Higher Education, Interns, and IT Security

Here’s what was important this week…

Former University of Michigan kicker Brendan Gibbons has been expelled from U-M for a sexual misconduct case dating back to 2009. The Michigan Daily has more information about the expulsion, while Washtenaw Watchdogs posted about the entire case in 2011. Both The Michigan Daily and the Ann Arbor News are attempting to gain more information about both the disciplinary action and why Gibbons is only being expelled now, after having spent the last few years playing on U-M’s football team.

In more unfortunate higher education news, the Chancellor of University of Illinois Urbana-Champaign, Phyllis Wise, made the decision not to cancel classes on Monday. Run of the mill, except for the outcry from students who stormed social media, expressing their anger about the decision with #FuckPhyllis. From there it [spiralled into sexist and racist comments about the Chancellor herself](broken link removedd). The Chancellor [responded to the comments](broken link removed), taking them not as personal offense but as a sign that the university has work to do, especially given the diverse community at UIUC. Now UIUC is [sponsoring an event open to the campus and the public where they aim to “move beyond digital hate”](broken link removed), which seems to me like an effort to promote feel-good feelings rather than acknowledge and handle endemic issues that allow racism, sexism, and harassment to exist and proliferate on campus. We’ll see how their event goes.

Northwestern University’s football team has taken steps toward unionizing, but [the NCAA is having none of it](broken link removed). This effort is part of [an ongoing movement](broken link removed) that recognizes that football players are huge moneymakers for universities, yet the athletes themselves don’t receive compensation beyond scholarships because as college students they are classified as amateurs and thus not eligible to receive pay. The Atlantic did an excellent article about this issue in 2011, The Shame of College Sports.

Performing work for little to no real compensation, while adding value to an organization, is also something that interns do. While a recent lawsuit against Conde Nast has set the precedent for requiring interns to be paid (and in response the company cancelled its internship program entirely), unpaid internships remain the norm. In many industries (like publishing), internships are seen as a valuable gateway into worlds that largely thrive on networks and hard work. However, as CUNY lecturer and former manager of the Guggenheim Internship program Michelle Millar Fisher points out:

[“It says a lot about American job culture, the funding of the arts, and museum financial policy that museums are unable to provide even minimum wage to their interns. This is especially important when you consider how many interns museums accept nationwide, as well as how many qualified individuals have been denied employment because of their inability to accept unpaid work.”](broken link removed)

Not only that, but [some have argued that unpaid internships function on the base of prestige](broken link removed), that it requires the privilege to not work for months in order to build necessary experience in order to get a good job in some industries. The Michigan Daily (it’s the school paper where I work, so I read it often) examined the utility of unpaid internships as well, speaking to current and former students about their experiences. I think most internships deserve to be paid, given that most internships no longer fall under the legal category that they’re supposed to and comprise work that other employees cannot do. However, it’s difficult when examining valuable yet underfunded institutions (like many museums) that might otherwise have to close, but are able to get by thanks to the assistance of volunteers and interns.

There are companies that are trying to make it easier for people who are more typically exploited, companies like T-Mobile. They’ve done away with contracts, and no longer force people to lock in to a pricing plan with penalties for breaking contract, or going over data, text, and minutes caps. This allows people with tenuous incomes to still be able to own a cell phone with good service, and change their plan based on what they can afford. Now they’ve taken more steps to help people that struggle to keep a stable income or keep up with expenses–they’re [entering the check-cashing industry](broken link removed).

Typically dominated by the predatory payday loan and cash for check industries that charge outrageously high fees, T-Mobile will make it free for current T-Mobile users to cash checks, and relatively cheap for others to do so as well. (If you’re wondering why people don’t just deposit or cash their checks at the bank, many banks require a minimum balance or charge annual fees to have a checking account with their bank, and fees add up when you don’t have much money). Some may say that T-Mobile is being exploitative by going after the poor to gain market share, but they’re marketing to a population that most companies would rather pretend doesn’t exist, and doing so by making the lives of their customers easier.

IT security is an ongoing battle across the web. [Higher education has to grapple with outside hackers attempting to gain access to valuable intellectual property and large data stores, while also fighting off internal hackers attempting to make off with exam keys](broken link removed). Not only is that a formidable challenge, many hacks are a result of an RDP breach–Really Dumb Passwords. Highly secure passwords are important, but how do we get there? You can test the security of your current passwords by [going to this website](broken link removed), but if you cross-check it against a new tool by Microsoft Research called Telepathwords, you may find that although it isn’t easy for some methods to guess, it’s rather easy for others. But there is hope! Scientific American details attempts to use pictures as memory triggers to generate random passwords for websites. That gives me a bit more hope than endless two-factor authentication, password storing apps, and biometric technology. And for a final note on passwords:

Where is the line between observation and surveillance?

I think it’s the line where anyone types their password, for anything

Security researcher/blogger Brian Krebs proposed late last year that it be compulsory for companies to offer a “bug bounty”, a monetary reward for disclosing vulnerable aspects of software to a company so that it can be patched. If companies offer a reward for these disclosures, it could reduce the incentive of disclosing the vulnerabilities to criminals who pay large sums so that they can then exploit them for their own profit or motives. Snapchat’s hack (which is now out of the public consciousness since high-profile security incidents at Target and Neiman Marcus and Michaels have all happened since) [exploited a known vulnerability that Snapchat was informed of](broken link removed) but did not take strong enough corrective action, when they bothered to take any action. It’s up to many companies to decide whether the cost of offering the bounty outweighs the potential reputation, trust, and infrastructure damage that an exploited vulnerability could incur. Github, the popular code management and collaboration tool, [announced yesterday that it will begin offering a bug bounty](broken link removed).

(speaking of bounties, when doing research on the internet as a bounty hunter,“In a second, what’s false becomes true,”)

Credit card skimmers are one of the biggest threats to security that I fear (and I work alongside the IT security and identity and access management teams). They’re becoming increasingly more sophisticated, and are cropping up all over the world. Of course, with so many systems relying on old software (like Target’s point of sale system hack that Brian Krebs has been investigating in depth), and as Windows XP loses support from Microsoft over the next few years, some parts of the Internet (and devices you don’t think of as being connected to the Internet) could become less secure.