Re: Blocked URL Categories

[Ruth Ginzberg <rginzberg () UWSA EDU>]

Ha!

I have had this argument with XaaS vendors on various occasions.  I have a prefabricated essay I send them (modified 
slightly for your purpose):

For any evil you can name, there’s probably a faculty member somewhere doing research on it and/or teaching about it in 
their classes.  Some things that come to mind are legal and social science scholarship on pornography, political 
science and law enforcement scholarship about terrorism, fine arts classes that teach nude drawing and/or photography, 
computer science scholarship on malware, etc., etc. (I could go on…).

The unifying point here is academic freedom.  Basically, we have to be ever vigilant not to suppress it. Students need 
to be able to pursue scholarship inspired by the readings and the instructors they encounter.  It is of utmost 
importance that higher education institutions, not legislative auditors, retain the right to determine on a case by 
case basis what is and is not legitimate scholarship at institutions of higher education.



Ruth Ginzberg
608-890-3961

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald 
King
Sent: Friday, October 27, 2017 11:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocked URL Categories

Good afternoon,

We are a public institution in Maryland. We are being questioned by our state auditors as to why we permit access to 
the URL categories abused-drugs, extremism, hacking, and gambling when our AUP states IT resources are not to be used 
for illegal activities or "for commercial, religious, political (including activities supporting the nomination of any 
person for political office or attempting to influence the vote in any election or referendum), solicitation, or 
profit-making purposes."

Along with academic freedom, the perspective I have been arguing is one to permit access to the sites. The argument is, 
just because a student accesses a gambling website does not mean they are gambling.

So, my questions to the group are:
·         Do you block these URL categories by default?
·         If so, how do you address the request to research in areas that might require access to these URLs?
·         How did you convince the auditors it was necessary to allow access to these categories?
As always, responses can be addressed directly to me or via the listserv.

Thank you for your input!
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                           
Office: (443) 885-3372
1700 E. Cold Spring Ln.                                                                                           
Email:  ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                 URL:    
http://www.morgan.edu

                                                Growing the future ... Leading the 
world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>