Re: Risks of using "free" public blogs and/or wikis for class activities

[Brad Judy <Brad.Judy () COLORADO EDU>]

I'd consult with your legal counsel on their take on issues like legal
discovery before making decisions based on how you think it might play
out.  I don't think it would play out as described here.  

When one of our students does something stupid off campus like theft I
don't recall anyone coming after the university because they were
"acting as a student of our school".  (If there is a pattern of
problems, they may ask the university to help find a solution.)  Seems
like you might actually be worse off if you gave them a university blog
account and then they did something bad with it.  You certainly can't
make a policy that says students can't use blog services (or
MySpace/Facebook) on their own time, and you'd have a tough time saying
they couldn't do it from on-campus either.  Same goes for faculty/staff
on their own time - any policy like that intrudes into private life.
I'd be very surprised if any campuses passed a policy saying that
official courses cannot use any third party web services.  

I'm not a lawyer, so ask your lawyers what would be best before making a
policy decision based on legal reasoning.  

Brad Judy

Information Technology Services
University of Colorado at Boulder

> -----Original Message-----
> From: HALL, NATHANIEL D. [mailto:halln () OTC EDU] 
> Sent: Saturday, June 23, 2007 9:35 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Risks of using "free" public blogs 
> and/or wikis for class activities
>
> I have a couple of thoughts on this.
>
> 1)    Data exposure - This is a common problem amongst 
> colleges and universities (C&U), even with their own 
> services. I frequently hear of C&U who have exposed personal 
> student and employee data because an instructor put the 
> information on their own publicly available web or FTP 
> server. That said, the information is easier to find if it is 
> only contained within your network and not across the Internet.
>
> 2)    Legal discovery - Let's say you receive complaints 
> against a student or instructor for comments made on a 3rd 
> party service. What do you do? Sure it isn't your server, but 
> they were acting as a student or employee of your school. 
> What if it goes to court? You could look really bad because 
> the school didn't support the needs of the instructor or 
> because the school didn't know what the instructor or 
> students were saying on a "school endorsed" server.
>
> I am in the process (have been for a while) of creating and 
> enforcing policies to prevent  such issues.  I recommend you 
> do the same.
>
> --
> Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security 
> System Administrator Ozarks Technical Community College
>
>
> -----Original Message-----
> From: "Clifford Collins" <Collinsc () FRANKLIN EDU>
> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> Sent: 6/22/07 2:14 PM
> Subject: [SECURITY] Risks of using "free" public blogs and/or 
> wikis for class activities
>
> A faculty member on our campus recently approached our IT 
> group to have a blog and/or wiki set up to support her 
> classes next month. This request was out of the blue and 
> didn't go through normal channels (department head, planning 
> committees, etc).
>  
> IT's response was that some thought, planning and a server 
> were necessary to do it right and therefore more time would 
> be needed to provide a supportable solution. Now the faculty 
> member is saying she will just use one of the many "free" 
> ones on the Internet.
>  
> I'm interested in people's view of any risks or other 
> down-sides to such an approach. Pointers to papers, analysis 
> and whatnot would be appreciated as well. Your thoughts?
>  
>  
> Clifford A. Collins
> Network Security Administrator
> Franklin University
> 201 South Grant Avenue
> Columbus, Ohio 43215
> "Security is a process, not a product"