Home Blog Archives RSS
¶ Privacy violations
I found out a few weeks ago that one of the CS professors at Brown has been spying on students in his class. Every student in his course is supposed to run a startup script on login to set the correct environment variables and so on, so they add /course/csXXX/bin/csXXX_student_startup to their .cshrc or whatever. The professor added a line in the startup script that runs a program of his to collect every student's web browser history file (which is private). Essentially, he's accessing, logging, and recording their personal data without telling anyone or obtaining anyone's consent. People hardly ever read the course startup scripts, so nobody knew he was doing this for months.

One of the students in the class spoke to him about it, and he apparently said something about de-identifying personal information and using numerical identifiers instead of names. I find it highly intrusive, unethical, and disrespectful that this was done without either notifying students or obtaining their permission. It seems like he did not go through the Office of Research Administration and fill out a proposal to use humans and human data as the subject of research, as University policy dictates he should. Neither did he obtain the permission of the VP of CIS, the Provost, or the General Counsel, as the Brown Computing Acceptable Use Policy says he should. Obviously, it's a fair amount of red tape to cut through, but I'll be damned if I let someone poke through my personal files without at the very least telling me first.

None of this has really gone down yet (I've been pushing for someone to take it up with a dean or provost or something), so I won't say who it is, but personally, I'm disappointed.

No comments, be the first!

Comments disabled until the spammers go away. I hope you comment spammers all die horrible deaths and are forced to delete endless streams of comment spam in your days in purgatory.
• Powered by bBlog