Minutes of Meeting Dec. 1, 2010
1. Approval of Minutes
At 2:02 P.M. Chuck Wigley welcomed the group and made introductions, asking everyone to say whether they had ever used punched cards and the last year they were used. After introductions, Marianne Djuth moved to accept, various people seconded and the minutes were approved unanimously. All ACAC minutes and related materials are available through http://www.canisiuscampus.net/acac/.
2. Copyright Issues
Steve Warszawski made a presentation about copyright issues, directing us to a campus web page about it:
He said that a page like this is required by the TEACH act, which requires developing educational materials and disseminating to the institution. He pointed out the five exemptions to use copyrighted materials, noting that he is still working on the DMCA portion, which forbids people to use any technology to bypass copyright protections such as DVD encryption. But now an instructor may put a video except on Angel. Also a student who is doing this for a multimedia project may except a video. Steve pointed out many excellent links he found and put on the copyright resources page. One of the principle questions to be asked “was the item you want legally made and legally acquired?” Obviously if either of these is answered “no” then the item must not be used, Steve said. He also told us that the TEACH act requires the college to meet certain requirements. Having a Flash streaming server is one of these, which we now have on campus.
Jessica Blum from the library was next. She introduced us to another web page:
She talked about how long copyright protection lasts, namely the life of author plus 70 years in the U.S.A. today, although it was less in the past and is generally less in other countries. She talked about fair use exemptions which a lot of professors invoke. There are some surprises, she warned. For example, copying and sending out materials that were created for education, e.g. a textbook, is not fair use and is forbidden. You can’t show something that you took from an on-line source, either. Moreover, it matters where you show the video, e.g. whether on campus or off. The law states that both teaching and learning must occur during showing of the material, which seems to forbid pure online courses.
The copyright owner may be a publisher, not the actual author, Jessica notes. Orphaned books are a problem because nobody knows who owns copyright. Just because we can’t determine who owns the copyright doesn’t mean we can use it, she said. It is a mess, very complicated, changing occasionally. Jessica urged us to provide durable links rather than copy articles or websites.
Dennis Mike asked about making available a video in a format that all students can access. His example was a converted video that he put on the streaming server so all his students could view it. Joel Cohen urged us to ask ourselves if CBS would take you to court and probably not. But others disputed that reasoning because of ads that CBS wants you to see when you access the website, and which students wouldn’t see by viewing just the converted video. Students in other countries may not be able to see videos due to format problems. Moleski talked about using images of Amelia Erhardt. You can’t use those pictures but you could link to web pages. Nico said you can’t access hulu or Netflix from a foreign country, so CBS probably is available.
Spurred by these considerations, Dennis Mike suggested for a future ACAC topic complying with ADA especially in online instruction.
3. Software Announcements
If you have software that you want to use in a technology classroom or lab for spring semester, ITS needs it A.S.A.P. preferably by today. Consult Estelle, Lisa Mastropaolo or Scott Clark.
4. Security issues
Matt Gracie made a presentation about passwords. His slides are available at ACAC Password Talk.
He started with AAA: Authentication, Authorization, Accounting (or Auditing). Authentication is verifying the user’s identity. Authorization is verifying the user’s ability or permission level to do actions, and Accounting is tracking what the user has done.
Originally each system or application at Canisius had its own separate password list and a user had to remember them all. 8 or 9 years ago, ITS moved to a centralized password database. Now the college uses AD (Active Directory), LDAP and RADIUS so there is a centralized point of authentication. But the downside of this is that a compromised credential is now a lot more problematic because everything is identified by just one password.
So users are urged to choose a good password. The previous received wisdom was to use the most difficult to remember password such as dB7xZZF1.2. The password was not supposed to include English words, and to use a variety of characters. The new wisdom is to use longer passwords because most password attacks use brute force, so a long passphrase is useful. Longer passwords are mathematically more secure because there are so many more combinations that a brute force attacker must try. However, many users are still very naïve. For example, “password” is the most common password on any system!
Our system at Canisius requires at least one punctuation (including spaces) and one number, with a minimum of 8 characters and a maximum of 127. Gracie said he audits our password database periodically by simulating a brute force attack and then sends an email to a user if their password is too easy to crack. When asked about the limit on the number of illegal login attempts, Matt said that is something we can’t control because each application is different. Some students have gamed the system by deliberately failing to give their correct Angel passwords and then saying they cannot submit their homework.
We adjourned at 3:01.