While it’s a long way from actually changing anything, its still nice to see articles like this indicating that there is a growing awareness amongst US software companies and policy makers that the privacy concerns with the PATRIOT Act by foreign countries may pose a serious business risk to US companies. You know what they say – money talks!
Our colleague Michael Anderson at UTSA has shared this site where a Social Media Task Force is developing guidelines for faculty and staff in the use of social media which is hopefully of interest. - SWL
The article, titled “How universities got it so wrong over Patriot Act outsourcing,” is a bit harsh, but claims that many UK post-secondary institutions, facing reduced budgets and increased demands, rushed to use US-owned cloud-based services like Google Apps for Education or Microsoft Live for .edu, and in so doing, failed to consider that these are still subject to search via the US Patriot Act. For better or worse, this does seem to confirm the current consensus here in BC. – SWL
It seems that even beyond the “privacy” concerns that currently keep BC educational institutions making more use of cloud-based services, there are additional factors keeping companies and institutions across the country as a whole from adopting the approach as fast as our counterparts in other countries. It seems there is a sizable market potential for non-US-based companies to start offering such services in a way that respects both privacy and security concerns. – SWL
A video on Google and Wikipedia in education that places in context the ideas discussed on this web site.
“The public is existing now – is living and breathing – within a much larger sphere of information and knowledge; and that critical openness to knowledge is something that our work [in education] had better address or we are ill-serving our students.”
The video was produced by Michael Wesch from Kansas State University as a contribution to the EDUCAUSE book, The Tower and the Cloud: Higher Education in the Age of Cloud Computing, edited by Richard Katz.
- by Randy Bruce, republished from bccampus.ca blog
In early April 2011, BCcampus hosted a Privacy and Cloud-based Educational Technology Conference. A number of recommendations were made, and followup is underway on the principle themes.
We’ve given some more thought to one of the three questions pursued during that conference:
What are the top three actions the BC public post-‐secondary system can take to maximize the potential of cloud-‐based services while protecting students‘ privacy?
The resulting paper (PDF, 8 pages) by Tony Patrick focuses on one potential action that could be taken: the creation of a mechanism that would protect privacy yet support student access to desired online services that are hosted in jurisdictions subject to the Patriot Act. Although this approach would still require the users to ensure that they do not produce any personally-identifiable content using such US-based services, it would enable a number of services that are currently not usable at all as required course components, to be used by students.
The paper has been distributed to members of the Higher Education Information Technology BC (HEITBC) group, and discussions with specific institutions will take place over the coming months
Additional feedback and suggestions for refinement are welcomed.
Here’s a link to the UBC notice which announces:
Based on feedback gathered from UBC staff, faculty, students, and alumni, UBC has determined that we will be using an external provider for student email. The solution will be either Microsoft or Google’s email service for higher education.
Our next steps will be to evaluate each potential solution. The final decision on which option to offer students – Microsoft or Google – will be made by UBC VP Students, in conjunction with UBC CIO, based on the functional requirements gathered from students, UBC administration, and the strategic fit with existing relationships.
The notice indicates UBC will offer a mailbox “hosted in Canada” and an “opt-out function” which will address the issue of informed consent under B.C.’s privacy legislation (FIPPA).
I wish I’d found this site while I was researching my background paper for the April 4 conference. This topic continues to fascinate me and I’m interested to explore the implications for public policy here in B.C.
It’s a report on some research into privacy implications of online learning. Heather Ford and her colleagues at Berkeley have developed a tool to help think through the privacy impacts of educational technology (or social media in ed tech). She writes about it in a blog post about the research:
This is really just exploratory research but we believe that the lack of nuanced social environments in online learning systems is a big part of what is leading to high dropout rates in distance/online learning programs and that we really need to build for “intimacy” rather than either the “private/closed” or “public/open” architecture characterised by current systems. By looking at successful learning communities – even if they are mediated only partially by networked technologies – we can start to understand how online educational systems can be better designed to afford greater possibilities for learning.
Better late than never! I will be taking a further look at the Mask project web site and am a new subscriber to Heather’s blog.
Today is IPv6 day. I can’t attend the IT4BC conference today to celebrate (although many BCcampus representatives will be there), so instead I’ll post a link to an article that explores the privacy implications of the new protocol.
In a nutshell: Internet Protocol (IP) addresses are running out because we have so many devices now that talk to the internet, so now we need to change to an protocol that can handle longer (therefore more numerous) addresses. Here’s an analogy: if you live in a large urban centre and you are of a certain age, you will remember the days when you only had to dial a 7-digit number to make a local call. You now must place the area code first, making it a 10-digit number. If you are of a – ahem – more certain age, you remember when there were far fewer area codes. Telecom companies have been adding area codes over the past several decades to keep up with demand.
Here’s the question: are all these IP addresses considered personally-identifiable information? If so, how will our internet service providers and governments protect it?
I’ve had the pleasure of meeting Chris Parsons at various conferences in the past year. He’s a PhD candidate in the Department of Political Science at the University of Victoria whose research interests focus on digital privacy. He has an effective and thoughtful summary of the issue of privacy and IPv6 in a blog post from March last year. As he points out, perhaps this is just “doomsday talk,” but it is worth considering:
unless privacy protections are genuinely entrenched in law with a strong civic commitment to privacy, unless IP addresses are recognized as always potentially personally identifiable information (at a minimum), then IP addresses are going to matter a whole lot more to security and marketing groups than they already do. And when marketers are interested in particular information, you can be sure that it’s not curiosity, but because they can leverage it to invade our minds and track our actions.
At our privacy conference this past April there was discussion of a technological solution to encrypt/obscure the digital “handshake” when information is passed through the internet. Chris’s post makes clear that we as a post-secondary system and as a society need to be committed to mandating and implementing that digital handshake.
Here is an example of a K-12 school district in the U.S. that has moved to Live@Edu. By the sounds of it, they did not have restrictive privacy legislation to deal with, as did Vancouver Community College when they moved to the Live@Edu service. However, security and privacy were still important considerations. The school district’s IT director is quoted as saying the cloud-based service “offers control over domain accounts and security, requirements the state’s technology department felt were necessary in the educational environment.”
Read the entire news release.