Universities implementing higher "security" systems

[D Rusak]

I work for a major university in the Philadelphia area, among other jobs.

Today in my inbox I received the following email:

As you know, colleges and universities throughout the nation – including X – are implementing stronger security alert systems. Today, I am announcing an important improvement to our alert systems, and I am asking for your help to ensure that our enhanced approach is as effective as possible.

Your safety is our utmost priority. We are committed to ensuring a safe environment for learning, living and working. Beginning today, we are implementing MIR3, a unified, multi-modal emergency communication system capable of creating and sending instantaneous notifications to students, faculty and staff using email, text messages, TDD/TTY, land lines and cellular telephone calls.

In the event of an incident that potentially threatens the campus community, this new capability will be incorporated into our current use of email blasts, voicemail messages, a recorded hotline and alerts on _www.x.edu with links to relevant information.

I am asking all students to immediately log onto your X account at _http://x.x.edu and make certain that you have provided the required emergency notification information, such as a cell phone number, that we can use to contact you in the event of an emergency. All faculty and staff should do the same by accessing the Employee Self Service system at _http://ess.x.edu and updating the emergency notification section.

We are justifiably proud of the fact that we are one of America’s safest large urban campuses, and we are well prepared to manage crisis situations. To help ensure your safety we need to know how to reach you in an emergency. Please follow the directions below to update our records.

(note: I deleted the actual university from above)

Well, the first thing I did was go to employee self-services and figure out what personal information was actually listed on there. Interestingly enough, the only required information (at least for right now) is my address, and my bank account for direct deposit (which all faculty, staff, and grad assistants are required to have to be paid). My phone number wasn't required, so I made sure to delete that information, as the colleagues that need to reach me have my information already. I then noticed a link at the bottom of the page related to the university's privacy policy. What I learned was disturbing, albeit expected. The university has a third-party contractor that handles the data collected for these purposes. I will include the exact wording tomorrow, the website is only up between 7 and 7, and I didn't print it out earlier. Let's guess who these "third-party" guys might give all of that information to.

The university has been much more strict about security issues, particularily entering buildings, signing out rooms, computer labs, etc., but I suppose I was a little surprised by the blatantness of this action. Give us all of your private information! It's for your own good! (with a side of expecting something bad to happen).

Reminds me of the following:

There is an Eastern tale that speaks about a very rich magician who had a great many sheep. But at the
same time this magician was very mean. He did not want to hire shepherds, nor did he want to erect a fence
about the pasture where the sheep were grazing. The sheep consequently often wandered into the forest, fell
into ravines and so on, and above all, they ran away, for they knew that the magician wanted their flesh and
their skins, and this they did not like.

"At last the magician found a remedy. He hypnotized his sheep and suggested to them, first of all, that they
were immortal and that no harm was being done to them when they were skinned; that on the contrary, it
would be very good for them and even pleasant; secondly he suggested that the magician was a good master
who loved his flock so much that he was ready to do anything in the world for them; and in the third place,
he suggested that if anything at all were going to happen to them, it was not going to happen just then, at any
rate not that day, and therefore they had no need to think about it. Further, the magician suggested to his
sheep that they were not sheep at all; to some of them he suggested that they were lions, to some that they
were eagles, to some that they were men, to others that they were magicians.

"After this all his cares and worries about the sheep came to an end. They never ran away again, but quietly
awaited the time when the magician would require their flesh and skins.

 

[D Rusak]

Here's some info about MIR3:

from their website:

MIR3, Incorporated is a privately held company headquartered in San Diego, Calif. The company provides automated Intelligent Notification (IN') solutions for global and enterprise-wide communications and business continuity. MIR3's products are built on a geo-dispersed, scalable telephony and application server platform that directs the global dissemination of time-urgent information to and from any communications device across any communication medium.

Active Clients include the world's top petroleum, soft-drink bottling, and consumer goods companies, IAC Interactive - which operates TicketMaster and Match.com, Belkin Worldwide', US Air Force, Homeland Security's National Medical Response Teams,The Red Cross, LA County Department of Health, and the County of Orange, California, with 3.5 million recipients integrated into MIR3 Intelligent Notification. The Company licenses its platform to a growing network of business partners.

An interesting blog post from an individual at a university that already uses MIR3:
_http://notes-from-a-sticky-wicket.blogspot.com/2007/09/mir3-this-is-earth-calling.html

Article about Brown U, and other schools that use this system:
_http://www.marketwire.com/mw/release.do?id=781481

Article about a partner of MIR3, a company called ESi

ESi’s WebEOC, the world's first Web-based emergency management communications system, provides cost-effective, real-time information sharing. By linking local, state, national, and even worldwide incident stakeholders and information sources together, WebEOC facilitates decision-making in planning, emergency and recovery situations. The result is secure, real-time access to state and national weather trends, satellite images, mapping information, details of operations in other jurisdictions, local, regional and even national resource status and other data vital to the efficient management of any contingency.

