Technology Initiatives

Academic Computing

As a bridge into the more technical sides of privacy issues, we spoke with an Academic Computing official.  Academic Computing, according to the official, has a four-prong focus at Stanford.  They work with students in dorms through Residential Computing, they work with faculty by providing curricular support (ITSS provides the faculty with desktop support), they work with libraries and all public computer clusters such as in Meyer and in the Lair, and finally, they develop courses for the local community through a new program called Academic New Media.  This new program funds itself through the tuition paid by local high school teachers and others who want to learn about new technologies.  The new equipment purchased is then used by Stanford to benefit its students.

Since Academic Computing resides under the auspices of the Stanford University Libraries and Academic Information Resources, they focus more on technical support and academic resources than issues of privacy and security.  They work with University libraries on scholarly projects such as digital libraries and other initiatives.  A large portion of their work is creating the technical backbone for these projects.

The public clusters are maintained by copying a disk image of a hard-drive onto the local computer.  The software used includes Assimilator on the Macintosh and Ghost on the PC.  These help prevent students who download objectionable material (like pornography or other files that may violate the Computer Usage Policy) from negatively influencing other students. In order to discourage misuse of the Stanford network, it is the goal of Academic Computing to have PC- or Mac-Leland installed on every public computer, thereby requiring a more secure, Kerberos user login. This software offers a log of all users of the public clusters, to be used in situations where suspicions arise about the user of a cluster computer during a specific time period.

The software on the computers is limited; there are a finite number of licensed copies in use at one given time.  Usage tracking does exist to see if there are enough copies available for student usage loads.  Though it is possible to determine which IP address was using which piece of software at a given time, the academic computing official explained that the difficulty of this task is enough deterrence in and of itself.

Their most far-reaching tool is the team of RCCs who educate and assist students in dormitories.  The hope is to make sure all RCCs are kept well informed and can therefore relay relevant facts to the students.

When violations occur, Academic Computing turns the case over to the Stanford Security Office if the severity of the situation requires it.  It seems that Academic Computing is more likely to take the lenient side and issue a warning to students.  Cases where pornography is being viewed at a public console often results in asking the student to move to a less visible console so as to not bother others. Other cases are more clearly objectionable; for example, a computer used for harrassing another person or harming another person's work. These situations are brought straight to and subsequently handled by the Computer Security Officer.                 

Distributed Computing

We also spoke with an official from the Distributed Computing Group (DCG) at Stanford whose work involves maintaining the registries on campus, as well as contributing to the MacStanford and PCStanford projects.  One of the projects impacting privacy that his group is responsible for is the registry project.  As described on the project homepage, a registry “is a place in an information architecture where objects (people, organizations, etc) can be described once so that multiple systems can refer to the same objects by common labels” (http://www.stanford.edu/group/itss-ccs/project/registry/).  As the official said, the registry can be thought of as a composite database that draws from multiple data sources from around the university.  The person registry, for example, is the backend service that front ends such as Stanford.You and whois query for their information.

The motivation behind maintaining these central registries is to be able to focus distribution of data at a single point—this also means that Stanford’s privacy policy and rules can be applied at the same point.  Stanford currently supports three different levels of privacy access: public, Stanford-only, and private.   Public means that anybody, inside or outside Stanford’s campus, affiliated or non-affiliated with the University may have access to that information.  The Stanford-only mode of access limits visibility to people who are affiliated with Stanford, such as students, faculty, and staff, and who can provide authentication to the system proving they are members of the Stanford community.  Finally, a student can decide that a piece of information should not be visible to anyone besides him/herself; this is the private access level that can be specified.

One of the challenges facing DCG concerns other systems on campus that maintain data about students, faculty and staff.  Often, there are data systems sprinkled throughout campus that shadow the main data repository.  For example, an academic department might decide that they would like to maintain a list of all undergraduate majors in that department locally, with some added information that might not make sense for the central repository to have.  Another DCG administrator commented that it requires constant vigilance to find people who are running their own data and directory services and ensure that they are complying with privacy policy and regulations.  The extent of shadow data systems on campus made the administrator remark, “I feel like we’re losing battles but winning the war” on tracking these localized data systems and ensuring their compliance.  The administrator's statement reflects his belief that it is incredibly difficult to manually check everybody for conformity, but that more and more people are becoming educated about compliance, and this behavior would subside in the future.

The DCG official says that Stanford recognizes the need to protect personal information as more and more of it is becoming a common asset to online data sources.  Another important piece of the puzzle that goes hand in hand with privacy is online security.  At Stanford, Kerberos is the official authentication mechanism that the University has chosen to adopt.  The DCG administrator said that one of the main objectives of his group is to “provide host based security that places the authentication event as close to the user as possible.”  For Kerberos, authentication of a user is done on the user’s computer—there is no information that must be revealed in the open in order for a user to prove his/her identity.  In addition, the administrator also commented that the majority who run localized directory services do not knowingly violate student privacy by posting information without access controls, and that once made aware of the issues, the policy, and regulations surrounding personal information, are more than happy to comply.

Although there are other security mechanisms and platforms available, Stanford uses Kerberos because it is a general and flexible authentication mechanism where work has already been done (in large part by MIT).  Stanford is currently in the process of moving from Kerberos 4 to the next generation Kerberos 5.  The DCG administrator says that Kerberos 5 increases security, cleans up the design, and in general, incorporates the lessons learned from Kerberos 4 into building a more robust system. 

In keeping with generally accepted security principles, anybody who wishes can gain access to Stanford’s source code for the PC/MacStanford products to review the program.  For Stanford’s security products, the DCG official sees the Mac/PC Stanford packages becoming thinner and thinner as next generation operating systems and beyond start integrating more security features directly into the kernel.  That is, the Stanford security software will become more of a switching application that sits on top of existing functionality.  However, the official commented that there is great value added in promoting Stanford’s security architecture due to the fact that it is the University’s way of integrating necessary security features into one seamless package (features such as Kerberos authentication and POP proxy).  A Stanford systems and technology manager concurred: “from a software perspective, we are attempting to build privacy and security into everything, to provide a common platform for the campus to use.”

As mentioned before, one of the problems affecting the Stanford campus is that many people are currently unaware and uneducated about privacy and security.  The manager commented that many people who use campus computing resources assume that if they use a computer, then somebody out on the network will be looking out for their best interests, when in fact that is not true.  Although Stanford has introduced education plans for students and staff that intend to increase awareness of security and privacy, the manager said that there was essentially little to no response from the campus community to these programs.  He also stated that the trend for the future was to avoid relying solely on education of end users, and that it is better to build higher levels of security into any service or system whenever practicable.  For example, the recently completed secure email campaign required all users to connect securely in order to retrieve email, whereas before the university relied upon educated users to choose to connect securely. 

Ultimately, regarding University-provided software, the systems and technology manger is looking to reduce unnecessary complexity while increasing security—there are secure telnet and secure FTP initiatives currently being worked on by the Information Technology organizations on campus.  The challenges that Stanford faces are similar to those of anybody dealing with technology:  there are so many shifting and emerging technologies that it is difficult to keep completely up to date.  However, as much as possible, Stanford is attempting to anticipate budding technologies and their possible uses. On the privacy front, the manager said that “privacy and security are core institutional values at Stanford,” with Stanford attempting to extend privacy control with trust backed by policy backed by written agreements.  In the future the DCG administrator hopes that people will become more aware of the roles they play within the University and how those roles affect privacy.