Tufts Communication and Computer Services (TCCS) left many Jumbos disconnected in the wake of a misguided computer policy.
TCCS confronted a very real and persistent hacking problem when it prohibited insecure telnet access to Emerald. TCCS officials are very much at fault, however, for the way they implemented their policy. They prioritized their own convenience over the students they are supposed to serve.
TCCS's approach was unreasonable, especially in light of the amount of time that they have had to deal with this problem. Insecure telnet is not a recent problem for computer services. Tufts cooperated with the Federal Bureau of Investigation as far back as 1998 after high-level hacker attacks. Hackers used routine Emerald accounts in an attempt to probe and later take control of computer servers. This large time frame should have provided for a more well thought out implementation of a new computer policy.
It is a shame that TCCS is not well grounded in its communication skills. The process for eliminating insecure access to telnet seems easy enough: Advertise planned changes, and setup a well organized support net to field questions and concerns.
TCCS did neither. The only changes mentioned were on a little banner advertisement, which appeared during the telnet login. Its first how-to guide was so dense that frustrated Jumbos gave up their attempts to access their e-mail. TCCS forgot to even send a painless e-mail notification. These things should have been thought out ahead of time.
TCCS's decision was poorly timed. I will take this opportunity to remind TCCS that they are not Facilities. Facilities completes its projects over the summer. That makes sense with heavy construction. There are fewer students on campus. There is no reason why TCCS needed to implement telnet changes in the middle of the summer. TCCS put the burden on students to operate under its new computing policy.
There are two solutions that would have more clearly benefited students.
The first would have been to change all users to Coral, using secure Web mail, at the same time. This could have been implemented after summer vacation. This approach facilitates the distribution of information, and gives users a familiar, yahoo/hotmail type of interface. Computer services could have utilized high visibility advertising such as postering, table tents, and face-to-face consultation to defuse concerns.
The second solution would have been to phase out insecure telnet coupled with a mandatory change in passwords. TCCS has pointed out that its servers have been suffering from increase hacker and virus activity over the past six months. Tufts should have braved it for 2 more months. Emerald is less at risk during the summer. E-mail use is way down. Logins that were sniffed but not changed within the last six months would still be in a hacker's notes. As a result, only changing access to Emerald via insecure telnet would not immediately fix the problem. Students would then be notified of changes once on campus.
The inconsiderate efforts of TCCS are indicative of a larger problem on campus. Tufts University, and everything it embodies, is a service that students buy. Students expect access to their e-mail when they want it. Administrators need to stick to one rule of thumb: do what is in the best interests of Tufts students, or don't do it at all.
Changing telnet access in the middle of the summer was not in the best interest of students. The new telnet policy confused and irritated students so much that accounts were left untouched for the rest of the summer. This was undeniably bad policy.
Valentino Caruso II is a junior majoring in biology and bio-mechanical engineering.
