Cybersecurity is becoming increasingly important, especially at Ball State. But some feel security concerns do not give the university the right to play “big brother.”

After four separate child pornography cases became connected to Ball State faculty and staff, professor of marketing Shaheen Borna held a lecture on intellectual freedom and the right to inquiry and digital privacy.

The lecture was prompted by faculty concerns about how much access the Office of Information Security Services has to internet search information on computers using the Ball State network.

Borna took a survey sample of faculty members to find out how concerned they are about Internet privacy.

“I was amazed by their answers,” Borna said. “Faculty, for example, think their computer activities such as playing chess or listening to music in their offices are monitored by the university.”

Tobey Coffman, the director of Information Security Services, was present at the meeting and said his office does not look at specific content, but instead, scans for abnormal behaviors and security threats.

When computers are infected with malware, Coffman said, they will attempt to infiltrate other computers that are in the network. When this happens, Coffman’s office employs “tools” that are focused on catching those abnormal behaviors.

This handful of tools does not look into the actual content of the computer, though. Instead, Coffman said they look for patterns that are abnormal of a “normal user.”

Coffman said, the first child pornography case was caught when the computer of Randal Ray Schmidt was performing network scans that were out of the ordinary. This raised a red flag in the OISS, and when analysts looked into the activity, they found the computer had been infected with malware.

The malware had been found to be from a website in Russia, and when the analyst went to the Russian website, he found “objectionable content,” Coffman said.

The analyst then did a correlation search to see what other computers were connecting to the same website. In the search, the analyst found other Ball State computers were also accessing the exact same Russian website.

“It’s just flat, dumb luck that it happened and it was, for the offending party really, really bad luck,” Coffman said. “If one individual had not infected his system then we would not have seen any of the others.”

The office then turned the information over to the University Police Department for further investigation. 

All devices that use the Ball State internet, such as student laptops, phones or tablets, are subject to security monitoring by the OISS. However, Coffman said, the office will not monitor viewed content on the device unless the office receives an alert that the content poses a security threat.

“When problem traffic patterns suggest that information security, integrity or performance has been compromised, we investigate,” Coffman said.

If a student is viewing pornography, for example, on Ball State internet, Coffman said his office will not be aware of it unless the pornography website hosts malware.

“There is this giant front door to the university ­— that is our internet connection — that we use to protect things coming in and out,” Coffman said. “It’s kind of like we’ve got the doors locked and then there’s like a window that’s open so you just pop out the screen.”

Some of the concerns brought up by faculty, however, were related to researching and whether or not research conducted on Ball State computers would be monitored.

During the lecture, Matthew Shaw, Dean of University Libraries, said the library staff will not “systematically” monitor or interfere with the use of the computers there, and said Bracken Library has a special obligation to not monitor viewed content on their computers.

Shaw also said the library is part of the American Library Association and adheres to the Library Bill of Rights, which restricts the library’s ability to prohibit students from researching whatever they please. While it’s acceptable for students to watch pornography on a library computer, Shaw said, the library may request that they do so in private.

“If we get a complaint, for instance, from a user at the library who is uncomfortable with the content of someone’s website because they are looking at something that they considered objectionable, we might ask that person to move to a less conspicuous machine,” Shaw said.

There is an exception, however. If a student were viewing child pornography, the library would notify UPD. Shaw said the OISS always has the right to step in and correct any malware infections that occur in order to secure the entire Ball State network as a whole. If during any routine scans or malware corrections any illegal activity were to be discovered, then those cases, Shaw said, would be handled like any others elsewhere on the campus.