NIU changing Internet use policy for students
August 26, 2014
Students don’t have to worry about going without pornography or Twitter: NIU is clearing up its Acceptable Use Policy to make it clear students can access social media, explicit material and other sites without worrying about a firewall or warning signs popping up.
The newly implemented firewall warnings and language in the university’s Acceptable Use Policy confused some who thought NIU was trying to ban students from visiting certain sites, causing an Internet furor last week after blogs BetaBeat and Jezebel reported the university was blocking pornography, political sites and social media, among other things.
The Acceptable Use Policy will be altered, with two policies — one for employees, one for students — created to assure students their Internet use isn’t threatened. Chief Information Officer Brett Coryell said the changes NIU has made to work with students makes it harder for NIU to provide information when law enforcement asks about user activities, and NIU will need to have a campuswide conversation about the network and how it is used.
Acceptable Use Policy
The Acceptable Use Policy hasn’t been changed since it was created in 2007 and it “needs to be reexamined for the modern generation,” Coryell said. A committee composed of employees, students and an alumna who expressed concern over the policy will give feedback on changes to it, Coryell said.
“… The primary change that needs to happen is to be able to distinguish what types of activities are allowable for employees versus what types of activities are allowable for students,” Coryell said.
The policy dictates that “acceptable use of NIU information technology resources is based on common sense, decency, ethical use, civility, and security applied to the computing environment.”
The policy says it applies to “all individuals, including, but not limited to, employees, students, customers, volunteers and third parties” who use the Internet service. But, the warnings that appeared were meant to apply to employees using the Internet during work and not to students who are not employees, said NIU spokesman Paul Palian.
The policy does not “differentiate well” between what students and staff can do, said Information Security Director Jim Fatz.
“The policy was a blended policy that included restrictions on employees and staff that are legal restrictions …,” Fatz said. “They’re not supposed to be surfing social media, they’re not supposed to be using their work time for personal use, they’re not supposed to be doing political activities while they’re working, and that’s a state law. The Acceptable Use Policy really was primarily designed to cover that.
“But, along with the Acceptable Use Policy we also included students because no matter who you are, you also can’t use the network for illegal activities. …
“The most obvious example that we’re struggling with is pornography. So, for example, any employee of the university sitting at their desk at work, they’re not suppose to surf porn, but it’s fine for students to surf porn. Nobody’s denying that.”
Firewall, warnings
The firewall is used to protect NIU’s network by blocking sites with malicious code. Warning notices from NIU, which could be bypassed, also appeared on some sites to remind employees using the network they couldn’t view inappropriate material, including social media sites, during work while using state-owned property in accordance with the Acceptable Use Policy and State Officials and Employees Ethics Act.
Network users also objected to an authentication process that required some users to enter identifying information when trying to access websites.
The only things currently blocked by NIU are sites that pose a security risk to the network or the people using it, Coryell said.
Coryell said the warnings, authentication process and other measures have been or will be removed until there is a chance to “have a conversation” on campus about the network.
Security
The changes have hurt NIU’s ability to comply with law enforcement requests for information about Internet users, Coryell said. He said NIU will not be able to offer as much information about what users did during Internet sessions if law enforcement reports a threat being made from someone using the NIU network.
“If the Secret Services shows up on campus and wants to know who was sending a threatening email to the president or if the Secret Service shows up on campus and they want to know who was accessing a website about making bombs or something like that, there’s a little bit we can do to try to satisfy their request for information, but I think ultimately … we aren’t going to be able to provide the information about illegal activity that we might have,” Coryell said.