On July 21, 2003, in order to provide a rationale for forcing Plans off campus and preventing the reappearance of any similar software, Information Technology Services announced several changes in the Academic Computer Use Policies which regulate student and faculty use of computers at Grinnell College. Some of the new rules abridge students' right to create computer programs and release them for general use. Others impose tyrannical limitations on the activities and publications of student organizations, interest groups, and scholarly collaborations, if the students who form them communicate primarily by computer networks instead of assembling in one physical location.
Faculty comments on the changes
My remarks at the August 29 Open Forum
Letter of protest to the Instructional Support
Committee
Statement of protest by the
Student Academic Computing Committee
The first of the new subsections begins with a comparatively benign constraint:
All students offering programs and applications hosted on a personal or group account must review and follow applicable principles the ACM's ``Software Engineering Code of Ethics and Professional Practice'' (http:// www.acm.org/serving/se/code.htm).
The acronym `ACM' refers in this case to the Association for Computing Machinery, which is the leading professional organization for computer scientists, software engineers, and information technologists generally. Software developers who are also members of the ACM are expected, though not required, to observe the Software Engineering Code of Ethics, which also serves as a guide and a model of behavior for students training for careers in software development.
I am a member of the ACM. Although I am not a professional software engineer, I voluntarily accept and try to follow the Software Engineering Code of Ethics when designing and writing computer programs, especially those that I expect other people to use. I accept it as a statement of ``best practices'' in software design and development.
Like analogous documents in other professions, the Software Engineering Code of Ethics is extremely idealistic. Moreover, it is not always consistent with itself when applied to particular dilemmas that confront the software designer. Often one must figure out how to accommodate two or more of its seemingly unconditional prescriptions to one another when they appear at first to require opposite courses of action in a particular case. I have generally found such dilemmas to be useful, thought-provoking, and even entertaining exercises in practical ethics, though in my line of work they are seldom very consequential.
So I do not regard this new requirement imposed on ``students offering programs and applications hosted on a personal or group account'' as completely wrong-headed. However, my faculty colleagues should realize that, in the Department of Mathematics and Computer Science, we have until now regarded voluntary and intelligent observance of the Software Engineering Code of Ethics as a desired result of the education that computer-science majors receive at Grinnell, not as a prerequisite for any student who exercises her right to create new computer programs and to share them with the community. The relationship that actually holds is the converse one: Experimenting with software development and distribution, in the relatively safe environment that Grinnell College is able to provide, is a strong incentive to the formation of ethical thinking in software design. For instance, a student often learns the importance of good user-interface design partly by watching his fellows struggle with the poorly designed interface that he has given them. It is unfortunate that this learning experience is a violation of the Academic Computer Use Policies in their new form.
The first new subsection continues:
Students offering applications hosted on a personal or group account using a username and password login system have special responsibilities as ``software engineers'' and should take note of the following sections of the ACM Code of Ethics: 1.01 - 1.07, 3.03, 3.10 3.12, 3.13, 3.14, 4.01, 5.12, 7.05.
The fifteen cited sections of the Code are rather miscellaneous, but I judge that their general tendency is to oblige the software engineer to pay close attention to the social implications of her work, to protect the public interest and the common good, and to anticipate and forestall if possible any damage her programs might to do the culture and society in which they are used.
The rationale for the claim that deciding to use a username-and-password login system places the creator of the software under special obligations is, I think, that when a software user has logged into some program by supplying a user name and password, the user has a heightened expectation of privacy and a stronger tendency to see himself as belonging to a special community, with insider status and greater access to the resources of that community.
It is clear that there are some programs, such as the once and future Grinnell Plans, to which this rationale applies. In other cases, it is far from clear that the user conceives himself as belonging to a ``community'' at all. For instance, a Web-based program that conducts an on-line poll, even if it requires a user name and password at entry, does not establish a community among the poll participants. In still other cases, such as SGA voting, there is a community, but it is a preexisting community rather than one that the software has any role in creating. I see no need to treat all of these cases in the same way. Although I suppose that it is harmless to call students' attention to clauses of the Software Engineering Code of Ethics at any time, I find it odd to make this a uniform precondition of ``offering'' applications.
