Workable Internet Security Rules

After court ruling and lots of legal analysis, higher ed groups believe many colleges won't be covered by costly regulations.
July 14, 2006

In October, colleges feared the new regulations to make it easier for the government to monitor computer networks could have ended up costing institutions billions of dollars. But after a court ruling, lobbying and lots of lawyering, higher education lobbyists now believe most colleges will not end up being covered by the regulations.

The American Council on Education released an analysis of the situation Thursday, offering guidance to campuses, where many officials have been confused and sometimes angered by the way this issue has played out. At issue is the proper interpretation of the Communications Assistance for Law Enforcement Act, a 1994 law known as CALEA that was designed to assure that law enforcement officials could have necessary access to phone lines when they needed to tap them. Last year, the Federal Communications Commission issued regulations to apply the law to Internet networks, with no exemption for colleges.

Because colleges have taken numerous steps in recent years to make their networks more secure, making changes throughout their networks to make it easier for the government to monitor activities could have been hugely expensive. Colleges were particularly frustrated because they only rarely get requests (with warrants) from the government for such monitoring, and there has been no instance in which a college has been unable to comply promptly. The ACE sued the FCC over the regulations and a federal appeals court last month rejected the suit and said that the rules could be enforced. But the appeals court carved out an exception for "private networks," whose definition colleges have been trying to pin down.

Terry W. Hartle, senior vice president for government and public affairs at the American Council on Education, said Thursday that the legal analysis released by the ACE indicates that most colleges should be covered by the exception.

The main test of whether a network is private, Hartle said, is whether there are limits on who can use it. So colleges that restrict access to their networks to students, employees or even alumni should be fine. One difficulty would be for colleges that make computer terminals available to the public and open their networks for use. That activity could make it impossible for colleges' networks to be considered private, Hartle said, adding that he thinks that represents only a minority of colleges.

"Since 9/11, many more colleges have moved to truly private networks," he said.

The other test concerns the cable that connects a campus network to the Internet. If universities own that equipment, they are covered by CALEA. Again, Hartle said that only a minority of colleges do so, and they would be able to reconfigure their networks so they wouldn't own those connections.

While CALEA worries are clearly down a few threat levels from where they were last year, they haven't gone away.

Administration officials are circulating legislation in Congress that would allow the FCC to end the private network exemption. No bill has been introduced, but this issue doesn't seem likely to disappear.


Be the first to know.
Get our free daily newsletter.


Back to Top