blogs and/or wikis for class activities HALL, NATHANIEL D. (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Valdis Kletnieks (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Cal Frye (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Alex Campoe (Jun 26)
- Re: Risks of using "free" public blogs and/or wikis for class activities David Gillett (Jun 26)