Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risks of using "free" public blogs and/or wikis for class activities

From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Mon, 25 Jun 2007 12:42:21 -0600
These are some good points.  



When somebody commits theft, they aren't acting as a student. 
 When someone posts to a bulletin board for class, they are.


This is an important distinction where I think things get sticky, unless
there's a specific assignment to post blog entries, I don't see there
being much university involvement.  As you have pointed out, if there
is, then the situation likely changes.  Each campus has to figure out to
what degree they can/want to create policy about what mechanisms
professors/instructors can use in their courses.


You certainly can't make a policy that says students can't use blog 
services (or MySpace/Facebook) on their own time, and you'd have a 
tough time saying they couldn't do it from on-campus either.


I have to disagree.  I have seen plenty of cases where the 
school even expelled students because they posted or had 
pictures of something the school didn't like.  The first 
Google result "Student Expelled After Revealing He's Gay On 
MySpace".  Why?  The "school has a policy that allows 
administrators to expel a student who "promotes sexual 
behavior not consistent with Christian principles."  A policy.


The policy mentioned (and similar ones) has nothing to do with
technology or blogging and, while I don't agree with the school's
policy, I think the approach is the appropriate one: create policies
about actions/behavior, not about where blogging occurs.  

Brad


As I said before, create policies.  Now, let me add this.  As 
part of your policy creation, you should consult your lawyer.
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security 
System Administrator OTC Computer Networking

Office: (417) 447-7535

-----Original Message-----
From: Brad Judy [mailto:Brad.Judy () COLORADO EDU]
Sent: Sunday, June 24, 2007 9:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Risks of using "free" public blogs 
and/or wikis for class activities

I'd consult with your legal counsel on their take on issues 
like legal discovery before making decisions based on how you 
think it might play out.  I don't think it would play out as 
described here.  

When one of our students does something stupid off campus 
like theft I don't recall anyone coming after the university 
because they were "acting as a student of our school".  (If 
there is a pattern of problems, they may ask the university 
to help find a solution.)  Seems like you might actually be 
worse off if you gave them a university blog account and then 
they did something bad with it.  You certainly can't make a 
policy that says students can't use blog services (or
MySpace/Facebook) on their own time, and you'd have a tough 
time saying they couldn't do it from on-campus either.  Same 
goes for faculty/staff on their own time - any policy like 
that intrudes into private life.
I'd be very surprised if any campuses passed a policy saying 
that official courses cannot use any third party web services.  

I'm not a lawyer, so ask your lawyers what would be best 
before making a policy decision based on legal reasoning.  

Brad Judy

Information Technology Services
University of Colorado at Boulder


-----Original Message-----
From: HALL, NATHANIEL D. [mailto:halln () OTC EDU]
Sent: Saturday, June 23, 2007 9:35 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Risks of using "free" public blogs and/or 
wikis for class activities

I have a couple of thoughts on this.

1)  Data exposure - This is a common problem amongst 
colleges and universities (C&U), even with their own services. I 
frequently hear of C&U who have exposed personal student 

and employee 

data because an instructor put the information on their own 

publicly 

available web or FTP server. That said, the information is 

easier to 

find if it is only contained within your network and not across the 
Internet.

2)  Legal discovery - Let's say you receive complaints 
against a student or instructor for comments made on a 3rd party 
service. What do you do? Sure it isn't your server, but they were 
acting as a student or employee of your school.
What if it goes to court? You could look really bad because 

the school 

didn't support the needs of the instructor or because the school 
didn't know what the instructor or students were saying on 

a "school 

endorsed" server.

I am in the process (have been for a while) of creating and 

enforcing 

policies to prevent  such issues.  I recommend you do the same.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System 
Administrator Ozarks Technical Community College


-----Original Message-----
From: "Clifford Collins" <Collinsc () FRANKLIN EDU>
To: "SECURITY () LISTSERV EDUCAUSE EDU" 

<SECURITY () LISTSERV EDUCAUSE EDU>

Sent: 6/22/07 2:14 PM
Subject: [SECURITY] Risks of using "free" public blogs and/or wikis 
for class activities

A faculty member on our campus recently approached our IT group to 
have a blog and/or wiki set up to support her classes next 

month. This 

request was out of the blue and didn't go through normal channels 
(department head, planning committees, etc).
 
IT's response was that some thought, planning and a server were 
necessary to do it right and therefore more time would be needed to 
provide a supportable solution. Now the faculty member is 

saying she 

will just use one of the many "free"
ones on the Internet.
 
I'm interested in people's view of any risks or other down-sides to 
such an approach. Pointers to papers, analysis and whatnot would be 
appreciated as well. Your thoughts?
 
 
Clifford A. Collins
Network Security Administrator
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"
Previous By Date Next
Previous By Thread Next

Current thread: