To the Editor:
If a university were to implement data mining, which it easily could, it would also run the risk of scooping up confidential data, like banking information and passwords, which would expose the university to lawsuits, first and foremost from the American Civil Liberties Union (“Mining Student Data Could Save Lives,” The Chronicle, October 2).
HTTPS isn’t a novel technology. It certainly is secure, but many sites don’t utilize it, and even if they do, side-channel leakage can be utilized by a determined individual. A simple Firefox extension is all that’s needed to compromise data about log-in credentials for dozens of sites, and government contractors produce ready code that can do far more. The threat is incalculably worse especially when most colleges provide students with a single point of access to the Internet, discouraging (or even prohibiting) private access completely. Locally, DNS servers are deployed, allowing colleges to not only censor the Internet to their hearts’ content, but to do so while first and foremost maintaining linked records, and more importantly, invisibly doing so, because people have little recourse to avoid or recognize it. Most colleges do not provide open access for the public; some form of unique identifier is utilized to log in to the network, and this allows for a token that can be used to compile data. For Orwellian effect, we can consider this system to be on equal terms with the so-called Great Firewall of China, only instead of a population expecting to be censored, we have a population conditioned and primed toward sharing data, à la Facebook, and the right to privacy affirmed by the United States Supreme Court.
Now, bypassing this systematic censoring is trivial, but what percentage of the population knows that it can ping a URL to pull the linked IP address, and then enter it into the browser? How many college students know what a command line interface even is? From my experience, not many. On the other hand, we could use Tor, a free proxy service utilized by a range of people, from dissidents to journalists, and even those who just are paranoid on a matter of principle, but still, how many of the general population know how to set up and properly configure these systems, even if the process is still extremely streamlined?
This is, of course, just a short overview of how we could confound Michael Morris’s attempts to, in his words, “gaze into a crystal ball,” and predict the future from a technological standpoint. What is perhaps more important is the ethical argument that anyone, not just college students, should feel upon viewing his op-ed piece. An opinion reflected by most of the population is undoubtedly that violence in higher education is a lamentable occurrence. Violence in any form is a tragic, unfortunate fact of life. Ultimately, though, this is a massive escalation of both privacy violation and cost that is disproportionate to the frequency of the event we are trying to prevent. The reason the Department of Homeland Security doesn’t solely rely on data mining to apprehend all terrorists is because data-mining analysis ultimately relies on trending data and drawing it into a predictive outcome, but these events are so rare that the algorithms fail to detect their occurrence. The same process is used for credit cards and PayPal, and the number of false positives there is ridiculous, to say the least. Can you imagine the amount of resources consumed and scandals instigated solely because a misappropriated algorithm kicked out a list of people, one of whom may possibly have Internet interests that make him or her look like a terrorist? Even the Association of Threat Assessment Professionals doesn’t advocate anything like this, and its main goal is identical to Morris’s.
There is another fundamental issue: Mr. Morris isn’t arguing for just data mining. He wants the whole of Bentham’s panopticon concept pointed at the student body, collecting every keystroke and then mining it, rather than seeking a targeted analysis of specific data, which is what true data mining is. This is blatant surveillance against a population which has next to no sense of privacy, and which wouldn’t have the slightest idea of how to address it even if they did. This may seem like a broad and highly pessimistic view of college students, but just look at the number of people posting incriminating photos of underage drinking on Facebook, bragging of illicit activity, or even posting videos of it on YouTube. If the federal government wishes to declare that those under 21 don’t have the maturity to consume alcohol responsibly, how can we honestly expect them to handle the complex balancing act of whether or not to make every single aspect of their Internet lives private or public and create comprehensive whitelists of people who should have access to this information? Would anyone like to point to how age even makes an impact on this ability, since for the most part, phishing attacks are still successful, and social-engineering attacks can fell even the Oak Ridge National Laboratory? Oak Ridge is perhaps the premier government research institute for the United States, where presumably a sample of the population there would be highly skewed toward graduate degrees in STEM fields, and yet they fell victim twice to almost identical attacks (which used the pretext of being misdirected HR e-mails). If the highly educated cannot consistently protect themselves, who is going to stand for the students?
As for Mr. Morris, he fails to back up his argument with concrete evidence. His sole argument seems to rest on the emotional appeal of the opening paragraphs, and just flows through the rest of the article as if we shouldn’t concern ourselves with validity of technology (or crystal balls in his case) and ethics. Very Quis custodiet ipsos custodes. Of course, there is the whole guilty-until-proven-innocent aspect as well, criminalizing the student body for merely being enrolled, since apparently neither the faculty, administration, nor police can commit these acts. As for the “twin Glock 22 pistols” purchased over the Internet, you need an federal firearms license, which is approved by the Bureau of Alcohol, Tobacco, Firearms and Explosives, before someone will ship a gun to you, if he or she is a licensed dealer. A more likely scenario would have been that some libertarian in the vein of Waco and Mount Carmel sold firearms to this student after meeting in a forum. Such a libertarian would be difficult to find, and shipping the guns would be an interesting endeavor, but at least it supports Mr. Morris’s argument. It would be far easier to take the bus to the nearest metropolitan area and buy a gun there off the street, where our little roving Internet eyes wouldn’t have the slightest chance in hell at preventing it.
We already have police on state-university campuses armed with assault rifles, and these people are in stressful jobs that are on the same level as students, at the very least. I don’t feel safer about that and certainly not because of that, and Mr. Morris doesn’t even seem to care about that fact, even though violent crime is significantly more common in law-enforcement-officer marriages than in civilian ones. At least there we have an argument for data mining the police, especially since we as a society feel they should be held to a higher standard. In reality, it seems that Mr. Morris watched Minority Report, misunderstood an article about how data mining works, and turned it into a mandate for turning campus security and police forces into the Thought Police. 1984 was not a guide, it was a warning, and it seems that Mr. Morris misunderstood that along the way.
Landon Hurley
College at Geneseo
State University of New York
Geneseo, N.Y.
Mr. Hurley is a member of the college’s Class of 2014.