Conflicting Roles and the Use of Tor

The Onion Router

This story from the Chronicle for Higher Education does a good job of illustrating the conflict that often exists between academic Computer Science departments who want to teach computer science and the campus information technology organization who is responsible for keeping the network running and legal.

In this report, Paul Cesarini, an assistant professor of visual communication and technology education at Bowling Green State University, receives a visit from the campus police because he's teaching students about Tor, a tool for anonymizing Web browsing.

The detectives and network-security technician listened patiently to me, wearing their best poker faces. They then gave me a copy of the university's responsible-use policy, which employees must agree to abide by when we first sign up for our e-mail accounts. They pointed out that my actions violated at least three provisions of that policy.

I wasn't particularly impressed. I had helped edit and revise that policy when I worked for the information-technology office before I earned my Ph.D., and I knew that neither Tor nor any similar program had existed when the policy was first written. I also knew that the provisions in question were vague.

My visitors next produced page after page of logs detailing my apparent use of Tor. While I couldn't dispute most of the details in the logs, they seemed inaccurate. For example, the technician said I had been using Tor earlier that morning. In fact, I had been at Wal-Mart that morning looking for a good deal on an HDTV; I had reached my office only about five minutes earlier.

More important, the logs did not prove any wrongdoing on my part. All they demonstrated was that I, like thousands of others around the world, had installed and infrequently used Tor. In my case, of course, there was no wrongdoing.

Nonetheless, my visitors made two requests: that I stop using Tor, and that I avoid covering it in class.
From The Chronicle: 2/9/2007: Caught in the Network
Referenced Sat Feb 10 2007 19:32:28 GMT-0700 (MST)

In the end, Cesanini says:

So in the head-on collision between my appreciation of the role IT staff members play on my campus and my understanding of the role I have to play for my students, my need for academic freedom won. I found myself lecturing my three visitors into near catatonia about the uses of Tor.

Finally, they shook my hand, thanked me for talking with them, reminded me that I was probably violating the responsible-use policy, and left. They had bigger game to catch: the other Tor user on the campus.
From The Chronicle: 2/9/2007: Caught in the Network
Referenced Sat Feb 10 2007 19:34:36 GMT-0700 (MST)

And this, I think, nails the issue. There is a legitimate role for each group and they are sometimes at odds. University CIOs have a tough job because they can't lock down devices or even the network the way their corporate cousins do. That said, with changing business culture, corporate networks are probably going to become more like campus networks than the other way around.