The second new subsection begins:
Students developing applications on College systems requiring individual login for membership and offering membership to the broader Grinnell College community have more stringent rules to follow. In the case of virtual communities* based at Grinnell College, Grinnell software authors must ensure compliance with College policies regarding accepted student community standards in addition to standards of academic computer use.
A new endnote attached to the Academic Computer Use Policies explains that the phrase ``virtual communities'' first appeared in Howard Rheingold's 1993 book The virtual community: homesteading on the electronic frontier (Reading, Massachusetts: Addison-Wesley, 1993). Rheingold applies it to any community in which the participants communicate with one another primarily by means of computer networks and rely on the infrastructure supplied by such networks as they share and develop their interests, policies, and institutions.
It is my belief that Grinnell College students have the right to form virtual communities, just as they have the right to form non-virtual ones. It is true that virtual communities that use the College's computer network are constrained both by the Academic Computer Use Policies and by the College rules summarized in the Student Handbook. It is a considerable leap, however, from this observation to the claim that the authors of the computer programs used in the formation and maintenance of student virtual communities must ensure the community's compliance with College policies.
I note that the College does not impose any similar obligation on the providers of the infrastructure for non-virtual communities. If a student invites a few friends into his room to try to organize a new student group dedicated to the protection of Pacific Coast salmon, he does not thereby undertake to police the group's behavior and or to ensure that its acts are consistent with College policies, not even if he also serves cheese and crackers or asks them to write their names and box numbers down on a list. The members of the new group are expected to comply with College policies, and can be penalized for failing to comply with those policies, regardless of whether the student who provided the meeting space hectors them about their obligations as Grinnell College students. Since Grinnell has no honor system, students are not, in general, obligated to help the College authorities enforce College rules, and I see no grounds for the implicit premise that the use of computer networks in the formation of a student community generates or heightens such an obligation.
The second new subsection continues:
For example, one of the ``Core Values of Grinnell College'' as stated in the Grinnell College catalog is that the College encourages ``personal, egalitarian, and respectful interactions among all members of the community.'' Accordingly, Grinnell software authors must publish clear, complete, and publicly available guidelines detailing acceptable behavior & membership policies for the virtual community.
Now, to begin with, there is a difference between the core values of the College, which we faculty members hope to inspire and reinforce in our students by precept and example, and the rules and policies of the College, which we simply put into the Student Handbook and expect students to follow in exchange for the privilege of remaining at Grinnell. One surely cannot expect to promote personal, egalitarian, and respectful interactions among members of the Grinnell College community by requiring them to monitor one another's interactions and to apply sanctions when those interactions are found to be insufficiently personal, egalitarian, or respectful. The enforcement of core values, as if they were rules, would often be a grave violation of those very same core values.
Even accepting, for the sake of argument, the idea that the providers of the infrastructure for a community have some obligation to promote the College's core values within that community, I still cannot make out the connection, which the word `accordingly' in the above passage would normally imply, between this obligation and the requirement that ``Grinnell software authors must publish clear, complete, and publicly available guidelines detailing acceptable behavior & membership policies for the virtual community.'' There are surely many student organizations that adequately promote the core values of the College, even without formulating special guidelines and policies of their own -- perhaps by relying on the College's policies and documents to promote the core values, or even (I suppose) by appealing as necessary to the decency and good will of their individual members, with no special-purpose documentation at all.
The converse situation seems to me also to be theoretically possible: It is not difficult to conceive of an organization within the College that publishes clear, complete, and publicly available guidelines detailing acceptable behavior, and has exact and detailed membership policies, but nevertheless applies those guidelines and policies in ways that undermine the College's core values of personal, egalitarian, and respectful interactions. Thus there is no logical connection between the two sentences quoted above -- neither of them entails the other.
