G. K. Chesterton, in his 1929 book The Thing, wrote of reforming institutions: “[Imagine] a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, ‘I don’t see the use of this; let us clear it away.’ To which the more intelligent type of reformer will do well to answer: ‘If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.’”
Harvard’s a funny place. In the span of a single day, I can attend a lecture about securing the University’s computer systems from foreign hackers by Jim Waldo, Harvard’s Chief Technical Officer and, just a few hours later, read an article in The Crimson about the Undergraduate Council’s uninformed request that Harvard postpone its plans to upgrade the same outdated password system that makes it difficult to defend the school’s computers.
In a classic Harvard-student move, the UC waited for almost five months after the HarvardKey transition was made available to ask for an extension, requesting in a letter to Harvard University Information Technology “that the deadline be moved to some point in the summer.” Moreover, this request was made under the mistaken belief that the final deadline “occurs when students will be completing midterms and preparing for finals.” After the story broke, HUIT clarified that students would in fact have until June 1 to claim their HarvardKey; the April 20 deadline is for faculty, staff, and other non-student members of FAS only.
Though the UC called for a postponement, not a destruction of HarvardKey, it is nevertheless clear that the majority of UC representatives do not see the use of this particular fence, even as they call for it to be cleared away. The Crimson reported that “many representatives arguing that the body should first speak to HUIT before passing any legislation on the matter” were outvoted 20-16. If any of the representatives had been taking Professor Waldo's class, however, they might have been able to provide a greater understanding of the password system's importance.
For College students and many other users, HarvardKey appears to have little to recommend it, besides a splashy background image featuring Winthrop’s back gate. But beneath the surface, it’s a lynchpin of HUIT’s strategy to keep Harvard’s computers safe from cyberattacks.
A 2013 feature article by the Crimson reported that Harvard “undergoes a barrage of cyberattacks every single day,” from sources ranging from recreational hackers to military groups sponsored by the Syrian, Russian, and Chinese governments. Breaches at the Kennedy School, at the Graduate School of Arts and Sciences, at a Law School clinic, and of central administration resources have exposed sensitive information and systems across the University. In the same article, The Crimson reported that “there are a multitude of technology services groups across the University, and Harvard’s size and segmentation may make fending off cyberattacks more difficult.”
HarvardKey significantly strengthens password-protected resources across the University by unifying a dozen separately managed, outdated, and insecure password databases into a single, secure system. Professor Waldo elicited outright laughter from his class during Monday’s lecture when he described the lack of technical sophistication of the pre-HarvardKey systems; at office hours afterwards, he explained that the multitude of ways to change your password in the HUID/PIN system formerly used for College students led to a system that was “inevitably, eventually inconsistent.”
But I shouldn’t have to explain all of this for the benefit of the UC in an op-ed in The Crimson. We expect—or should expect—that our elected representatives endeavor to be informed about the issues at play when they pass legislation. At the very least, we should hope that they refrain from going out of their way to take on vocal positions regarding issues they know that they are uninformed about. In the words of UC representative Daniel Levine: “It’s unprofessional for [the] Council to send a really combative statement to a Harvard office without doing the legwork of reaching out to them to hear their side of the story.”
And claim your HarvardKey before June 1.
Concerns Over Web Portal Force Password ChangeHarvard Arts and Sciences Computing Services (HASCS) sent an e-mail yesterday to over 400 students who had registered to use
Pass On PasswordsThere is no magic bullet that will secure the internet in one step, but the current password framework is broken
How to Start a Speakeasy From Your Dorm Room
Here's the Tentative 2013-2014 Course Catalog
University Requires New Two-Step Verification for Online ResourcesCollege students will have to use a new two-step verification system starting Oct. 19 to access most online Harvard resources, following the implementation of HarvardKey last spring.