Re: Marketscore and Higher Ed

[Jere Retzer <retzerj () OHSU EDU>]

Going even further, suppose your example is a physician connecting to a
hospital to check patient records. The physician probably just violated
his business associate agreement with the hospital that he signed in
order to comply with HIPAA.

> > > jhmfa () RIT EDU 12/22/2004 2:16:27 PM >>>
I don't get to have nearly as much fun with technology that I used to.
So
let me ask a simple technical Marketscore question.

Suppose I am a student.  I have a laptop registered with the
university.
There are some folks in my dorm that use a lot of bandwidth for games
servers, anime servers, and basically, I would like a faster
connection.
EULAs are boring, so I bit, I have Marketscore and I am still waiting
for
faster network service.  I am on campus, and I want to check something
in
the Student Information System (also on campus) for a meeting with my
academic advisor, later today.  So I access my academic records, which
are
safe and secure and the university is on the hook for that, because of
FERPA.

** Do my educational records go through Marketscore?  Does their proxy
distinguish between LAN and Internet connections?  **

If the data does go through them, what are the responsibilities under
FERPA
(or any other law that requires control of access) and with whom does
the
responsibility rest?

It seems to me that Marketscore should be illegal by university policy,
in
order to fulfill our responsibility to govern access.  Or does the
EULA
basically have the data owner wave their rights?

But then if I am a faculty member accessing students educational
records
from a Marketscore "equipped" laptop in order to advise, the faculty
member
is not the owner, and they have no ability to wave those rights on
behalf of
the student.

It seems like Marketscore shouldn't be surprised that Universities are
up in
arms, if they do not distinguish between internet, and intranet.  That
"if"
is the key.  If they don't distinguish, I am surprised that more
medical
schools do not protest. From some knowledge of business, it seems like
road
warrior sales people also have administrative rights, and are never
satisfied with the connections from the hotel, and might be tempted to
marketscore.  If that is true, I would expect corporations to be up in
arms
as well, as confidential pricing, strategy, new product information,
or
customer information is routed through Marketscore servers.

I feel like I am missing a few pieces.

Jim

- - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Office: 585-475-5406
Lab: 585-475-4122
Fax: 585-475-7950

"Distrust and caution are the parents of security."  -- Benjamin
Franklin

"We will bankrupt ourselves in the vain search for absolute security."
--
Dwight D. Eisenhower



**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.