Information Technology Council Meeting
March 9, 2007
Fox, Dennis Anderson, Carol Perry, Sarah Denman, Barbara Hicks, Matt Christian,
David Johnson, Gary Anderson, Monica Brooks, Allen Taylor,
Review of Minutes of 1/12/07: Approved
Fox: We have had a lot of trauma this month with the RIAA complaints and the issue with the student arrested for child pornography.
Denman: We are looking at using technology for student evaluations of faculty online. Larry Stickler is working with that. We have looked at every possible policy and procedure and anything that is a matter of record and cannot find anything prohibiting online evaluation. We are looking at it as a possibility. We are also looking at coming forward with some recommendations for possibly doing the required annual evaluation of deans online too. There has always been an issue with transcribing of the comments before they are shared when they are in print form.
Carol: The CTC accreditation site visit has been moved from November to next March.
Allen: In reference to last months minutes. The state is bidding a new MPLS network to replace the current statewide network. The bid opening is March 14. We were successful in exposing a flawed model in the apportionment of shared facilities costs this last couple of years. Itís our goal to be off the current state network by July so we can avoid those shared costs for next year.
Arnold: I think there is going to be what should be a painless upgrade to underlying Oracle operating system this weekend that we think will be relatively transparent.
There will be some other upgrades over Spring Break and big upgrades scheduled over Memorial Day. The Banner group has been notified and they are discussing. Sarah asks if there will be any impact on students in WebCT. A: We are not touching anything in WebCT and there is no indication that it would break anything outside Oracle. Per David: It shouldnít effect integration at this point in the semester.
We have a financial issue with the state relating to shared facility costs. Historically, there was money coming straight from the legislature that was paying for certain number of facilities that are used in common in the state network; that money went away and the assessed costs came down to us. Originally the assessment was $9,000 a month, but it is down to about $7000 a month now. We are looking at alternative ways to thwart those costs and feed that money back into our own network.
We have bid our own access to other
facilities. Over Memorial Day we will be able to roll out the actual
backbone between all of our locations which will mean much higher data rates to
most of our locations. We will have dual link between here and
The time change this weekend has
been wreaking havoc with calendars; we thought it would be a non-issue if all
the patches were up to date.
David: 7 TECI classrooms are going being installed during the 5 days of Spring Break. There is a large crew coming in from Dell. There were issues with space in Receiving with all the new equipment coming in. We are using SH 211 as a staging area.
We have started the interviewing procedure for the Technical Support person for those rooms. We have received 6 applications from HR and have started reviewing those folks.
The new instructional designer, John Hornyak, will start on March 19. He had previously been the director of Distance Learning for Wheeling Jesuit and worked with the NASA program. His background is science/technology/engineering/math. He will be a great addition to the sciences and math area.
We do have Milt Hackle here from
Allen: Some time back we had done some trials to address improved spam control for students and staff. We received lots of negative feedback with the cheap approach. We have been testing the Barracuda Firewall Spam Control System with a pilot of 80 people. It holds spam into a web based repository and the user can go to the repository at any time and white list someone or see email that wasnít delivered to the mail box. Each individual user has control over with user settings. We would like to look at a controlled introduction over the summer and have it fully implemented by Fall. If you have anyone would like to volunteer to test this product, let us know.
Per Ben: students are very appreciative of whatever has been done so far.
Best Practices Ė Out of Office
Jan: Allen had brought up the issue of individuals not knowing proper adequate procedures for voice mail and email when you are out of the office.
Allen: In general the campus is not dealing with specific method for out of office notifications, calendars, greetings etc. A Draft of Netiquette was distributed for your review and feedback.
Should this be something for best practices? Should it require periodic training? Should it be something that is mandated? We get feedback from times when someone has called a faculty/staff member numerous times and caller doesnít know why they are not getting a reply when indeed that person is on sabbatical or on vacation. We need a procedure for transferring calls or Audix message or coverage paths.
Email is also problem with posting out of office message to let people know you are out. Open to discussionÖ..how important is this to the university? It is felt that this is an HR issue for their training, but not something we can require.
Barbara Hicks brings up the issue of spammers hitting out of office message. Spam control and blocks being implemented by Barracuda will help.
