Internet-worthy: Getting Students Fit for the Road Copyright 1995 CAUSE. From _CAUSE/EFFECT_ magazine, Volume 18, Number 1, Spring 1995. Permission to copy or disseminate all or part of this material is granted provided that the copies are not made or distributed for commercial advantage, the CAUSE copyright and its date appear, and notice is given that copying is by permission of CAUSE, the association for managing and using information technology in higher education. To disseminate otherwise, or to republish, requires written permission. For further information, contact Julia Rudy at CAUSE, 4840 Pearl East Circle, Suite 302E, Boulder, CO 80301 USA; 303-939-0308; e-mail: jrudy@CAUSE.colorado.edu INTERNET-WORTHY: GETTING STUDENTS FIT FOR THE ROAD by Susan Allmendinger ABSTRACT: New students at the University of Delaware are required to pass an Electronic Community Citizenship Examination (ECCE) before getting access to computing resources. The process is teaching students about responsible computing and good citizenship in the Internet community. New students at the University of Delaware had to prove that they were Internet-worthy last fall before getting clearance to use University computing resources. The students studied a little manual and took a quiz that posed questions in several categories about responsible computing practices and standards. They responded to multiple-choice questions about good password construction, exclusive use of their access codes, software license regulations, policy and disciplinary proceedings for violations, privacy, chain mail, and rights vs. privileges as they pertain to the University's computers and network. In all, they had to correctly answer ten questions. Approximately 3,500 of the 4,000 new students this year have passed the quiz, called ECCE (Electronic Community Citizenship Examination). ECCE, which is also the Latin word for "Behold!" (or "Pay Attention" or "Yo!"), asked new students to identify the responses that make up the University's standards for responsible computing. As certified citizens of the electronic community, they now know why the University makes access to the Internet available and how its intent defines acceptable use. They know that, in addition to its concern for the integrity of its own computing resources, the University is determined to do its part to contribute good citizens to the Internet community. In their manual, Responsible Computing, they read about the University's aspirations for its students to become competent in information technologies: * Students should know how these technologies are used in their disciplines. * They should be able to take full advantage of resources available on the network. * They should be able to use electronic tools--electronic and voice mail, the voice response registration system, and word processing, for instance--to make them more productive. The students were asked to imagine the Internet as a frontier or wilderness waiting for civilizing settlers. They can now think of the Internet as an emerging community and can assume responsibility for helping with that process. They got pointers on being good Internet citizens. "Know what it means to be responsible," they were told. "Be aware of the thousands of others who rely on University computing resources to do their work." And they learned something about how the outlaws operate and about the common activities of hackers--cracking passwords, crashing systems, invading privacy, etc. Students began to realize how casual attitudes to system security can make it fall prey to the outlaws. They became familiar with established disciplinary procedures for abuse of computing privileges. When system integrity or performance is at risk, a student's access can be disabled summarily. Serious problems are referred to the student judicial system. Misconduct in the course of using computing resources is subject to the same code as any misconduct. HOW WE WARMED UP TO IT University of Delaware students are eager to get on the Internet, and they come to campus expecting access to the network. The University first made e-mail access available to all students in the spring of 1992. Several hundred students took advantage of this access that first spring, a few thousand the next year, and 12,000 in 1994. Nearly all students currently access the Internet. They exchange e-mail, participate in news groups and games, and explore the World Wide Web using Mosaic. Increasingly, they protest the computing resource limits imposed on them. This was according to plan--a five-year plan for all students to be competent in computing by 1995, including electronic communication. Anticipating questions and confusion, if not problems, about appropriate use of computing resources, the University established the Policy for Responsible Computing, which was approved in the spring of 1992 by the administration and the Faculty Senate. Introducing 15,000 students to electronic messaging, discussion, and information resources presented a formidable challenge. While we talked about community and responsibility, the Internet seemed to set them free. Some of them seemed to shed all vestiges of civilization, lighting out for the territories. In general, students seemed oblivious to the notion that responsibility, or any kind of standards, pertained to using computing