Re: Marketscore and Higher Ed

[James H Moore <jhmfa () RIT EDU>]

I don't get to have nearly as much fun with technology that I used to.  So
let me ask a simple technical Marketscore question.

Suppose I am a student.  I have a laptop registered with the university.
There are some folks in my dorm that use a lot of bandwidth for games
servers, anime servers, and basically, I would like a faster connection.
EULAs are boring, so I bit, I have Marketscore and I am still waiting for
faster network service.  I am on campus, and I want to check something in
the Student Information System (also on campus) for a meeting with my
academic advisor, later today.  So I access my academic records, which are
safe and secure and the university is on the hook for that, because of
FERPA.

** Do my educational records go through Marketscore?  Does their proxy
distinguish between LAN and Internet connections?  **

If the data does go through them, what are the responsibilities under FERPA
(or any other law that requires control of access) and with whom does the
responsibility rest?

It seems to me that Marketscore should be illegal by university policy, in
order to fulfill our responsibility to govern access.  Or does the EULA
basically have the data owner wave their rights?

But then if I am a faculty member accessing students educational records
from a Marketscore "equipped" laptop in order to advise, the faculty member
is not the owner, and they have no ability to wave those rights on behalf of
the student.

It seems like Marketscore shouldn't be surprised that Universities are up in
arms, if they do not distinguish between internet, and intranet.  That "if"
is the key.  If they don't distinguish, I am surprised that more medical
schools do not protest. From some knowledge of business, it seems like road
warrior sales people also have administrative rights, and are never
satisfied with the connections from the hotel, and might be tempted to
marketscore.  If that is true, I would expect corporations to be up in arms
as well, as confidential pricing, strategy, new product information, or
customer information is routed through Marketscore servers.

I feel like I am missing a few pieces.

Jim

- - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Office: 585-475-5406
Lab: 585-475-4122
Fax: 585-475-7950

"Distrust and caution are the parents of security."  -- Benjamin Franklin

"We will bankrupt ourselves in the vain search for absolute security." --
Dwight D. Eisenhower



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description: