We don't need no stinkin' survey

In today's Education IT blog, I came across Surveys 101: Guarantee privacy when asking about illegal activity and was somewhat amused by the fact that the GAO is surveying American colleges and universities for data about illegal file sharing (copyright infringement, for those of us who are not afraid to call it what it is).  They actually expect institutions across America to put themselves at legal risk by sharing such information outside any framework of confidentiality. 

Professionals in an academic setting know all too well that such a survey is not worth very much because it is not 'blind' (the requesters know who the respondents are) and it is not scientific because the universities involved in the survey are 'self-selecting' -- they decide whether or not to provide statistics, and that decision is colored by their own perception of the problem.  Knowing only the topic of the survey, I can arrive as some conclusions:

• Schools who know the least about the level of copyright infringement on their campus will be the most likely to respond -- after all, they have 'no problem' on their campus.
• Large research institutions have the greatest problem with copyright infringement -- after all, they have the fastest Internet connections, making files sharing that much more attractive.
• The per capita rate of infringement will be higher at larger institutions -- not only will they have a more robust network infrastructure, they will also have a more diverse student population than smaller, more exclusive (read expensive) institutions. 
• Schools which are largely made up of commuters will have a smaller problem -- because off-campus students infringe using someone else's network infrastructure.
• Schools with a high percentage of undergraduates will have a higher rate of copyright infringement than schools with a higher percentage of graduate students.

I base these conclusions on nothing more than 26+ years of experience in a university IT setting but it might be interesting to see how many of these conclusions turn out to be correct. 

I think it is ill-advised for any school with a thorough understanding of the scope of the problem at their school to respond to a survey which is not confidential -- especially one which is instituted by government and not in a purely academic setting and I am quite sure that before responding, most schools will seek legal counsel. 

Undoubtedly some schools don't know the scope of the problem on their campus because they either have limited resources for mounting such an effort or because they believe that by not knowing they are better protected from lawsuits -- or from the 'discovery' process should a lawsuit surface. 

Nevertheless, the most proactive of Education IT units will have a good understanding of the problem.  They will have well-publicized student use policies strictly forbidding such activity, and they will routinely remind students of their responsibilities.

Further, all activity on their network will be associated with a username uniquely identifying the person carrying out that activity and sanctions will be in place to discourage the sharing of accounts and passwords.

By putting themselves in a position to know this information, the university also assumes some responsibility for doing something about it when such activity is identified.  While this exposes the careless institution, any institution which has a 'reasonable expectation' that infringement is taking place and doesn't take steps to mitigate such activity also places itself at great risk so, in the end, knowing is better than not knowing. 

How so?  It is not entirely uncommon for a copyright holder to approach a university to report suspicions of copyright infringement on campus.  If the data exists to support the claim, there are legal procedures in place for the copyright holder to ask the courts to subpoena the data from the institution.  This places the responsibility for the activity squarely in the hands of the responsible party -- the student (or to be fair, the faculty or staff member) suspected of the infringement. 

Without the information, the university becomes the defendant in the suit filed by the copyright holder -- because they did not make an effort to reduce the risk of having their network used for illegal activity.

The article above also states:

"The survey was commissioned after higher education leaders fought off an attempt to impose legislative requirements to have colleges crack down on illegal file sharing. Colleges were opposed to the legislation, saying that it imposed unnecessary regulation and that they are already doing quite a bit to stem the problem."

This is perhaps the most important reason to know what is going on on your college campus.  Universities are not the police!  The last thing your college or university needs is to have the federal government telling you you have to 'turn in' students suspected of illegal activity.  

It is not our job -- nor should it be our job -- to snoop on our students.  It is our job to to establish expectations for our students.  To develop a code of conduct for our students which precludes activities which fall outside the law.  If we do this -- and if we enforce our own code of conduct by denying network access to students who have violated our code of conduct -- especially if the activity violates the law as well, then the authorities will leave us, and our students, alone -- knowing that, if the courts have probable cause to accuse one of our students, we will be in a position to provide information requested through a subpoena. 

This last point should not be lost on our colleagues in K thru 12 either!  Having the added obligation of 'protecting' students from themselves (arguably, a misplaced obligation), educators and IT leaders in K-12 should establish the same expectations of behavior for their students and a similar 'code of conduct' when on the network.  Such codes of conduct should be strictly enforced.  Unique identifiers should be used in order to be able to map activity to an individual should the need arise but, once again, in an academic setting -- any academic setting -- the institution has no business snooping on the student without cause nor should they share the student's network activities with the pubic without the benefit of a court order.