They're Not Like Us: Shouldn't We Do Something About That?
A year ago this week, professor David Starrett of Southeast Missouri State
University, and director of that institution's Center for Scholarship in Teaching
and Learning wrote here as a guest commentator, HIG,
R U n2 CP?: The Technology is the Easy Part, about the level of acceptance
students have for information technology tools and resources and the difficulty
we have in understanding even what their expectations of us are, much less meeting
those expectations. In the past year, I've also written in The
Feral User about the raw, relatively unrestrained online behavior of many
young people, who've grown up in cyberspace without any acculturation influence
from teachers or parents.
Since then, I've seen article after article and news item after news item that
makes me think about just how different from us these new undergraduate students
are. Is it really possible to understand their expectations? I think we can
do it with surveys and by measuring responses to things, but I am more and more
convinced that as a Baby Boomer, I am beyond ever really understanding them.
They're really different, they inhabit a different universe. But one news story
last week was different - a young student did the right thing. Was this a sign
of positive change, or anomalous behavior by a unique individual?
Students at the University of Michigan access their official records through
a program called Wolverine Access. I've never used it myself, but I've seen
my work-study students use it frequently. In February, Wolverine Access, which
is at its core PeopleSoft-based although the add-ons involved in the current
story were a home-grown module, got a new interface. On May 16, Jon Oberheide,
a U-M junior had accessed his own records and, while inside Wolverine Access,
did some poking around, clicking on various things. He was using a Macintosh
platform and the Safari browser. Eventually, Jon realized that he had found
his way into Web space where he could access the personal information not just
of himself but of others.
So, what did Jon do then? Well, many students would have done nothing. Many
more would have poked around and told a few friends about it, and how to do
it. Some would have thought it was pretty cool and spread the word more widely
across the Internet. Jon quickly contacted the appropriate U-M officials and
notified them of the security breach. He did exactly the right thing!
It should be noted that the university did the right thing, too. It researched
the problem, found the mistake in the add-on code, and fixed it. (It was a very
contained circumstance - a user would have had to be legitimately logged on
to Wolverine Access and using Mac OS and Safari to take advantage of it.) Then,
even though Michigan d'es not have the same kind of law as d'es California,
which requires elaborate disclosure of the possible exposure of personal information
to all possibly affected users, the university engaged in a comprehensive notification
of everyone whose information could have been at risk. It noted that the programming
error was its own, had been fixed, and even set up a hot line for concerned
persons to call and have their questions answered about their personal information.
I was pretty impressed by Jon's behavior. After all, I do have this fairly
negative view of the current state of young people's cyber behavior. Hearing
about this made me question my negativity. I thought to myself that maybe I
was just getting old. Every generation thinks the newer generation is going
to the dogs and that as a result, civilization is falling apart. I used to attribute
that to personal bias and bigotry. So, for example, when I - who survived nearly
5 years in the U.S. Navy, including three Vietnam tours of duty, without even
once seriously considering getting a tattoo - see young men and women loaded
up with "skin art," and feel that slight tug of nausea, I let it go.
I don't even let myself think, anymore, "Boy, he/she is really gonna regret
that some day." I try to step outside my Baby Boomer status and realize
that they see things differently. They are different.
So, I called and talked to both Jonathan Oberheide, and to Linda Green, communications
coordinator for Michigan Administrative Information Servicesabout the story.
It turns out that Jon is indeed an honorable and well-educated young man. When
I talked to him, he didn't seem all that different in terms of cyber responsibility
and attitude than a more mature adult, which I found surprising, actually. But
then I found out that he is already quite experienced not only in computer science,
his major now, but specifically in IT security issues. Jonathan even talks of
"the industry" in reference to the subset of the information technology
industry that focuses on security issues. As he explained to me, what he did
was "industry-specific appropriate" in that he did nothing to widen
the potential security breach and appropriately notified the right people. So,
his laudable response to identifying a security problem says nothing about young
people in general, just speaks to his own early professional experience. Due
to both his computer science studies and to employment in the field, Jon felt
a strong sense of professional responsibility to do that right thing.
Jonathan stressed to me that university people with whom he spoke seemed very
understanding of the need he expressed for students to know more both about
online security issues and about the protection of their identities. He seemed
to think that U-M might be considering some kind of course for incoming students
about that.
I think that such a course would be an excellent idea, and that maybe a lesson
we're about to learn is that universities and colleges need to invest in required
first-year, intensive and comprehensive, required coursework about the appropriate
use and understanding of information technology. Forget about the very good
reason to do so which relates to the university's mission of turning out well-educated,
responsible young adults. You only have to do a small amount of risk analysis
to realize how the programming error that Jonathan found could have cost the
university huge amounts of dollars in time and liability exposure had a young
person with a more "Lord of the Flies" attitude towards the Internet
discovered the breach.
Calls for additions to curriculum are often ignored. And there are incredibly
deep turf-ish issues about required courses, credits, departmental authority,
and so forth. But the fact is that no one else is training young people about
either their own appropriate behavior in the information technology infrastructure
that, barring a complete worldwide economic collapse, is the substrate of the
rest of their professional lives. (And personal lives-do you "get"
facebooks or online dating? I don't. But the use of IT by young people to create
and use social resources has huge current growth.) What's more important for
the rest of this millennium, exposure to humanities, good English, a foreign
language, required math credits, or being able to navigate cyberspace without
causing harm or needlessly exposing yourself to harm? What was it worth to the
University of Michigan than Jonathan Oberheide knew what the right thing to
do was? Wouldn't it be nice if every junior knew?