Electronic Learning and Privacy:

A Note for My Students at UWF

Norman Wilde, Professor, Department of Computer Science, August, 2010

The University of West Florida uses electronic learning systems to provide enhanced opportunities for learning. However it is important to be aware that the use of electronic systems raises issues of security and privacy which are not easy to resolve.

The following is just my opinion, based on my limited understanding of the systems in place. I have not extensively researched the design and implementation of our systems but I feel it is important to post a warning BEFORE the semester starts. Remember I could be wrong!

Privacy Considerations with eLearning and Similar Systems

Our systems are password protected and use encrypted internet communications to eliminate some ways of breaking in to a system. However, all electronic systems may present problems of privacy:

Such systems may track your usage in considerable detail. For example there may be a record of what pages you have visited or not visited.
Systems may store many things indefinitely, including things such as exam questions and answers, discussion comments you write and pager messages you send.
They may even store things you think you have deleted; in some cases items that you delete may be simply marked as "hidden".
The University of West Florida policy is that course data is archived indefinitely after the end of the semester.

There are some things we should all be aware of at the current state of the art in computer security and privacy:

There are few truly secure systems; systems at universities and software developers are usually no better than most.
Data once stored will probably be copied many times, for example as system backups are made, so there may be many ways that information can leak over time.
Even if good security is in place now, we cannot guarantee that it will be in place in the future. People come and go, organizations go out of business, and hacker techniques improve.
Data can be recovered even if it has been "deleted" or if disks are "reformatted". A recent study was made of 158 used hard drives purchased on eBay or from computer stores selling used equipment. (See http://www.computer.org/security/garfinkel.pdf.) A lot of very sensitive data was recovered including medical data, electronic mail, and credit card numbers.
The cost of storage has dropped so low that many organizations find that it is easier to just keep data than to go through all the steps needed to delete it.

What I Think This Means

The combination of "track everything" with a policy of indefinite storage creates some possibilities. Let us consider a few paranoid scenarios:

Your answers to an on-line quiz are posted on the internet 20 years later, where employers and friends can see them.
You get upset by a grade and page the instructor with a complaint; 5 years later you are denied a job because an employer sees it and decides you might be hard to work with.
You exchange a large number of messages with a classmate on perfectly legitimate subjects, but 10 years later he takes up terrorism. The FBI subpoenas the UWF's records and starts an investigation of you!

None of these scenarios are likely. But all of them would seem to be possible!

The bottom line is that you should not type anything into an elearning system that you would not want to share with your mother, your pastor, your spouse, your future employers or the police.

By the way, you should probably be just as prudent with any electronic mail you send, at the UWF or anywhere else. It also may be archived indefinitely just about anywhere.

A Note On Responsibility

Since most of my students are aspiring Software Engineers, we should all be aware of the Software Engineering Code of Ethics and Professional Practice (see http://www.acm.org/about/se-code/). This code says, in part:

Software engineers shall act consistently with the public interest. In particular, software engineers shall, as appropriate:
1.03. Approve software only if they have a well-founded belief that it is safe, meets specifications, passes appropriate tests, and does not diminish quality of life, diminish privacy or harm the environment. The ultimate effect of the work should be to the public good.
1.04. Disclose to appropriate persons or authorities any actual or potential danger to the user, the public, or the environment, that they reasonably believe to be associated with software or related documents.

Question for Discussion: Electronic learning systems attempt to serve "the public good" by providing enhanced opportunities for learning. How can we balance that good against possible privacy losses?