The second new subsection continues:
Due process must be ensured before any sanctions of members are carried out.
For most student communities, the legal requirements of due process would obviously be burdensome, awkward, and inept, so I imagine that this clause refers to the less formal due-process mechanisms used more or less successfully by existing student organizations. If so, I don't understand why this clause is being introduced into the Academic Computer Use Policies. I would think that the guarantee of due process should be essentially the same in all student groups, regardless of the technological infrastructure employed in their formation, and should be provided for in the Student Handbook, not in a completely separate document and as a special case for ``virtual communities.''
The inclusion of this language in the Academic Computer Use Policies strikes me as an attempt by Information Technology Services to impede the formation of autonomous student groups on line. I believe that student communities have an obligation to treat their members fairly, even when disagreements and conflicts arise, but I think it would be more prudent to allow groups to exercise some flexibility and independence in choosing the means by which fair treatment is ensured. This is, after all, an educational institution, and one that is firmly committed to self-governance.
The software authors must make provision for appropriate Grinnell College staff to have full access to the virtual community.
Since the application of the phrase ``full access'' was not initially clear to me, I asked the Director of Information Technology Services, Bill Francis, to elaborate. He understands ``full access'' to include not only the access enjoyed by an ordinary user of the software or member of the community, but also, specifically, the powers of administration and control over the software and any associated files.
In this case, again, I do not understand why anyone in ITS would think it prudent to impose this requirement on every student community that happens to use the College's computer network for communication, and I see no connection between this requirement and the supposed basis for it in the core values of the College.
This requirement, too, seems designed either to obstruct the formation of student communities, or perhaps to legitimize an ITS program of monitoring and meddling with any communities that are actually formed. If ITS has no such intention, it is not clear to me why this new language is needed. I think that everyone understands that ITS is responsible for maintaining the the College's computer networks, and can if they choose withhold basic computing services from students who abuse them. What I am objecting to here is the assumption that this measure of control over the infrastructure also implies a right to control any student community built on top of it.
Communities or individuals in violation of the Academic Computer Use Policies or standards of student community at Grinnell College are subject to immediate disconnection from the campus network pending completion of review procedures by Information Technology Services or Student Affairs, as appropriate. Accordingly, a system of logging of the community entries on a nightly basis must be in place in order to establish an evidential base for proper hearings of complaints brought by students, faculty or staff to appropriate College committees or boards.
In my opinion, a student community has the right to decide for itself which records of its activities and deliberations it makes and preserves, how long such records will be kept, and what purposes the community will make of them. It is arguable that the appropriate College committees and boards have a right to subpoena such records, although in many cases it would seem prudent and even imperative to recognize analogues (appropriate to private colleges, of course) of the First, Fourth, and Fifth Amendments to the Constitution of the United States.
I see no basis, however, for the specific authority that ITS is trying to assert here -- the authority to require daily backups of any student software application's data files as a precondition for the use of that application. The fact that the ITS can, if it pleases, prevent a student from using the College computer networks does not by itself provide a justification for requiring data backups at all, still less for prescribing the schedule on which they are to be made. Moreover, even if it were conceivable that such a requirement might legitimately be imposed in some circumstances, it is not ITS, but rather the appropriate College committee or hearing board, that should be imposing it.
The content of any student or student group virtual community must not be viewable by non-members of that community, either directly or via internet search engines.
This requirement appears to prohibit many useful and beneficial student activities. For instance, my colleague Sam Rebelsky has several student research teams working with him this summer. Each research team is a virtual community under Rheingold's definition. In the past, such teams have generally published some of their results as Web pages, and some have made their software available through the department's CVS (Concurrent Versions System) server. Non-members of the virtual community -- including Sam's other summer research teams, other Grinnell College students, students and faculty at other colleges and universities, friends and relatives of the researchers, and indeed anyone anywhere on the Internet can view the papers and download the software. This pattern is typical of research in computer science in the age of global communication.