ESi WebEOCAlert powered by MIR3 will allow business continuity managers, emergency managers and first responders the speed and ability to reach more people more quickly on more communication devices than ever before, including cell phones, satellite phones, land lines, two-way SMS, email and PDAs. Additionally, the enhanced solution will offer improved accountability through post-event audit reporting and provide detailed information such as who received what notification, at what time and how the response was executed.

Verrry interesting.

Another partner of MIR3:

San Diego, California – November 8, 2004– MIR3™, the technology leader in
Intelligent Notification™ solutions, today announced that the company has
partnered with Four Points Technology, a Fairfax, Virginia-based provider of
hardware, software and integration services to Federal and State government
agencies. According to the agreement, Four Points is a GSA schedule holder for
MIR3’s Intelligent Notification solutions, which are based on a versatile, rules-
based notification platform that streamlines the dissemination of time-urgent
information to and from any communications device.
MIR3’s partnership with Four Points will allow the company to utilize Four Points’
GSA schedule contract and sales expertise with public sector agencies and non-
profit organizations. The partnership also allows MIR3, with assistance from Four
Points, to further penetrate the government market. Many agencies at the
federal and state level, including the City of Miami, Louisiana’s Calcasieu Parish
Police Jury and the County of Orange, California, have already chosen MIR3’s
Intelligent Notification technology for emergency communications to meet
Homeland Security and public safety initiatives.

_www.4points.com/solutions/pressrelease1.pdf

 

[anart]

Thanks, D - quite the 'desperate push for total control' going on here, and it is accepted as normal, as business as usual. Programming is complete.

 

[D Rusak]

The university's disclaimer:

Disclaimer: The emergency notification system is operated by a third-party vendor. Delivery of messages is dependent on the networks used by your wireless phone or internet provider. Although the vendor assures high reliability, no system is perfect, and there is no guarantee that you will receive messages in a timely fashion or at all. In addition, your wireless phone provider may charge you to receive SMS messages.

In other words, you should trust these guys, because they say so. If you don't receive messages, don't worry: SOMEBODY's making use of that data.

 

[rylek]

Hi D,

I had something not quite as 'bad' but similar happen to me today.

I am both a student and an employee at my university. Today I received an email from my boss where he writes that all the staff and student employees need to fill out some additional forms otherwise we don't get paid.

There are two forms; first one is the standard bank info and personal info intended only for the human resources people; the second one is titled

"Equal Opportunities Monitoring Form and HESA (Higher Education Statistics Agency) Data Requirements"

further saying that

"The University requires this data for statistical purposes only. We would be grateful if you could complete and return to Human Resources the following personal information."

I guess equal opportunities is as good an excuse as any other. In the second form they're mostly interested in nationality, ethnicity and disabilities but also ask for your name, date of birth and gender. If it's just for statistics why do they need names and other info that's unnecessary for statistics?

Anyway, on the HESA's web pages one can find the following: http://www.hesa.ac.uk/index.php/content/view/131/180/

What kinds of personal data does HESA hold?
We hold coded information on students and staff in Universities and HE Colleges, known as Higher Education Institutions (HEIs). We also hold information on customers and other people who have had contact with HESA where it is necessary to allow HESA to carry out its functions. Our customer information is used for marketing HESA products and is not passed to anyone else.

Do you hold information about me?
If you have been registered as a student, or employed as a member of academic staff in a publicly funded UK Higher Education Institution at any time since 1994/95, it is likely that HESA will have a record about you. From August 2004 HESA will hold information on all staff at HEIs.

So pretty much anyone who's had anything to do with higher education is in their database. Who has access?

What does HESA do with this data?

Statutory Uses
HESA collects information on behalf of government departments and agencies and devolved administrations which require it to carry out their functions in relation to the funding of education.

The organisations that receive datasets are:
The Department for Innovation, Universities and Skills
Welsh Assembly Government
Scottish Executive (Scottish Government)
Department for Employment and Learning, Northern Ireland
Higher Education Funding Council for England
Higher Education Funding Council for Wales
Scottish Further and Higher Education Funding Council
Training and Development Agency for Schools
Department of Health
Research Councils

That's a pretty long list. And finally,

We will NEVER use this data to affect an individual personally in any way.

Yeah right.

Anyway, that's one example of one part of society covered by 'total awareness'.