Information Technology Council Meeting

March 9, 2007


Present:           Jan Fox, Dennis Anderson, Carol Perry, Sarah Denman, Barbara Hicks, Matt Christian, David Johnson, Gary Anderson, Monica Brooks, Allen Taylor, Layton Cottrill, Arnold Miller, Tom Hankins, Ben Sandy


Review of Minutes of 1/12/07:   Approved


Committee Updates:



Fox:                 We have had a lot of trauma this month with the RIAA complaints and the issue with the student arrested for child pornography.



Denman:          We are looking at using technology for student evaluations of faculty online. Larry Stickler is working with that.  We have looked at every possible policy and procedure and anything that is a matter of record and cannot find anything prohibiting online evaluation.  We are looking at it as a possibility. We are also looking at coming forward with some recommendations for possibly doing the required annual evaluation of deans online too.  There has always been an issue with transcribing of the comments before they are shared when they are in print form.


Carol:              The CTC accreditation site visit has been moved from November to next March.


Allen:              In reference to last monthís minutes.  The state is bidding a new MPLS network to replace the current statewide network.  The bid opening is March 14.  We were successful in exposing a flawed model in the apportionment of shared facilities costs this last couple of years.  Itís our goal to be off the current state network by July so we can avoid those shared costs for next year. 


Arnold:            I think there is going to be what should be a  painless upgrade to underlying Oracle operating system this weekend that we think will be relatively transparent. 


There will be some other upgrades over Spring Break and big upgrades scheduled over Memorial Day.  The Banner group has been notified and they are discussing.  Sarah asks if there will be any impact on students in WebCT.  A:  We are not touching anything in WebCT and there is no indication that it would break anything outside Oracle.  Per David: It shouldnít effect integration at this point in the semester. 


We have a financial issue with the state relating to shared facility costs.  Historically, there was money coming straight from the legislature that was paying for certain number of facilities that are used in common in the state network; that money went away and the assessed costs came down to us.  Originally the assessment was $9,000 a month, but it is down to about $7000 a month now.  We are looking at alternative ways to thwart those costs and feed that money back into our own network. 

We have bid our own access to other facilities.  Over Memorial Day we will be able to roll out the actual backbone between all of our locations which will mean much higher data rates to most of our locations.  We will have dual link between here and South Charleston at a full gigabit to give us full redundancy between here and MUGC. 


The time change this weekend has been wreaking havoc with calendars; we thought it would be a non-issue if all the patches were up to date.  Vista and Schedule 25 look okay.  The Exchange Server was an exception to the rule.  Even if the patches were applied to server and client machines (computers, PDA, phones), there were instances where existing appointments applied before the patches were applied are still off.  Remove the meeting from the calendar and adding it back in was the only solution.  From March 11 to April 2 are the dates that are causing problems.  This same thing will happen in October when we stay on a week longer and there could be appointments that have problems then too.  This change is still not fixed in the US Code and it is still open for changes next year too.  So, this could plague us for some time until the government decides what they are going to do.


David:              7 TECI classrooms are going being installed during the 5 days of Spring Break.  There is a large crew coming in from Dell.  There were issues with space in Receiving with all the new equipment coming in.  We are using SH 211 as a staging area. 


We have started the interviewing procedure for the Technical Support person for those rooms.  We have received 6 applications from HR and have started reviewing those folks.


The new instructional designer, John Hornyak, will start on March 19.  He had previously been the director of Distance Learning for Wheeling Jesuit and worked with the NASA program.  His background is science/technology/engineering/math.  He will be a great addition to the sciences and math area.