To prohibit this most beneficial kind of communication, so clearly in the public good, so obviously redounding to the credit and reputation of Grinnell College, so patently exemplifying the ideals and values of the College, would be utterly foolish and absurd. It would betray such a profound ignorance of the nature and purpose of on-line scholarly communities, or else such a grotesque thoughtlessness and blindness to consequences, as to discredit its proponents' pretensions to legislate for such communities.
I judge, therefore, that the clause just cited cannot possibly be intended to mean what it says. But, in that case, what does it mean? What is the ``content'' of a virtual community of researchers, if not the texts and documents in which it records and presents its research?
In my opinion, this entire new subsection is a hastily contrived bill of attainder against Grinnell Plans, incongruous in tone with the rest of the document and replete with grave potential consequences that surely were not intended or even considered.
The members of student-created virtual communities must be current students, faculty, staff, or Trustees, ...
I suppose that the purpose of this clause was to try to obstruct the kind of inconvenient communications between students and alumni that go on in Grinnell Plans, in which alumni become aware of events and issues that directly affect current students, and thereby come to take an interest in them. As a long-time reader of Grinnell Plans, however, I can assure ITS and other interested persons that the benefits of communication between students and recent alumni in particular greatly outweigh the potential hazards. The anecdotal evidence presented in the ``Plans comments'' pages strongly supports this view.
However, this regulation also appears to prohibit the formation of student communities that include townspeople unaffiliated with the College, or students at other colleges and universities, or friends and relatives of Grinnell College students, etc. Once again, I am unable to comprehend the point of view from which this result could be considered advantageous to the College. It patently violates our students' freedom of association.
Perhaps the rationale is that persons who are not students, faculty, staff, or Trustees of the College are not bound by the Academic Computer Use Policies and cannot be punished by the College for violations. I note, however, that many other colleges and universities seem to be able to accommodate virtual communities that are open to outsiders. These colleges and universities include many of Grinnell's peer institutions (Swarthmore, Bowdoin, Amherst, etc.) and many that are reputed to be knowledgeable about legal obligations (Cornell, Harvard Law School).
The presence of this clause in the Academic Computer Use Policies seems to me to be highly damaging to Grinnell College's reputation as an advocate and supporter of free speech and free inquiry, and I hope and expect that my colleagues will agree with me that the College officers who imposed it should withdraw it posthaste, with an apology to the students and faculty that they proposed to bind by it.
... and members of these groups cannot be excluded from a virtual community on an a priori basis.
I'm puzzled by this wording of this clause, but I think it means that if a community admits as members some persons from one of the four groups mentioned (students, faculty, staff, or Trustees), it cannot arbitrarily keep out others from the same group who wish to join, though perhaps it can exclude or even expel individuals who disrupt or offend the community in some empirically detectable way (thus providing an a posteriori basis for the exclusion?). Since I don't really understand this provision, I'll refrain from trying to point out potential examples of its misuse.
The assumption underlying the whole of this second new subsection is that the properties of the technological infrastructure on which ``virtual communities'' are constructed are so exotic, so bizarre and fraught with threats to the College's core values, that students simply cannot be trusted to interact and organize themselves into communities in the normal pre-virtual ways. The guidance of the Student Handbook, common sense, and the political and moral understanding that the students themselves bring to the task is thought to be inadequate in the face of these strange new devices. Somehow, when networked computers are involved, it becomes ITS's business to determine whether an organization's membership policies are equitable, whether its record-keeping is adequate, whether it punishes wrongdoers properly, and whether it can share its ``content'' with others.
My view, on the contrary, is that virtual student communities at Grinnell are just communities. ITS is responsible for providing them with Internet services, not with laws. ITS does not have the expertise, the training, or the depth of moral understanding to play the role of lawgiver to student communities. And if there were ever any doubt of their unfitness for such a task, their treatment of the Grinnell Plans community this summer has surely dispelled it.
created July 28, 2003
last revised October 13, 2004