In our post 9-11 world, where do we draw the line between the need to counter illegal or potential terrorist activity with intellectual and academic freedom?
The following account was posted in The Chronicle Review — raises important issues to think about …
By PAUL CESARINI
The Chronicle Review
February 9, 2007
Volume 53, Issue 23, Page B5
At 9:15 one Thursday morning, there came a polite knock on my mostly closed
office door. I was expecting the knock. A student was coming to talk to me
about getting into one of my courses, which he needed to graduate.
So when I heard the knock, I said, “C’mon in, Kyle.” Someone said, “Hello?”
and came in, along with two smartly dressed men extending business cards to
me.
I recognized the speaker as a network-security technician in my university’s
office of information-technology services. The other men were not familiar,
but a quick glance at their cards told me they were detectives on our campus
police force. They closed my office door behind them, sat down, took out
notepads and pens, and asked if I had a few minutes to speak with them about
Tor.
Tor an acronym for The Onion Router is a freely available, open-source
program developed by the U.S. Navy about a decade ago. A browser plug-in, it
thwarts online traffic analysis and related forms of Internet surveillance
by sending your data packets through different routers around the world. As
each packet moves from one router to the next, it is encoded with encrypted
routing information, and the previous layer of such information is peeled
away hence the “onion” in the name.
Basically, Tor is a way to surf the Internet anonymously. Someone looking up
potentially sensitive information might prefer to use it like a person who
is worried about potential exposure to a sexually transmitted disease and
shares a computer with roommates. Abuse survivors might not want anyone else
knowing they have visited Web sites for support groups related to rape or
incest. Journalists in repressive regimes with state-controlled media use
Tor to reach foreign online news sites, chat rooms, blogs, and related
venues for information.
Tor can also be useful in e-commerce. For example, Amazon.com knows more
about my shopping habits and tastes than my wife does. I appreciate Amazon’s
ability to make recommendations based on my previous purchases.
But in 2000, Amazon admitted experimenting with so-called dynamic pricing,
charging different people different prices for the same MP3 player; the
prices were presumably based on estimates of what each user would be willing
to pay, considering prior purchases. Online merchants could all do that,
thanks to traffic analysis. They know who I am when I log on unless I delete
their cookies or use Tor.
Of course, anonymous Web surfing can be used to conceal fraud and other
forms of electronic malfeasance. That was why the police had come to see me.
They told me that only two people on our campus were using Tor: me and
someone they suspected of engaging in an online scam. The detectives wanted
to know whether the other user was a former student of mine, and why I was
using Tor.
Widespread use of Tor could be a huge headache for network-security
administrators, particularly in higher education. My university alone has
more than 21,000 students. Imagine what would happen if even a tenth of them
and a similar percentage of faculty and staff members started using Tor
regularly. With all the spam scams, phishing scams, identity theft, and
related criminal enterprises going on around the world many of which involve
remotely hijacking university-owned computers we could approach
technological anarchy on the campus.
My reason for downloading and installing the Tor plug-in was actually
simple: I’d read about it for some time, was planning to discuss it in two
courses I teach, and figured I should have some experience using it before I
described it to my students. The courses in question both deal with
controlling technology, diffusing it throughout society, and freedom and
censorship online.
When I cover online censorship in countries with no free press, I focus on
how those countries rely on hardware, software, and phalanxes of people to
make sure citizens can reach only government-approved media.
Crackdowns on independent journalists, bloggers, and related dissidents all
too often result in their being beaten, incarcerated, or worse.
Technologies like Tor represent a beacon of freedom to people in those
countries, and I would be doing my students a disservice if I didn’t mention
it.
The detectives and network-security technician listened patiently to me,
wearing their best poker faces. They then gave me a copy of the university’s
responsible-use policy, which employees must agree to abide by when we first
sign up for our e-mail accounts. They pointed out that my actions violated
at least three provisions of that policy.
I wasn’t particularly impressed. I had helped edit and revise that policy
when I worked for the information-technology office before I earned my
Ph.D., and I knew that neither Tor nor any similar program had existed when
the policy was first written. I also knew that the provisions in question
were vague.
My visitors next produced page after page of logs detailing my apparent use
of Tor. While I couldn’t dispute most of the details in the logs, they
seemed inaccurate. For example, the technician said I had been using Tor
earlier that morning. In fact, I had been at Wal-Mart that morning looking
for a good deal on an HDTV; I had reached my office only about five minutes
earlier.
More important, the logs did not prove any wrongdoing on my part. All they
demonstrated was that I, like thousands of others around the world, had
installed and infrequently used Tor. In my case, of course, there was no
wrongdoing.
Nonetheless, my visitors made two requests: that I stop using Tor, and that
I avoid covering it in class.
Having been on the administrative end of academic technology, I appreciate
the difficulties facing the information-technology staff. No one pats you on
the back if nothing goes wrong, but if something does if a virus or worm
sweeps through the campus’s network infrastructure, or someone hijacks some
computers to churn out spam you are off everyone’s Christmas-card list. The
last thing my former colleagues needed was some smarmy faculty member
spouting off about academic freedom and threatening to demonstrate Tor to
100-plus students each semester.
Their job is to protect the network that allows me to do my job: to teach
classes that are mostly or entirely online, and to conduct research. If they
weren’t here as the first or even only line of defense against the
unscrupulous elements of our technological society, my university would
cease to function. It’s as simple as that.
Furthermore, I do not rely heavily on Tor, or even think much about it
outside the context of my courses. I find all that routing makes it slow to
use, even with the superfast connection I have at work.
But it is being used all around the world, by people in countries that
restrict their access to information, by corporate whistle-blowers, and by
digital-rights activists. It’s even being used by average people like me, as
a way to keep innocuous and personal online activities private.
So in the head-on collision between my appreciation of the role IT staff
members play on my campus and my understanding of the role I have to play
for my students, my need for academic freedom won. I found myself lecturing
my three visitors into near catatonia about the uses of Tor.
Finally, they shook my hand, thanked me for talking with them, reminded me
that I was probably violating the responsible-use policy, and left.
They had bigger game to catch: the other Tor user on the campus.
A moment later, I heard another knock on my door. One of the detectives had
come back to ask if I would reconsider my position. I told him that while I
would think about giving up Tor, I honestly felt that this was a clear case
of academic freedom, and I could not bow to external pressure. I reminded
him that Tor is a perfectly legal, open-source program that serves a wide
variety of legitimate needs around the world.
He nodded and left. Feeling an odd mixture of righteous indignation,
patriotism, and dread, I closed the door.
Almost immediately, I heard still another knock. In perhaps an overly
dramatic fashion, I raised my voice and bravely said, as I opened the door,
“I’m sorry, but it’s about academic freedom!”
There was Kyle, add/drop slip in one hand, pen in the other, grooving to his
iPod, looking at me blankly.
-=-
Paul Cesarini is an assistant professor of visual communication and
technology education at Bowling Green State University.
