[Dshield] "Academic Freedom" vs Computer Security
Jon R. Kibler
Jon.Kibler at aset.com
Thu Feb 12 21:50:03 GMT 2004
I have been debating for weeks whether to post this question or not. I can see where this topic
could easily start a flame war and I beg whoever is moderating this list to reject any inflammatory
posts to this thread. I know that this is a REAL touchy subject... and that is why I would like to
get other opinions on how to handle it.
Background: Probably 80% (give or take a few %) of the spam attempts we see that originate from
academic institutions, originate from less than a half-dozen sources (unrelated to our IPs, geographic
region, etc.). Several of these institutions do not even have working abuse email addresses. We have
attempted to contact all of them by telephone to discuss the problem. A couple of them will not even
accept outside calls regarding abuse complaints. When I have been able to actually talk to someone,
the response is almost universal: "We can't tell our students and staff that they cannot run open
proxy servers (etc.) because it would be an infringement of their academic freedom." One school (who
knowingly runs an open relay mailer) also stated that even suggesting that students and staff use
AV software was an infringement of "academic freedom."
So here is my question: How does practicing basic computer security infringe on academic freedom?
Also, I am looking for suggestions on the proper (civil) way to discuss this issue.
Two other comments:
1) We are just about to the point of blocking these institutions at our border router as a way
of solving this problem. However, I can envision this creating a whole other set of problems.
2) Yes, when looking at the big picture, academic institutions are but a relatively small source
of insecure, spammer infected systems. That is not the real issue here. With the exception of
2 or 3 ISPs, everyone else takes immediate action when you notify them of an infected system.
The problem I am having is the use of "academic freedom" as and excuse for lax computer security.
Bottom line request: Would someone from the academic world please explain the "Academic Freedom"
issue and why it can be viewed as superseding common sense computer security?
I hope this posting did not step on too many toes... I apologize in advance if it did.
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the list