Anonymity Makes IT Security a Must for Higher Education Institutions

When I was an engineering student, I used state-of-the-art computer systems; punch cards and batch jobs on a mainframe. Computer security consisted of a large man and a locked door, and authentication amounted to having access to an account where the computer usage charges went. As time went on, the internet and personal devices changed computers from a tool you used to an integral part of life. Today, the university experience includes a large online component and we are even seeing entire degrees available online with little or no physical contact; a trend that will only become more prevalent in the future.

In terms of security, authentication (who you are) is one of the largest challenges. In 2012, there were 369,132 identity theft complaints in the United States alone.[1] Identity theft is one aspect of the online education problem. People usually think of credit card fraud when thinking about identify theft, but let’s take a closer look at how an online degree works.

You sign up with an online university by creating an account and password. Most of the time, people will use their email address and the same password they use for everything. If you travel, a convenient way to check your email is in the business center found in almost every hotel today. As it turns out, some of the computers in those business centers have key logging programs installed on them so, while you are checking your email, the bad guys are stealing your email address and password. By looking through your email, they notice you have messages from the online university about your recent graduation, so they log in (using your email address and the same password) and they now have a copy of your new degree.

The other aspect of this is that no one knows who is really on the other end of a network connection. Let’s imagine a situation where your promotion at work depends on you (not you in particular, but a less-than-completely-honest version of you) getting a college degree. You have never been particularly good in classroom situations, so you decide to get an online degree. After signing up, you realize you will actually need to log in and take the classes, so you decide to look for a better way. You have a friend who was good in school, but is always looking for a way to make a fast buck. For a small investment, you convince him to take your classes and, at the end of the process, he has some money and you have a promotion. As someone who works for a university, I must recommend that actually getting the degree is a much better way to go.

In both of these scenarios, the problem is authentication. Doing it right is tricky and can be expensive, and it will always depend, to a certain extent, on the honesty of the person presenting the credentials.

As was pointed out in a cartoon by Peter Steiner in The New Yorker, “On the Internet, nobody knows you’re a dog.” [2]

– – – –

References

[1] http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf Consumer sentinel network data book for January-December 2012 – Federal Trade Commission February 2013

[2] http://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you’re_a_dog The New Yorker (1993). “On the Internet, nobody knows you’re a dog”. University of North Carolina at Chapel Hill – reprinted for academic discussion. Title 17 U.S. Code. http://www.unc.edu/depts/jomc/academics/dri/idog.html. Retrieved October 2, 2007.