Sarah suggests that email policy be referenced.
This will be put on ITC best practices and sent to HR for them to include in training.
Before I finish, I want to ask how closely we need to track to the state plan. Due to the state flexibility bill some things are not necessary to track to the state policy. The state has also re-written their acceptable use policy.
Jan: We would like to simplify our Security Policy. It is too huge to read or understand. I want to request simplification, prioritize what we really need in the policy and link it back to these things we really need such as the incident response things.
We were listed as one of the top 25 schools for illegal downloads. The
question is how they come up with those rankings. We participated in a CIO
conference call with the listed institutions to discuss how the list was
compiled. There is concern that this has something to do with legislative
issues or who has something pending in the legislature. We felt that
Purdue is taking the stand that they are not going to play. I assume they have some legal issues to date. We are trying to follow the law.
RIAA does not know the identity of the students involved. We receive the complaint, we track the student, the student proves to us that the illegal stuff is off the system and they are put back on the network and the problem goes away. All students in our case were running the same software . Other institutions are getting caught on other software.
We want to make sure that students know we are running Cisco Clean Access in the dorms. It checks for viruses and the right software on computers. THIS DOES NOT have anything to do with these complaints.
To date, we have sent emails to the students involved. Of the 20 incidences we could not identify 4 students.
We need to re-emphasize that students cannot share their accounts. We need to re-educate them for security of account information. All of these students admitted that they did download but all institutions have complaints that there are discrepancies in songs on the student lists.
The settlement amounts for these complaints range from $1200 to $3000 but if the student doesnít take the settlement, the fine is $750 per illegal download. It averaged out to over $450,000 per student in fines.
We have not been subpoenaed and have not released any information.
We have seen 300 + incidences since last fall. This takes hours and hours of staff time to track these complaints. We handle this in a legal manner. We are trying a different methodology from education, to controls on the network to costs assessed to students.
Copyright Infringement Complaints
We first have to figure out who the
person is, prepare documentationt
is sent to the appropriate department for identification, documented and then we package it up in some form
such as email or put it into a Footprints trouble ticket. If it is a
student we will notify Student Affairs
itís faculty we notify Academic Affairs; staff goes to Human Resources for some
sort of adjudication.
Once the person is identified, we will remove their access to the internet because DA says we need to do that to avoid liability for the university. We are proposing that we shut off their internet access but leave them on the university network. I added a second case for internal whistle blowing for persons sharing content internally; at that point would shut off nternal access.
When we receive notice that it has
been adjudicated we will start the process to charge a $50 reconnection fee for
a first offense, this will increase to $100 the 2nd offense and in
either case, if found guilty, if we have spent over an hour in cumulative time,
we charge a fee of $45 hr for any other time we have to spend, to be levied
against the individual. If they are let off hook for some reason
there was still expenditure of time, do we eat that time? Per
Per Sarah, need to reference university policies. A special email address needs to be set up to accept emails concerning adjudication results and whether to turn their account back on and whether or not to levy fine. There is a security issue when sending this confidential information to a generic address. Donít want it sent just to Help Desk email. A special email address needs to be established.
Per Ben: There is concern that the
RIAA complaints targeted university housing which is another deterrent to
students living in dorms. We really need to push home the fines and
Need to include sanctions such as suspension or expulsion
Senate Bill No 48 will extend broadband border to border to make sure schools
have access to broadband. It allows for the creation of non-profit
entities that can enter into partnerships with any government agency for the
purpose of expanding and developing technology infrastructure. I donít
know reason this was even generated to begin
It is important to know this exists because we donít know the impact it will have.
Jan: We have had several people that are upset about port security. This is a security requirement and we must continue using this until we have a better method. We have to protect the institution and the students.
Jan: E-voter issue: Security of the ERP was not the issue. 901 numbers and birthdates were taken from the university. E-voter was NOT the problem.
Version 4 of Luminis will force a pin change, but it still wonít cure the problem. Education still has to be important. Students have to learn not to share student number/pin.
Student Affairs action to suspend the use of e-voter has confused users into thinking that e-voter was the problem. It puts an error of suspicion on the security of the system and casts a negative on current election.
There are 8 other institutions dealing with the same issue.