IT on IT: Information Technology

Whenever I think about privacy and computing, I think about Alfred E. Newman’s “What me worry?” line. Alfred had it wrong about computing. Do worry! I change my passwords every month routinely.

Many people spend a lot of time worrying about the government or corporations using computers to invade their privacy, yet they fail to take the few simple steps necessary to protect the privacy of their own computer accounts.

One of the cardinal rules of computing is never share your password with anyone. Would you give your ATM PIN to someone else? Also, make your password at least 8 characters long and mix in numbers like tri1pa8kc, for example. It is common in commercial businesses for system managers to run programs that check passwords by comparing them with dictionary words as a way of identifying accounts that a hacker might crack with little effort. Passwords are encrypted on all Williams College systems so we can’t look them up. Don’t make it easy for someone to get into your accounts.

Many of us make it easy for others to violate our privacy. One of the easiest ways to give others access to your files is for you to walk away from a session in a public lab or an office without logging out. It doesn’t take long for a nasty person to do mischief. Always log out when you leave your computer unattended or when you finish a session.

It’s also very easy to expose yourself by misdirecting an email message inadvertently. Last year I received an irate, though somewhat bemused, note from a dean at another college who had received an amorous note in email from a Williams College student. It turned out that this dean had the same last name and first initial and was at the same institution as the friend of the Williams student, and the misaddressed email had gone to the dean instead of the friend. This type of misdirection happens all the time; many messages end up going to the wrong person. Email that cannot be delivered because of a bad address is sent automatically to a system administrator who then attempts to redirect such misdirected email.

One famous case of misdirected email involved four students at an Ivy League school. The students wrote what many would consider an irreverent piece. They intended the mail to go to a few close friends only. Instead, their mail got forwarded all over the world, and they and the college received thousands of messages asking for their heads. Although technically the college judicial board exonerated them, they paid a great personal price for forwarded email.

One of the basic tenets of electronic mail is never put anything in an electronic message that you don’t want to share with the world. One misdirected keystroke could send your detailed evaluation of a colleague to that very colleague. The person who gets your frank assessment of a student’s work might forward your very carefully crafted and personal note to a list. Your friend could forward something that you never meant for another. It’s your choice, of course, and you’re the only one who can assess what risks you are willing to take.

Even if you choose excellent passwords, direct your email carefully, and don’t get exposed inadvertently, OIT staff are required to turn over subpoenaed materials, including email or materials in electronic form, to federal, state, or local authorities. Because we do backups and keep them for years, a lot of material is potentially available. We also work closely with the deans and senior officers in any harassment case—typically harassing email directed at an individual. (Harassment violates the College’s computer policy.) It is our policy not to monitor any individual’s email or files. If required to, however, we do find and provide subpoenaed materials to authorities.

One more final worry. Relatively speaking, things are safe on campus. We take a lot of care to secure email, files, and snooping. When you go on the web, it is open season if you are not in secure mode. An email message could end up anywhere in the world. And for all you surfers, watch your cookies!