Dalhousie University posted an announcement on July 4 about tips for using cloud-based services on the Microsoft 360 system, which hosts all Dal.ca email accounts.
The announcement stressed the cloud system isn’t completely safe, and users should avoid emailing or storing sensitive files or information in the Microsoft 360 system.
In a time of increasing Internet paranoia, announcements such as these serve as a reminder to question if our personal information is truly safe.
On Sept. 11, Dal posted another announcement about the cloud system titled “Spammers Are Trying To Steal Your Dal Email Account!!!!”
With many bolded, italicized and all-capitalized words, this high-impact post explained how to detect a spam email and what to do if one accidentally responds to it.
“Apply the same knowledge as you would to ‘bad food,’ ” the warning reads. “ ‘WHEN IN DOUBT, THROW IT OUT!!’ ”
We must ask if the fear spread by such announcements is justified. Phishers and hackers have become a part of everyday life, and it is more important to be prepared than paranoid.
When approached for an interview, Dal computer science professor Stan Matwin said there would be no “gory, scary story” from research into Dal’s email security.
Dal’s chief information officer Dwight Fischer says phishing is the largest threat to the university. Phishers present themselves as organizations to trick people into revealing their usernames and passwords, which can then be used to hack the network.
Due to new students arriving every year, there is always a large population unaware that Dal’s IT department would never ask anyone for their username or password, and therefore believe fake “Dal” emails to be real.
“This is not an attack on the system as such: it’s an attack due to the fact that humans use email systems and humans are error-prone,” says Matwin. “But it’s not an attack on the grand system: not everybody’s email will be compromised if somebody hacks into my or your email.”
Topics such as email and Internet privacy no longer apply simply to a person’s home or work computer. Smartphones are widespread around campus, and many aren’t locked, making it easy for someone to pick up an unattended phone and get the information they desire.
Cafés are filled with students using open networks to access the web, and it’s easy for a hacker to watch the happenings on the network and intercept information where they desire.
Dal’s communication policy for students is that they must contact university administration or professors through their official Dal email accounts. “Any redirection of email will be at the student’s own risk,” the policy says.
Jennifer Von Dommelen teaches Dal’s distance education first-year biology course. All the labs, assignments and lessons are done online, and communication tends to be via email. Some of the students do not live within the Halifax Regional Municipality.
“I’d have concerns that [these warnings] might put a student off from contacting me,” says Von Dommelen, “but I don’t think that’s unique to an online class.”
In-person and telephone are options to speak with a professor, as Von Dommelen and Fischer recommended for discussions that include sensitive information. Matwin said completely private communication should only occur face-to-face.
Dal Online, which displays grades, finances and timetables, is under a much more secure system than the emails because it contains such sensitive information.
“These guys aren’t looking for individual’s grades,” Fischer said, “they’re looking to get in to our network and do nefarious things to others on the internet.”
While there are unavoidable risks associated with technology, Matwin pointed out that Dal’s Microsoft Office 365 system doesn’t have ads, making it more secure than many other web-based email systems.
Free email services such as Gmail and Hotmail will scan emails for key words and post advertisements based on those keywords in your email account.
However, the emails on an official Dal account still belong to the school legally.
“If there is some legal situation in the future where the university is liable,” Matwin said, “then they have the right to use our emails.”
Matwin said there are benefits to a shared university network, and that the information could be used positively. For example, the university could determine how many people are using Dal’s wifi in the library after 7 p.m., and decide to keep the Second Cup open later.
“If we can use the data in that sense, without getting at the level of the individual, but totally aggregate numbers, to manage logistics better then I think that we would all benefit from this,” Matwin said.
“It’s something that institutions need to manage carefully, to be able to use the data to benefit the community but still being privacy-conscious.”
After Edward Snowden revealed the National Security Agency was spying on Americans through the Internet, students are no longer just worried about their privacy on the university network, but are also worried about foreign governments snooping in, says Fischer.
Apple, Google and Microsoft all work with the US government. The government continues to ask requests from these companies to obtain data from their networks. Yahoo returned to court last week to fight against government requests for data.
“Most governments would never want what we’re sending back and forth,” Fischer said.
Internet privacy is a concern today, and the university understands, which is why they continue to send out warnings with many exclamation marks. Fischer said changing your password every so often and keeping your username and password private is the best way to protect yourself against hacking.
Matwin recommends that Dal email users make their passwords non-trivial and their usernames discrete in order to make sure they have as much control over their privacy as possible.
“What most people are communicating is relatively safe, but they have to go into it with their eyes open,” Fischer said. “That’s just what it’s like living in today’s digital world.”
Recent Comments