IT Futures – Morals, ethics, surveillance, security

The IT Futures conference raised a number of issues around data, who should be responsible for its safety and what can and/or should be collected. While most of the conference was talking about interesting pieces of research and investigation, a few bits were of relevance to SSP.

The ethics of detail analysis

There are a number of measures in place for making use of student data, for example identifying when a student is experiencing difficulties before an assessment. An early warning system of sorts. However, there are certain data that could be gathered for this which are not. IP address for location of log in, or cause of an absence are two such examples not collected.

The data that SSP uses revolves mainly around student data, so a lot of what has been discussed focused on how this can and should be used. The fact that the access to said data is prevalent in the team means that decisions have to be made on what will and will not be used.

Who is responsibility is it that your data is safe?

It was said in the conference that the University has experienced 12 moderate to severe data security incidents. The key-logger found back in November was one such incident, though it was broken into very easily as whoever used it forgot to change the default password. Universities do not like admitting vulnerabilities, though it was found that three other Institutions, including Birmingham, found key loggers. So this is not an isolated incident among Universities.

The location of data becomes very important for security reasons. The University has an agreement with Microsoft to use OneDrive for storing data ‘safely’. This then puts the responsibility of securely storing that data on Microsoft.

Thinking about where data is secured, either locally or off site with a contracted third party, it pays to think about how the data is secured.

On a side note, it was mentioned that Office 365 has an ability to remotely wipe devices. This can lead to unfortunate situations where a device could be wiped remotely when it shouldn’t be!