resources. This was especially frustrating because of our efforts to include the policy in the student handbook and to publicize its importance. They were unaware of their responsibilities in different areas. Many students simply enjoyed telling their friends what they picked for their "secret" passwords or letting "little brothers" use their computer accounts. One model student/citizen who crashed the computer confessed, "I've never done anything wrong!" He was dismayed. A handful of crackers, stopped in their tracks, were dumbfounded that anyone would interfere with their antics or cramp their style. When confronted by the terms of the Policy for Responsible Computing, they returned not looks of embarrassment, annoyance, or penitence, but blank stares. We realized that we needed to put the policy into operation. We needed each student's undivided attention, even if just for a few minutes. SHARPER IMAGES It is too soon to measure the impact of the awareness program on new students. The fall semester was not free of electronic chain mail and complaints of stolen accounts and harassing messages. But students did not complain about the test. We haven't seen a "down" side. Students are able to log in to the central computing systems over the network to take the test, so it is readily available for the taking around the clock. The test is designed to report the correct answer when a wrong one is entered and to be taken over again as often as necessary, in the manner of a tutorial. Last fall, new students waited in very long lines to activate their access codes, but this was primarily the result of so many of them wanting an early start in using computing resources. We would like to extend the test requirement to upperclassmen and are working on some schemes for doing this that won't disrupt their computing access or incur their wrath. The program had a favorable impact on faculty, who helped initiate it by distributing manuals and discussing responsible computing during new student orientation. Many welcomed the manual and test as tools to enable them to join in the education effort. Some used the material with upperclassmen. Perhaps the most significant outcome of the awareness program is the creation of some clear images. We used images of the frontier and outlaws, inspired by Lonesome Dove, as a way to affirm good citizenship on the Internet. Gus's comment on Jake Spoon's hanging, "Ride with an outlaw, die with one," was a harsher image than we wanted, but, "Don't ride with the outlaws!" seemed good. We wrote about driving a "civilized wedge" into "unsettled territory." The test has helped students to understand the Internet as a virtual community, themselves as good citizens of that community, and hackers as outlaws. With well-defined models, they can now make responsible decisions as they explore the Internet. ============================================================= Sidebar: Sample questions from the ECCE quiz [1] 1. Just as I might lend my car to my roommate, it is OK to share my computer account with a friend. a This statement is true. It's my account. b. This statement is false. I may not share my account with anyone. c. This statement is true if my friend and I are taking the same class. d. This statement is false, but it is OK to share my account with my younger brother because he is also a student here. 2. The best place to keep your password is a. written on the back of your ID card. b. on a piece of paper you carry in your wallet. c. on the bulletin board in your room or office. d. in your head. You should never write your password down. e. in a computer file on your UNIX account. 9. If I am found guilty of violating the University's Policy for Responsible Computing, a. I may lose my computing privileges. b. I may be subject to other sanctions from the Dean of Students' office. c. I may be suspended or expelled from the University. d. I may receive counseling on proper computing behavior. e. I might be liable to prosecution under federal, state, and local ordinances. f. If found guilty, I may be subject to any or all of the sanctions listed in items a to e above. 15. Who is responsible for the smooth running of the Internet and all computer networks connected to it? a. The computing center staff at the University. b. InterPol, the international police agency. c. Everyone who uses the network, including students, faculty, and staff at the University of Delaware. d. No one. e. The Interstate Commerce Commission. ============================================================= Footnote: [1] CAUSE Information Resources Library document CSD0990 includes the full set of thirty questions that the ECCE quiz draws from, as well as the University of Delaware's student manual for responsible computing. To order a print copy, call 303-939-0310; an ASCII text version is available by sending e-mail to: search@cause.colorado.edu containing the message: get csd0990 ************************************************************* Susan Allmendinger is Assistant Director for Systems Security and Access Information Technologies at the University of Delaware. She is responsible for formulating and promulgating policy pertaining to access and system security. ************************************************************* Internet-worthy: Getting Students Fit for the Road 2Hó4Aíò8+Hó8AíòD+Hó