DUKE ITAC - March 13, 2003 Minutes
Minutes: March 13, 2003
Ed Anapol, Mike Baptiste, Wayne Miller (for Dick Danner), Angel Dronsfield, Brian Eder, Nevin Fouts, Tracy Futhey, Alfred Trozzo (for Paul Harrod), Bob Newlin (for David Jamieson-Drake), Ben Riseling (for David Jarmul), Scott Lindroth, Roger Loyd, Greg McCarthy, Melissa Mills, Tim Bounds (for Caroline Nisbet), George Oberlander, Mike Pickett, Rafael Rodriguez, Molly Tamarkin, Fred Westbrook, Robert Wolpert, Steve Woody
Linda Goodwin, Chris Cramer, Dan McCarriar, Kate Hendricks, Paul Stirrup, Bob Currier
Call to order
Meeting called to order 4:04 pm.
I. Review of minutes and announcements
II. Responding to requests for employee/student information
III. Longevity of digital collections and digital media
IV. Working policy on top level domain names
V. Wireless networking update
VI. Other business
NSF call for proposals
Tracy Futhey: The National Science Foundation has a couple different requests for proposals out. Some of these projects would likely benefit from the light rail project so it's important to keep us informed if you want to submit something.
Tracy Futhey: We’re in the process of hiring someone for all the Web projects that we’re doing. The interview process is underway, but it will take a month or two to get someone. I’ve asked Dan McCarriar to be the lead on some of these meetings. For the next couple of months he'll be dealing with these kinds of Web-related requests.
Tracy Futhey: Now that we have an enterprise directory we're trying to get up-to-date e-mail data in there. Robert Carter and Suzanne Maupin have been meeting with departments to encourage them to enter correct data in the directory. Not having e-mail information in the directory is like having a phone book without the numbers.
Paul Conway: The North Carolina Networking Initiative (NCNI) has granted Duke, UNC, and NCSU a $70K grant to investigate Shibboleth implementations. Duke is the lead. This has three implications:
- We’re climbing up the learning curve on middleware;
- We’re promoting a healthier collaborative environment in the Triangle, and
- We’re gathering the information we need to develop a complete funding proposal for future research.
Fred Westbrook: I'm getting married. As a result, I will be taking a leave of absence from ITAC. Thank you for two wonderful years. Linda Goodwin is the new director for CIT at the Nursing School and she will be taking over for me.
Angel Dronsfield: Billy Herndon’s mother passed away last night. He is out this week. He knows that your thoughts are with him, but he asks that you please not call him right now. Cards and e-mails are preferred.
Robert Wolpert: Tech Expo '03 by the Duke Computer Store will be held in the Searle center March 18, 2003.
Presented by Kate Hendricks, Paul Stirrup
Kate Hendricks: You're probably all familiar with the USA PATRIOT Act that was designed to make federal government investigations of terrorist activity in this country easier. What is in the act is not much more than what was in the law before, but because it is new it has raised a lot of interest. Here are some items that you, as Duke employees, need to be aware of:
- If you're contacted by any law enforcement authority or anyone purporting to be a law enforcement authority, contact Paul Stirrup. There is no reason that you should feel obligated to try to deal with this.
- In general, the information we can give to authorities is "directory information." This includes name, address, telephone listing, e-mail address, dates of enrollment or employment, etc. So, when asked for specific information like an e-mail address, you can give it to them. However, if they ask for information about specific activities, they need a court order or subpoena.
- One exception to this is with electronic communications. If there's an emergency or if a situation involves immediate danger or death (e.g. if the Sharon Harris nuclear facility is about to be bombed), then you'd give them the information and we'd sort it out later.
- You don't have to worry about HR information. We have other people to handle that.
The main thing to remember is that "directory information" is okay to give. "Activity information" is not, unless the exception applies.
