In a very scary story covered in the Chronicle of Higher Education last week a world-renowned cancer researcher was demoted from Full to Associate Professor by UNC Chapel Hill for failing to keep her servers patched.
Yes, you read that right.
I’ll summarize briefly here, but the full story can be found in these links:
Professor Yankaskas was running a large, NIH-funded research project on breast cancer, part of a national consortium. Apparently the server on which her data was stored was not properly patched (meaning the operating system hadn’t been kept up to date) and, as a result, it was hacked (electronically broken into). It’s not clear whether the data (which included names, addresses and social security numbers) was actually taken, but the University notified all the subjects in any case.
The exact details of what happened are a little unclear, but it seems that her techie assistant had not been doing his/her job properly, and the Provost held her responsible and tried to fire her. A faculty committee recommended a lesser punishment, which ended up being this demotion (with accompanying reduction in pay). She is fighting the decision.
Discussion on the web of whether she is being treated fairly is inconclusive, and we don’t know enough of the details to be able to tell exactly what happened when. But this should be a wake-up notice to everyone at Wayne (or anywhere else) who keeps sensitive research data on a computer. Do you know whether the machine is appropriately protected? Is its operating system up to date? Does it have a firewall enabled? Does it have Symantec Endpoint Protection installed (if it’s a Mac or Windows PC–see previous post)?
The take-away here is not that that administrators can be mean-spirited bullies (although some commenters seem to think so), or that faculty are goofy airheads who can’t be trusted to maintain their own machines (although different commenters are saying that). The main point is that we all need to take responsibility for ensuring the data we are collecting is properly secured, especially if it is sensitive data that we have promised HIC we will be careful with it.
How much do you use your office phone? Does anyone ever call you there? Do you call anyone from there? Do you have a cellphone? Do you need a distinctive Wayne State phone number?
These are questions Wayne State and other universities are starting to wrestle with as the landscape of telephone technology changes out from under us.
Like most large organizations, Wayne has a telephone system that operates over copper wire, sending analog signals that are routed via switching stations. Chances are the system in your home no longer works that way. You may have migrated your telephone service to VOIP (‘voice over IP’) where the telephone signal travels over the Internet, just like e-mail and web pages. If you have Comcast or AT&T phone service your home phone probably works this way now, and you probably didn’t notice much difference in voice quality (it probably is a little better with a digital connection).
C&IT, which is responsible for the phone system, has been throwing around the idea of switching to a VOIP system, at least in limited contexts. The advantage to VOIP phones is that they essentially work through a computer, so they can be configured to do much more interesting things than just ring. For example, VOIP systems come with an integrated voicemail facility. But the voicemail doesn’t just sit on a server somewhere. It can be configured to be turned into an e-mail message and sent to you as an attachment (usually a .wav file, for the technically inclined). Then you could check your e-mail, double-click on the attachment, and hear the message.
Another thing you could do would be to tell your phone account to forward any calls to your cellphone, or your home phone, or your Google phone number (if you have one–that’s another subject).
So, suppose we install such a system at Wayne. If you have a computer in your office you could get any messages as fast as e-mail can deliver them. Or you can have your calls routed to your cellphone and be able to pick up anywhere you happen to be. You could even configure the system in more fine-grained ways. You could have your ‘office’ number routed to your cellphone from 9-5, Monday to Friday, and routed to voicemail the rest of the time. Given all of this, do you still need a physical phone in your office? Currently you (or your chair, or your dean) pays a lot per month for a phone in your office, a phone which is silent almost all the time if it’s anything like the phone in my English office. So who needs it? What if you (or whoever’s responsible) were to pay a lot less for a ‘virtual phone’ like the one I described in the previous paragraph?
Geoff Nathan is a Professor of Linguistics in the English Department, and the Faculty Liaison to C&IT, a dual role he has held since 2002. For almost fifteen years he has schooled himself in the technology, politics and sociology of university computing. In addition to serving on the C&IT Leadership Team he is active in the national university computing organization EDUCAUSE.
ProfTech will have several goals. I expect to serve as a conduit to and from C&IT on issues of importance to Wayne, and especially with respect to faculty. I hope to highlight aspects of C&IT’s services that might be of interest to faculty, explore new technologies and also convey your concerns in these areas to C&IT’s management team. In addition I will talk about some of the issues facing IT nation- and world-wide. Many of these issues have larger ramifications in philosophy, politics and lifestyles, and I follow these developments and wory about how they affect academia.
Under most circumstances I will welcome comments on my blog, with the sole restriction being that civility should be maintained.