Unintended Consequences Can Follow IT Policy Implementation

Click here to receive your FREE subscription to Campus Technology

Home > Unintended Consequences Can Follow IT Policy Implementation

Current News

Unintended Consequences Can Follow IT Policy Implementation

1/26/2005

By Terry Calhoun

Earlier this week I was one of about 300 people attending the National Learning Information Infrastructure (NLII) conference in New Orleans, Louisiana. (I can truthfully say that I have eaten more crawfish--not crayfish--in the past few days than in the entire previous 57 years of my life.) On Tuesday afternoon I was attracted to a presentation titled "Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning," given by Rodney J. Peterson, policy analyst and security task force coordinator, EDUCAUSE. I have corresponded with Rodney over the years. I know that he is the expert in this realm; and also wanted a chance to meet him in person, which I did.

His session was a fast and furious 50,000-foot view of higher education's relationship to the legal issues implicated in the title, and I enjoyed it very much. However, it was a comment--and a subsequent conversation I had afterwards--with another attendee that gave me the topic for this column. Peter Chen, of Stanford University, brought up an issue that had actually been borderline-alluded to in other presentations, but he presented it as a real set of circumstances. It's about one (of many) unintended consequences that can arise from institutional information technology policies.

Right after Rodney had talked about institutions having "turned the corner on using automated means to put security messages in front of students," I commented that the motivation for that may have been the events of August and September, 2003--a time, full of worms and viruses, that none of us will forget. He agreed, saying that "Had we not [made those and related changes], this past fall would have been 20 times worse than 2003."

Then Peter noted that an unintended consequence of some of those automated messages and systems, and implementation of some of the policies that were created in the past year and a half, might actually fly in the face of our institutions' educational missions. How is that? Well, I don't want to provide any details specifically from Stanford, but here's a hypothetical set of circumstances that are similar but not identical. (I've 'hyped" it up a bit to make a point, so this is not what has really happened anywhere . . . yet.)

Suppose Student A leaves his laptop on in his dorm room and Student B, perhaps a roommate or just a good friend, comes along and illegally downloads some files. Suppose that not only d'es your network recognize the illegal download but the download also brings along some malware that causes your network to kick in an automated system that shuts down that computer's access to the network and also block's Student A's authentication to university resources, due to the illegal download.

Not a problem, right? He can go somewhere, to some office, explain the situation--once he understands what happened--and get access to what he needs. Well, consider that perhaps this happens late on a Friday afternoon and finals begin on Monday and that Student A has a very important final exam Monday morning.

Through no fault of his own, he can't get into the network from his dorm room and thus he cannot access the resources of the class for which he has an exam on Monday morning. He tries and tries, but he also can't get adequate IT support for his laptop because by the time he learned he had a problem it was already the weekend and his dorm d'esn't have 24x7 resident experts.