Mike Baptiste: Other institutions have already had visits by law enforcement. They are told, “You cannot tell anyone we were here.” By calling [Paul Stirrup], am I setting myself up as a violator?
Kate Hendricks: They do not have the right to do that to you. The point, I think, is that you can't go to the newspaper and tell them the story. However, you can call us. We've gotten those kinds of search warrants before and we’ve been directed not to tell people, but they're mainly concerned about people outside Duke. We have a right to know what is going on inside Duke.
Brian Eder: What about patient information being released?
Paul Stirrup: That type of information is covered by HIPAA (Health Insurance Portability and Accountability Act of 1996) and HIPAA is completely different.
Kate Hendricks: But if you get a request like that, go straight to the HIPAA people in the Health System. We generally don’t give out any information without a subpoena. If anyone asks for information without a subpoena, call one of us. In fact, if they have a subpoena call us anyway.
Robert Wolpert: In past there have been disputes about what is and what is not directory information. Who at Duke makes the call?
Mike Pickett: I think it is the Registrar who makes that decision.
Melissa Mills: Are you aware of any reason the Duke Unique ID would be defined as NOT directory information?
Kate Hendricks: In my opinion that is not directory information.
Mike Pickett: The way the law is written makes one inclined to think that the Unique ID is not directory information. Other schools have decided it is. This is a long ongoing discussion.
Chris Cramer: What about retention policies for logs and data? Do we need a policy?
Kate Hendricks: It is always a good idea to have a policy. The main question is, can you enforce that policy? If the policy says to retain records for three years and you find someone keeps them for five years and someone keeps them for one year, that makes a case against you more easily because your credibility comes into question. It doesn’t look good that you are inconsistent.
Angel Dronsfield: How does the process work with Clarence’s [Chief Clarence F. Birkhead Director of University Police] office? We get a lot of requests from Clarence’s office.
Paul Stirrup: If his office contacts you for information, that is an internal request for internal information. As far as I know, Clarence is on board with the idea that this is internal information and he will not release it externally. If someone outside Duke is trying to get around you by going straight to Clarence, he knows what is going on and what the policy is.
Mike Pickett: Perhaps it would be a good idea to draft a policy or some guidelines. A lot of people, like system administrators, may like to have a some information about who to contact if a request is made to them.
Presented by Paul Conway
The big picture from organizations like universities is what I call the "irony of modern media." This is the concept that our ability to store information more compactly has grown, but the longevity of that storage has declined.
When we talk about digital media we’re really talking about media systems. The survival odds of any given media for a long period of time is not good.
There are 5 risks to digital collections and digital media:
- sheer quantity
- the Web versus deep Web
- dynamic content—most content is tied to a specific application
- fugitive file formats
- media system longevity
There was recently a common solutions group meeting in Austin that attempted to bring libraries and IT people together for the common purpose of managing content. Where we presently are is a life support model and where we want to be is preventive health.
There are three key areas regarding the issue of digital asset management or institutional repositories:
- dealing in a rich way with rights management
- control zone
- resolving content domain tensions
Some questions facing us are:
- What are the assets out there that we need to manage?
- How are we going to put systems in place to manage this? This is something Duke needs to step up to. We are not alone in worrying about it.
Mike Baptiste: In terms of longevity of data from information archiving, is there any technology out there people are excited about?
Paul Conway: In terms of media, no. In terms of metadata, yes. There is an open archives initiative that is coming out of the space science community that is specifying a metadata model.
Robert Wolpert: Should we have a basement room somewhere with a 8 inch disk drive and an 8 track tape machine?
Paul Conway: That's the museum archive model. I'm holding forth for a more aggressive approach to records management. Assigning a life expectancy to data so we can tie media refreshing technology to it. And creating a policy that says, "thou shalt not put anything on media unless you put a life expectancy on it."
Presented by Robert Currier
Over past several months we've had several domain name conflicts between groups that have registered a domain name and new groups who want the name. We've had to mediate disputes. This document contains that latest iteration of domain name guidelines. I am open to questions or comments.
