wandlerer's Journal: Are University ITS police going too far?

I am a graduate student at my university and have just been written up for several offenses related to ITS matters. This is the second time - the first was for operating a church website on a server I built with some of my parts in a university computer case. That case is fully documented and concluded.

This new round of offenses comes from 2 areas: A student organization website - which is paid service of the University ACM chapter - and what I call poor ITS policies.

I would like to know what others think about the situation - especially if I am in the wrong here. I have a very long history of not liking the ITS policies - and being very vocal about their shortcomings.

For the website charge - brought about because another church website was hosted - the student organization is paying for the webspace, and I am only the email contact. Yet, because of my past charges, I was the one singled out and charged again. You can read the charges by going to www.jeffwandler.com/ndsustorych2.htm

Is it my responsibility as the email contact to patrol the content too? I was told to take down the website on Nov 22, 2006 at 3:34pm [ the start of the long thanksgiving weekend - how timely for them], and it was removed within 24 hours. However, due to my past run-in, I have again been charged "failure to comply". How long should students get to comply - especially over the long weekend when students are forced to leave campus?

The second charge stems from a very heated debate - on both sides - with a computer login. The university uses a login and password to control access to every computer. Each student can only log in to one computer at a time. However, due to what I perceive as their incompetence, the computers lock up during log in, and then the student is stuck until the login session expires - like 15 minutes. Between classes, this can be very troublesome.

Well, this happened to me, and I called the ITS help desk to have them reset the login.

I was asked for my student ID and name, both of which I provided. Then I was asked for the last 4 of my Social Security Number. I refuse to give that to anyone - so I refused this time also. I am not sure why the ITS help desk [staffed by students] even has that information. Because I refused to give that, the student asked for more information - my address, and my birthdate. I didn't give the birthdate either, because that can also be used for identity theft.

I finally got fed up, said I would come over and smack the guy, he responded by telling me to come on over. He did provide the IP address of the computer, but also said "we don't know where that computer is". I am now charged with making threats [to smack him], using profanity [which I have never done to anyone - in person or on the phone] and disorderly conduct. His statement, however, specifically lists where the computer I was logged onto was.

The question here is, does anyone else know of any computer security policies that use SSN as a security field? Why?

When not in school I also work for a large computer company, and when I call their national ITS help line, all I have to provide is my name and ID number. Isn't that why schools use ID numbers?

Is it safe to give every student's information to student workers making $6.50/hr and with minimal oversight?

Does anyone have any experience with this? Any suggestions of what my next step should be?