Government warns against using public computers for private dealings

By Greg Phillips

Published: September 28, 2008

When Emily Ham returned to Troy University’s main campus after finishing her summer internship in Washington, D.C., she expected to get back to college life as usual.

For her, like most students, that life involves heavy use of the Internet for everything from chats to social networking.

This year, however, something was different — not only was she unable to access MySpace or Facebook, she was unable to access the Internet at all, because an on-screen prompt notified her that her anti-virus software was out of date and, thus, she could not log on to the campus network.

It was all part of Impulse SafeConnect, the university’s new network authentication system aimed at ensuring Internet security on each campus and eliminating peer-to-peer file sharing.

“It’s something we’ve been reviewing and testing for nearly a year now,” said Greg Price, Troy’s chief technology officer. “The primary reasons behind deploying the system were to foster baseline safe computing practices for all of our end users, whether they be residential students, commuter students or employees.”

For Ham, this caused concerns.

“I had to delete my (anti-virus) program completely and somehow find a way to get back online so I could download my software again,” said Ham, who is the co-editor of the school newspaper, the Tropolitan. “It’s not easy when it’s not letting you online to begin with to download the software you need.”

Inconvenience, many experts argue, is a small price to pay for tighter security in one of the least secure areas in the world – cyberspace.

“We emphasize the importance of securing wireless networks,” said Rushing Payne, section chief of the Consumer Affairs Division of the Alabama Attorney General’s Office. “Somebody can pull up with a laptop in the street and uses your Internet access to conduct illegal activities. If law enforcement tries to search for the perpetrator and tracks down the IP address, it will lead them to that house, those people whose access was being unknowingly used to conduct illegal activity.”

That threat is one of the reasons Troy and many other universities are cracking down on network security.

“With the advent of our widespread network, it was easy for people who were not university students or employees to access the network, and it was an abuse of resources we wanted to be able to minimize,” Price said. “By having unique logins for all users at all locations, we can be certain everyone using our resources are legitimate Troy University constituents.”

According to Dr. Steve Padgett, director of the Hall School of Journalism and Communications, Troy was asking for trouble with its open network.

“The original network access here was what you would call open access, meaning anyone could log on anywhere, and if you read anything anywhere about network security, you’ll find out that’s a really bad idea,” said Padgett, whose journalism building was among the first on Troy’s campus to offer WiFi connections. “There are examples on the Internet where people have driven up in their cars in parking lots with laptops, people looking for WiFi connections to send spam messages out, simply because it makes it look like the spam messages are coming from somewhere they aren’t really coming from.”

It isn’t just wireless users who are in danger, however.

“One thing that affects a lot more consumers than they realize is spyware,” Payne said. “Many people are infected with spyware, more than they realize it. Spyware can be used by someone else to track what you do on the computer, to find your personal information you have stored on your hard drive, passwords, access codes for whenever you’re accessing your bank records, or anything else they can get their hands on.”

The Big Brother factor

An immediate concern Ham and other students and faculty members had about SafeConnect was just how much privacy they were giving up in the name of their own protection.

When students first try to log into the system, they must download a browser-based applet that scans their hard drives looking for viruses, malware, “rogue peer-to-peer” programs, spyware, out-of-date anti-virus software and out-of-date operating systems.

For some, a program that scans their computers and reports information back to a centralized source allows for the potential of further invasions of privacy.
Ham says she can’t shake the feeling of paranoia when surfing the Web on campus.

“I still feel like I’m watched,” she said. “I don’t go to places where I’m not supposed to go, and I gave up file sharing a long time ago, but I was kind of upset to hear the rumors that people were watching where I went online and could monitor me at any time.”

But according to Price, those rumors are just that.

“Absolutely not. It’s not a traffic inspection application,” Price said.

Before installing the SafeConnect system, Troy reviewed the Impulse privacy agreement, which says direct personal information will not be collected or stored.
Price says he would not have recommended the technology without the privacy agreement.

“End user security and personal privacy is a huge concern of ours. We wanted to be absolutely positive there are no invasions of privacy,” Price said.

While many universities are utilizing similar technologies, some still maintain open, but wired, networks.

“We do not presently require any authentication,” said Andy Lightbourne, associate director of academic computing at University of South Alabama. “In the dormitories, we have hardwired connections. We’re not looking at where you’re going, and we’re not constraining that.”

Lightbourne said he does understand, however, the growing need for systems such as Troy’s. One could be coming soon for USA, in fact.

“We’re not interested in monitoring where a student goes, we’re interested in being able to respond due to safety or legal requirements, whatever the law currently stipulates,” Lightbourne said.

The law Lightbourne is referring to is the College Opportunity and Affordability Act of 2008, a bill signed by President Bush in August that features provisions requiring institutions to “effectively combat the unauthorized distribution of copyrighted material, including through the use of technology-based deterrents.”

The future

With legislation finally beginning to catch up to the Internet, tighter network control is expected to follow, and systems like SafeConnect may soon become the standard.

“I think it’s a practice that most Internet service providers would love to have the opportunity to enforce through contracts or policies,” Price said.

According to Lightbourne, it isn’t going to be up to the universities.

“It’s becoming very difficult. No matter what you want to do, what you have to do is changing,” he said.

According to Payne, however, the changes must keep user privacy in mind.

“If any internet service provider or someone who is at any stage of the process is attempting to take someone’s personal information to gain some benefit, our laws are designed that we can and will prosecute them,” Payne said.

No matter the legal constraints, however, the Internet will never be completely safe.

“I think the major things that end users need to do is be vigilant and constantly aware that they are very vulnerable on the Internet,” Price said. “Lots of people throw caution to the wind whenever they connect in coffee shops, dining facilities, airports, wherever, and the potential exists for harmful things to happen.”

Perhaps the most important lesson for Internet users, says Payne, is the fact that public computers and private information are a bad combination.

“One of the biggest problems we try to explain to consumers is the danger of using any kind of public computer to access personal information or personal accounts,” he said. “Even if you log out, there are still ways for people to retrieve your history and find out what you actually entered, and there’s also the risk of forgetting to properly log out.”