They're Not Like Us: Shouldn't We Do Something About That?

A year ago this week, professor David Starrett of Southeast Missouri State University, and director of that institution's Center for Scholarship in Teaching and Learning wrote here as a guest commentator, HIG, R U n2 CP?: The Technology is the Easy Part, about the level of acceptance students have for information technology tools and resources and the difficulty we have in understanding even what their expectations of us are, much less meeting those expectations. In the past year, I've also written in The Feral User about the raw, relatively unrestrained online behavior of many young people, who've grown up in cyberspace without any acculturation influence from teachers or parents.

Since then, I've seen article after article and news item after news item that makes me think about just how different from us these new undergraduate students are. Is it really possible to understand their expectations? I think we can do it with surveys and by measuring responses to things, but I am more and more convinced that as a Baby Boomer, I am beyond ever really understanding them. They're really different, they inhabit a different universe. But one news story last week was different - a young student did the right thing. Was this a sign of positive change, or anomalous behavior by a unique individual?

Students at the University of Michigan access their official records through a program called Wolverine Access. I've never used it myself, but I've seen my work-study students use it frequently. In February, Wolverine Access, which is at its core PeopleSoft-based although the add-ons involved in the current story were a home-grown module, got a new interface. On May 16, Jon Oberheide, a U-M junior had accessed his own records and, while inside Wolverine Access, did some poking around, clicking on various things. He was using a Macintosh platform and the Safari browser. Eventually, Jon realized that he had found his way into Web space where he could access the personal information not just of himself but of others.

So, what did Jon do then? Well, many students would have done nothing. Many more would have poked around and told a few friends about it, and how to do it. Some would have thought it was pretty cool and spread the word more widely across the Internet. Jon quickly contacted the appropriate U-M officials and notified them of the security breach. He did exactly the right thing!

It should be noted that the university did the right thing, too. It researched the problem, found the mistake in the add-on code, and fixed it. (It was a very contained circumstance - a user would have had to be legitimately logged on to Wolverine Access and using Mac OS and Safari to take advantage of it.) Then, even though Michigan d'es not have the same kind of law as d'es California, which requires elaborate disclosure of the possible exposure of personal information to all possibly affected users, the university engaged in a comprehensive notification of everyone whose information could have been at risk. It noted that the programming error was its own, had been fixed, and even set up a hot line for concerned persons to call and have their questions answered about their personal information.

I was pretty impressed by Jon's behavior. After all, I do have this fairly negative view of the current state of young people's cyber behavior. Hearing about this made me question my negativity. I thought to myself that maybe I was just getting old. Every generation thinks the newer generation is going to the dogs and that as a result, civilization is falling apart. I used to attribute that to personal bias and bigotry. So, for example, when I - who survived nearly 5 years in the U.S. Navy, including three Vietnam tours of duty, without even once seriously considering getting a tattoo - see young men and women loaded up with "skin art," and feel that slight tug of nausea, I let it go. I don't even let myself think, anymore, "Boy, he/she is really gonna regret that some day." I try to step outside my Baby Boomer status and realize that they see things differently. They are different.

So, I called and talked to both Jonathan Oberheide, and to Linda Green, communications coordinator for Michigan Administrative Information Servicesabout the story. It turns out that Jon is indeed an honorable and well-educated young man. When I talked to him, he didn't seem all that different in terms of cyber responsibility and attitude than a more mature adult, which I found surprising, actually. But then I found out that he is already quite experienced not only in computer science, his major now, but specifically in IT security issues. Jonathan even talks of "the industry" in reference to the subset of the information technology industry that focuses on security issues. As he explained to me, what he did was "industry-specific appropriate" in that he did nothing to widen the potential security breach and appropriately notified the right people. So, his laudable response to identifying a security problem says nothing about young people in general, just speaks to his own early professional experience. Due to both his computer science studies and to employment in the field, Jon felt a strong sense of professional responsibility to do that right thing.

Jonathan stressed to me that university people with whom he spoke seemed very understanding of the need he expressed for students to know more both about online security issues and about the protection of their identities. He seemed to think that U-M might be considering some kind of course for incoming students about that.

I think that such a course would be an excellent idea, and that maybe a lesson we're about to learn is that universities and colleges need to invest in required first-year, intensive and comprehensive, required coursework about the appropriate use and understanding of information technology. Forget about the very good reason to do so which relates to the university's mission of turning out well-educated, responsible young adults. You only have to do a small amount of risk analysis to realize how the programming error that Jonathan found could have cost the university huge amounts of dollars in time and liability exposure had a young person with a more "Lord of the Flies" attitude towards the Internet discovered the breach.

Calls for additions to curriculum are often ignored. And there are incredibly deep turf-ish issues about required courses, credits, departmental authority, and so forth. But the fact is that no one else is training young people about either their own appropriate behavior in the information technology infrastructure that, barring a complete worldwide economic collapse, is the substrate of the rest of their professional lives. (And personal lives-do you "get" facebooks or online dating? I don't. But the use of IT by young people to create and use social resources has huge current growth.) What's more important for the rest of this millennium, exposure to humanities, good English, a foreign language, required math credits, or being able to navigate cyberspace without causing harm or needlessly exposing yourself to harm? What was it worth to the University of Michigan than Jonathan Oberheide knew what the right thing to do was? Wouldn't it be nice if every junior knew?

Featured