Jan:                  Marshall is participating with the rest of the state with a FCC Rural Health Grant.  This would provide dollars for Internet II.  They are building a loop right to AEP on 6th    Avenue this summer.  So, we finally have a cost effective solution to Internet II.  The grant would provide a million plus if we get the grant.  This is one of the pieces we need for research.  Internet II is more than just research, we are seeing tremendous academic things happen on Internet II.  We are the only institution in our athletic conference that does not have Internet II and they get their game tapes across that method.  One of the base things from a health care perspective, that all clinics would have, would be a prescription piece that links rural health facilities for electronic prescriptioning.  It would improve health care at the lowest level of care.


We do have Milt Hackle here from Bowling Green consulting with us about e-portfolios.  We are not pushing any particular product, but we have to get this one right from the beginning.  We need to make firm decisions on what we need to have in place to make it happen.  It is a long term commitment. 


Allen:              Some time back we had done some trials to address improved spam control for students and staff.  We received lots of negative feedback with the cheap approach.  We have been testing the Barracuda Firewall Spam Control System with a pilot of 80 people.  It holds spam into a web based repository and the user can go to the repository at any time and white list someone or see email that wasnít delivered to the mail box.  Each individual user has control over with user settings.  We would like to look at a controlled introduction over the summer and have it fully implemented by Fall.  If you have anyone would like to volunteer to test this product, let us know. 

Per Ben:  students are very appreciative of whatever has been done so far. 

Per Arnold: there is some absolute filtering that is taking place by subscribing to spam blocking lists.


Best Practices Ė Out of Office


Jan:                  Allen had brought up the issue of individuals not knowing proper adequate procedures for voice mail and email when you are out of the office. 


Allen:                In general the campus is not dealing with specific method for out of office notifications, calendars, greetings etc.  A Draft of Netiquette was distributed for your review and feedback. 


Should this be something for best practices? Should it require periodic training? Should it be something that is mandated?  We get feedback from times when someone has called a faculty/staff member numerous times and caller doesnít know why they are not getting a reply when indeed that person is on sabbatical or on vacation.  We need a procedure for transferring calls or Audix message or coverage paths. 

Email is also problem with posting out of office message to let people know you are out.  Open to discussionÖ important is this to the university?  It is felt that this is an HR issue for their training, but not something we can require.

Barbara Hicks brings up the issue of spammers hitting out of office message.  Spam control and blocks being implemented by Barracuda will help.

Sarah suggests that email policy be referenced.

This will be put on ITC best practices and sent to HR for them to include in training.


Arnold:             I have not been able to finalize the emergency response policy because we still have outstanding issues with the internal and the state security policy.

Before I finish, I want to ask how closely we need to track to the state plan.  Due to the state flexibility bill some things are not necessary to track to the state policy.  The state has also re-written their acceptable use policy.


Jan:                  We would like to simplify our Security Policy.  It is too huge to read or understand.  I want to request simplification, prioritize what we really need in the policy and link it back to these things we really need such as the incident response things. 

Arnold will submit the file electronically and we will take a vote next meeting


RIAA Issues:


Jan:                  We were listed as one of the top 25 schools for illegal downloads.  The question is how they come up with those rankings.  We participated in a CIO conference call with the listed institutions to discuss how the list was compiled.  There is concern that this has something to do with legislative issues or who has something pending in the legislature.  We felt that Marshall was targeted because of the movie and the high profile of the name right now. 

Purdue is taking the stand that they are not going to play.  I assume they have some legal issues to date.  We are trying to follow the law.   

RIAA does not know the identity of the students involved.  We receive the complaint, we track the student, the student proves to us that the illegal stuff is off the system and they are put back on the network and the problem goes away.  All students in our case were running the same software, Warez.  Other institutions are getting caught on other software.

We want to make sure that students know we are running Cisco Clean Access in the dorms.  It checks for viruses and the right software on computers.  THIS DOES NOT have anything to do with these complaints. 

To date, we have sent emails to the students involved.  Of the 20 incidences we could not identify 4 students. 


We need to re-emphasize that students cannot share their accounts.  We need to re-educate them for security of account information.  All of these students admitted that they did download but all institutions have complaints that there are discrepancies in songs on the student lists.


