HASCS Is Watching

Harvard's Computer Systems Need Standards for Privacy

On the cover of this year's Courses of Instruction, a sleek stylization of a computer network is superimposed on an image of Old Harvard Yard. Inside, the description tells us that this "cover design celebrates the deployment of a high-speed communications network [that] links the resources of the traditional Harvard to the technology of the future." If recent experience is to forbode anything, this "technology of the future" has the ability to send us all to the Mental Health Service, jail, or both. Harvard's computer systems are clearly not being managed effectively.

Last week, The Crimson reported the existence of a public file which logged network users' downloading of pornography off the Internet. This file had existed for more than a year, and was available to any student with a network account. Although Franklin M. Steen, director of Harvard Arts and Sciences Computer Service (HASCS), claims that" only The Crimson viewed the files," an informal Crimson survey revealed that more than a dozen students knew of the file's existence and were able to view it in the past year.

None of the students whose names appeared in the log knew of its existence. Only three of the seventeen students contacted by The Crimson expressed indifference that their activities could be publicly examined. The rest clearly--and rightly--took strenous objection to this invasion of privacy.

A great disservice is being done to Harvard's network users. Letting over ten thousand people falsely assume that their actions are private is akin to placing them all in a police interrogation room with a one-way mirror, and telling all of them that they are merely in a living room, being reflected by a large vanity mirror.

This situation arises because there is no consistent policy guideline that dictates students' rights and responsibilities on the network. Students simply are not aware of what they are able to do on the network and how private those activities are. When the existence of the log was discovered, HASCS took a week to close it down; the day after it was closed down, an automatic system re-engaged it. It was only when The Crimson made HASCS aware of this that the file was finally closed down. This is technical incompetence, plain and simple.

The lack of adequate user knowledge and the false assumptions with which most of us use Harvard's computer systems leave us all vulnerable. When the log file was obtained by a Crimson reporter, he could, like any other network user, contact those student listed in the file. He did.

Most of the students contacted were shocked that their actions, which they had assumed to be private, were for all intents and purposes on public display. One student sought psychiatric help at University Health Services. Another put in a distraught phone call to Steen, claiming he had been too afraid to go outside since he found out his actions could be made public. Students should not be made to live like this.

And all this grief because of a single computer file.

Worst of all, last week's debacle is just the first high-pitched meow we've heard. The FBI threatens to take legal action against Harvard computer users if it obtains evidence that they had imported obscene materials. This evidence still exists, and is available to so-called "superusers" of the network. It is the public log file, which Harvard created and is keeping. The manner in which this file was compiled, without the knowledge of the students involved, sounds too much like a Orwellian sting operation.

It is irresponsible and inconsistent for Harvard to make pornography (among other things) available on the network and simultanously, fail to make the network users aware of the legal rights, obligations, and dangers involved in using these provisions. Harvard provides the service, and so is responsible for making students aware of the conditions of its use.

Harvard should institute a series of well-publicized seminars with accompanying literature about network ethics, privacy issues and the legal implications of network action. Educated, technologically competent communities such as ours cannot afford to proceed blindly, trusting that our own conceptions of network security are in fact reality. In addition, all network users should receive detailed Unix manuals, as well as Harvard's particular network configuration and idiosyncrasies. Only in this way can we expect that responsible users will possess adequate information about their system.

The cover of the Courses of Instruction may be looked at in another way: hopelessly out-of-date people going about their own business, boxed in by the inflexible heavy bars of the network. At the center, an ugly, messy web of wiring forming the Harvard "H," that symbol that should stand for the best. Let's make sure that this unconventional reading of the cover art is never an accurate one. The way things are going, it could become truth.