As I mentioned in an earlier post ("Shooting Fish In a Barrel"), my university was one of the 25 named bad guys receiving letters about online piracy. My earlier blog was about the College Opportunity and Affordability Act winding its way through the legislative system. Among other things this act speaks to is requiring universities to explore technology-based deterrents to prevent illegal activity.
One such nifty "technology based deterrent is the "University Toolkit"
being offered (FOR FREE, can you imagine?) by the Motion Picture Association of America (MPAA). Not being a "techie", I can get left behind fairly easily on these things and I can also get spooked about privacy invasions with almost no effort at all. (My first reaction to things like On-Star was not 'Great - someone somewhere in the ether can unlock my car for me' but rather 'Good grief, someone knows where I am all the time'.)
Anyway, when I read the Washington Post's Security Fix blog by Brian Krebs titled "MPAA University 'Toolkit' Raises Privacy Concerns" where detailed explanations of the Toolkit are discussed, I was horrified. (this is a blog so I figure I can say things like "horrified" and "yikes")
Apparently, installing the Toolkit on your university's network is like letting the fox into the henhouse. Once installed, the software phones home to the MPAA telling them that it is 'in' and checking for a new version (and who knows what's in that). According to Security Fix, "installing and using the MPAA tool in its default configuration could expose to the entire Internet all of the traffic flowing across the school's network" automatically configuring "all of the data and graphs gathered about activity on the local network to be displayed on a Web page complete with ntop generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited."
Does this bother you? Bothers me. Bothers Steve Worona (director of policy and networking programs at EDUCAUSE) who opined that "no university network administrator in their right mind would install this toolkit on their networks."
In response to these criticism, the MPAA, via Craig Winter, deputy director for Internet enforcement (does that sound like web cop to you?) said the toolkit was in the 'beta' phase. Again, no technology expert here, but why would you release and promote something not finished?
Rather than continue to repeat this informative blog entry by Krebs, I would encourage you to read it yourself, as well as some of the follow-up comments.
When I consider how some of these associations are treating their customer base, the saying about killing the goose that lays the golden egg comes to mind. I laughed out loud the other day when I heard someone say on the radio (completely different context; can't remember who or I'd credit) "We don't want to kill the golden goose; we just want to strangle it until it gives us all its eggs."