The settlement amounts for these complaints range from $1200 to $3000 but if the student doesnít take the settlement, the fine is $750 per illegal download.  It averaged out to over $450,000 per student in fines.

We have not been subpoenaed and have not released any information.

Per Arnold:  It appears that these 20 complaints were repeats of what we received in December.  Our procedure was to shut them down and remove the stuff from the machine.  The RIAA is now coming back on the same complaint.  This creates a problem for the student because they were told that if they removed the illegal stuff from their machines they would be okay.  Now, they have essentially destroyed evidence and they have nothing to compare to the lists they are receiving in the RIAA complaints. 


We have seen 300 + incidences since last fall.  This takes hours and hours of staff time to track these complaints.  We handle this in a legal manner.  We are trying a different methodology from education, to controls on the network to costs assessed to students.


Copyright Infringement Complaints


Arnold:             What you have before you is the proposed procedure that we could use internally.  It is meant to establish a procedure of what we should do when we get one of these complaints.  It will be rolled into the Incident Response protocol and it will be considered a Level 3 request. 

We first have to figure out who the person is, prepare documentation. It is sent to the appropriate department for identification, documented, and then we package it up in some form such as email or put it into a Footprints trouble ticket.  If it is a student, we will notify Student Affairs;, if itís faculty we notify Academic Affairs; staff goes to Human Resources for some sort of adjudication.

Once the person is identified, we will remove their access to the internet because DMCA says we need to do that to avoid liability for the university.  We are proposing that we shut off their internet access but leave them on the university network.  I added a second case for internal whistle blowing for persons sharing content internally; at that point would shut off nternal access.

When we receive notice that it has been adjudicated we will start the process to charge a $50 reconnection fee for a first offense, this will increase to $100 the 2nd offense and in either case, if found guilty, if we have spent over an hour in cumulative time, we charge a fee of $45 hr for any other time we have to spend, to be levied against the individual.  If they are let off hook for some reason, and there was still expenditure of time, do we eat that time?  Per Layton:  no choice except to eat it.

Per Sarah, need to reference university policies.  A special email address needs to be set up to accept emails concerning adjudication results and whether to turn their account back on and whether or not to levy fines.  There is a security issue when sending this confidential information to a generic address.  Donít want it sent just to Help Desk email.  A special email address needs to be established.

Per Ben: There is concern that the RIAA complaints targeted university housing which is another deterrent to students living in dorms.  We really need to push home the fines and Marshallís stance against downloading to make sure the incoming students are made very aware that there are fines that will be levied.  This is a major problem for marketing campus facilities. 

Need to include sanctions such as suspension or expulsion


Dennis:             Senate Bill No 48 will extend broadband border to border to make sure schools have access to broadband.  It allows for the creation of non-profit entities that can enter into partnerships with any government agency for the purpose of expanding and developing technology infrastructure.  I donít know reason this was even generated to begin with.   Per Arnold:  this is a nationwide push by government to be able to manage their own stuff.  They have tried this in some cities; and there are cities who have actually put in wireless infrastructures of their own.  If the City of Huntington or Charleston tried that, Verizon would be on them in no time and would use political pressure to keep it from happening.

It is important to know this exists because we donít know the impact it will have. 


Jan:                  We have had several people that are upset about port security.  This is a security requirement and we must continue using this until we have a better method.  We have to protect the institution and the students. 


Jan:                  E-voter issue:  Security of the ERP was not the issue.  901 numbers and birthdates were taken from the university.  E-voter was NOT the problem. 

Version 4 of Luminis will force a pin change, but it still wonít cure the problem.  Education still has to be important. Students have to learn not to share student numbers/pins

Student Affairs action to suspend the use of e-voter has confused users into thinking that e-voter was the problem.  It puts an error of suspicion on the security of the system and casts a negative on current election.

There are 8 other institutions dealing with the same issue.