New privacy precautions ban chatting programs from university computers

In light of recent leaks of confidential data from various provincial government sectors, Memorial University is beefing up their precautions to ensure that private information belonging to both students and faculty is secure, by implementing a ban on all instant messaging programs on university-owned computers.

In the last six months information from Eastern Health, the Eastern School District, and the Department of Worker’s Compensation, have all experienced in a breach of private information, where things like a patient’s HIV status, and personal records of more than 20,000 high-school students, were exposed.

Graham Mowbray, director of Computing and Communications at Memorial, says that the incidences involving Eastern Health and Worker’s Compensation had to do with transferring files over peer-to-peer instant messaging systems, an issue which the University has rapidly addressed.

“There was a government privacy section that was proclaimed [on] Jan. 16 of this year, that places the legal responsibility of the protection of information on an institution and its permanent head. It puts a legal reasonability on the institution and the admin to protect private information from unauthorized disclosure,” said Mowbray.

Mowbray says that the ban of instant messaging from all Memorial owned computers, such as those in the library Commons and various computer labs around campus, came on the heels of this announcement made in mid-January.

“Instant chat and messaging [is] another way that a breach in security could happen. With this, file attachments could be sent along with messages, which may appear to be secure … but in actual fact could install some malware or keyboard recording program when it is opened,” he said.

Mowbray says it is this issue that the University is trying to eliminate, and that there are more parties involved in a simple online chat, through such mediums like MSN, than most may realize.

“Take MSN, if you are I are exchanging messages, that message goes through Memorial’s firewall, down to some server the in the States, then back up through Memorial’s firewall to you,” he said.

“The fact that the data goes through that process means that the data is at risk, and that the information we exchange could be stored somewhere where the University doesn’t agree with or doesn’t want it to be stored.”

Mowbray admits many students may have wished to access a messenger service last week from campus, and suddenly found themselves no longer able to do so.

The hasty halt on instant messaging services was due to how severe Memorial actually deemed the risk to be.

According to Mowbray, because the decision was made so quickly to ban instant messengers, the University was unable to provide an alternate chat option to compensate.

“We made the decision that the right thing to do was to shut down or stop the technology because [of this] legal liability that existed,” he said.

“In a perfect world we would have thought about this nine months ago if we knew that we had to shut down chat, which would have given us time to maybe have been able to provide an alternative … but I guess we weren’t that smart.”

While there may be discontent among students and staff regarding the ban, Mowbray says the University always strives to progress, rather than regress, when it comes to communication.

“If there is a program that doesn’t allow file transfers, then we would look at allowing them. Memorial has a sophisticated network, a network which we don’t want moving backwards in terms of losing functionality and using less resources. We want to move forward,” he said.

By Kenny Sharpe