IT Department Responds to Safe Connect Controversy

David Nguyen, Writer

Last semester, a few students were outraged at the school for a program called Safe Connect. Few students knew what the program was, and others were only vaguely aware of its function. This reporter spoke with David Walker, the Executive Director of Business Operations at Presbyterian College to learn more about the program and what it meant for students.

First, a short history lesson is required. In 2008, a major virus attack “damaged many student computers, slowed internet connections across the campus and took a full week to recover from.” The virus was contained by IT staff, and it took them a week to undo the damage. While they could not ascertain the original location, they were able to learn that the virus originated from a laptop on campus. Around the same time, Congress enacted the Higher Education Opportunity Act, “which requires that all colleges and universities take steps to technologically deter copyright infringement. As part of an exhaustive network review, PC installed Impulse Point’s Safe Connect Network Access Control System which has been used by the undergraduate staff and the School of Pharmacy.”

Safe Connect is a network access control device and contains the following: an onsite-policy management device, a web-based management console with the purpose of defining policies and downloading system updates, and a policy key (software) that is downloaded to a user’s personal computer and assesses it for compliance with anti-virus and operating system requirements established by the college. To sum this up, the device allows the school to set policies regarding anti-malware programs on a student’s computer, provides mandatory security updates, and contains software that must be downloaded onto a user’s in order to function. The campus’s intentions are to provide access to students, faculty, staff, and authorized users only, provide a network management tool that can check for anti-virus software and operating system patches, and prevent illegal network activity that could make the college or student liable to criminal charges in accordance with the Higher Education Opportunity Act. “By protecting the network, we view it as also protecting the student user,” commented David Walker.

Another brief history lesson is required in which one student happened upon the Safe Connect program by accident as it was being tested. After researching it, the student formed three criticisms of the program and organized a petition against Safe Connect. In addition to the secrecy regarding Safe Connect, three criticisms about the program itself were directed at school: the “policy key” that must be downloaded onto student computers before network access would be permitted, the school’s potential ability to restrict a specific user’s network access for not complying with what could be stringent guidelines, and capacity of Safe Connect to collect user data. To the first criticism regarding the mandatory “policy key”, the IT department responded that there are practical advantages to participating in an authentication program such as automatic reminders that their anti-malware is insufficient and/or that operating system patches are not installed. To the second criticism regarding the school’s authority to quarantine students for failing to follow what could be strict policies, the IT department replied that they will allow any reasonable form of anti-virus protection, be willing to make recommendations, appreciate the final decision belongs to the owner of the computer, and would not automatically quarantine a user for failing to adhere to policies. The final claim that Safe Connect could be used to collect user data was countered by the IT department: “Safe Connect stores a very narrow set of non-personal data and the college does not desire or require restrictive policies that would infringe on a student’s privacy. Furthermore, the IT department is extremely sensitive to privacy issues and always takes the ethical high road in such matters. We acknowledge that the capability exists within Safe Connect to be more restrictive, but again, we have no desire or requirement to be so.” Another rumored concern was that there would be bandwidth limitations imposed by Safe Connect. David Walker, however, assured this reporter that Safe Connect cannot limit bandwidth.

David Walker finally stressed that the student Safe Connect controversy had been a learning experience for the IT department. The IT department is aware that there should be more computing information available to the students since one criticism was the lack of transparency on the school’s part. Secondly, there needs to be more computing education from the IT department to the students, such as computer workshops. Thirdly, there needs to be a collaboration between the IT department and the student body. The IT department hopes to create a student advisory group to periodically discuss computing issues affecting the campus.

Though the IT department has responded to student criticisms and explained its intentions, the issue is still sensitive. Viral attacks are serious threats, but some students remain skeptical about the solution the college has offered. One student commented, “I still think it is too intrusive to implement with the goals they told us they had in mind.” The backlash from the student body has mostly subsided, and the college plans to put Safe Connect into operation by the next academic year. Until then, the onus lies on the student body to decide whether or not Safe Connect is the ideal solution; this reporter wishes no bias.