George Oberlander: If a department goes through the proper procedure and gets a name, they are the owner. If another department wants the name, but the first group is using it for an ephemeral purpose, am I correct in understanding that the first department still owns the name?
Tracy Futhey: Duke owns the name and the name is assigned out.
George Oberlander: But who is Duke?
Molly Tamarkin: I faced a real fight to get "nicholas.duke.edu" as a domain. Two things would help:
- An appeal process—a committee of people who can review requests;
- Change the language in this document where it says “all conditions need to be met” to read “any conditions need to be met.”
Brian Eder: Before a name goes into effect can we have somewhere that people can view it or consider it before it goes live in case there is an issue?
Mike Baptiste: We have a shared materials lab used by lots of schools, they wanted "sm.duke.edu." There was conflict putting it in the Pratt domain because it is not really a Pratt initiative—it is used by many. How large does the entity need to be to qualify for a domain name? Also, what do you need from the dean as an approval? An email?
Melissa Mills: We had an internal policy that we would include the segment ".aas" if it were on an arts and sciences server. Would the sponsorship by the dean be representative of the University?
Brian Eder: Can we look up addresses used already?
Bob Currier: nslookup.
Mike Pickett: I suggest Bob and I get together with other people who have ideas and write something up and bring it back and present it.
Brian Eder: Is David Jarmul’s office involved?
Robert Wolpert: The real hole is the absence of some organization to make the call or the decision.
Chris Cramer: One more issue we may face: How many are dot orgs and dot coms from external sites? What will prevent a department or group from going out and registering "nuclearphysics.duke.com" or something similar?
Mike Baptiste: And is it up to me to stop linking to my pages from an external machine?
Presented by Bob Currier
This is a map of current wireless coverage. There are currently 324 wireless access points as of last Friday (March 7, 2003):
- 177 are on west campus public
- 5 are on central campus
- 3 are on east campus
We've been chasing a demon on ResNet for a month and a half that we finally tracked down where new laptops were bridging wireless and bringing the ResNet network down.
Robert Wolpert: Are there any bright spots in antenna technology? Is it easier to cover more area?
Bob Currier: It is. A lot is happening. Given the huge state of transition I think we're safe using what we're using.
Mike Baptiste: What about outside coverage? Has there been any investigation into aesthetically acceptable antennas that will be placed outside?
Bob Currier: It comes down to usage. I am curious as to how many people would use coverage outside and between buildings.
Mike Baptiste: What is thought now with the VPN infrastructure to allow the wireless network to encrypt the traffic? We’re nervous because our biggest users turn out to be the administrators, and we would like to start encrypting that information.
Tracy Futhey: Do we have data on the number of registered users and how the data has changed in the past few years?
Bob Currier: We see anywhere from 150 to 300 connections at the same time. Our statistics only go back about a month or two.
Tracy Futhey: Do we have a way to track unique users?
Bob Currier: We have over 3,000 unique users, but we don’t know how many are active.
Tracy Futhey: Is it possible to track how many on a daily basis?
Bob Currier: Yes, we can track that.
Chris Cramer: I think we had one case where we went to track down a user and it wasn’t who we thought it was because the laptop had been sold.
Angel Dronsfield: When are we going to implement wireless on Broad Street?
Ed Anapol: We’re ready to do that now.
Tracy Futhey: How do we decide what building to handle next?
Mike Baptiste: What about new buildings? Do I need to budget for wireless outlets or will OIT pay for the original upfit?
Robert Wolpert: Bob, do you need anything from us?
Bob Currier: Guidance as to areas you would like us to go next, and thoughts on security versus coverage.
Robert Wolpert: How does the VPN option affect the decision for balancing coverage with security?
Robert Wolpert: If there are things you'd like to see on future agendas, send and e-mail to Mike, Tracy, or me and we'll see what we can do