Re: Coursesniper.com

["Carson, Larry" <larry.carson () UBC CA>]

We have a similar thing, student created, at our university: it scrapes public web pages, does not exploit any 
vulnerabilities and makes no use of any credentials. When the service finds the open course and section it sends the 
student an SMS/email/tweet to let them know that the section they want has a spot; it's then up to the student to 
sign-in with their credentials and get the spot before someone else. Our Registrar's office and legal counsel all 
reviewed the site with the owner and found this particular setup to be legal and within acceptable bounds. Please keep 
in mind that this was specific to our university and a specific service - not the one being discussed.


Larry

_______________________
Larry Carson
Associate Director, Information Security Management
University of British Columbia
Room 446 | LS Klinck
6356 Agricultural Road, V6T 1Z2

TEL: (604) 822-0773
FAX: (604) 822-6057
WEB: <http://www.it.ubc.ca/> http://www.it.ubc.ca/

MAIL: 420-6356 Agricultural Road
Vancouver, British Columbia, Canada
V6T 1Z2

CONFIDENTIALITY NOTICE

This electronic message is intended only for the use of the addressee and
may contain information that is privileged and confidential. Any
dissemination, distribution or copying of this communication by unauthorised
individuals is strictly prohibited. If you have received this communication
in error, please notify the sender immediately by reply e-mail and delete
the original and all copies from your system.

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tue Mar 29 08:21:31 2011
Subject: Re: [SECURITY] Coursesniper.com

I’m sorry but I’m still unclear on the issue with Course Sniper. I’m not a lawyer but if someone could explain the 
issue in a bit more detail I would be thankful so I can try to determine the action I should take to stop this once our 
institution is made available on this site.

If Course Sniper is scraping public facing web pages and using them to harvest data I see no wrongdoing. If they are 
using credentials supplied by a student I could possibly see some wrong being done but the bigger issue would likely be 
a policy violation by the student.

Would this be an issue if a student wrote his/her own application to do this same thing? I know of two students on our 
campus who actually did this (probably kicking themselves for missing a business opportunity) but I didn’t think of the 
problem with using their skills in this manner. Should there be something else that I should consider?

Thanks,

Ben Pratt
Saint Cloud State University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Koerber, 
Jeff
Sent: Tuesday, March 29, 2011 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Coursesniper.com

Have you tried contacting the company and asking them to stop?  Their e-mail is contact () coursesniper 
com<mailto:contact () coursesniper com>.  If they don’t stop, talk to your legal department.  Maybe you can claim 
copyright infringement.


Jeff Koerber
Supervisor, Student Computing Services Lab and Service Desk
Office of Technology Services
Towson University


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Schwab, 
Charles A.
Sent: Monday, March 28, 2011 4:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Coursesniper.com

Recently our Registration folks asked us if there was something that could be done to block access for coursesniper, 
here is the web site:  http://www.coursesniper.com<http://www.coursesniper.com/>.  Essentially it is a pay service that 
will check if a course has an open spot.    I was curious if anyone had been requested to block coursesniper or  looked 
into blocking coursesniper.

Charlie.