New SafeConnect system raises privacy concerns

Upon returning to campus this semester, students with laptops and other internet compatible devices were prompted to download a security key called SafeConnect in order to access SwatNet. The new software replaces the Bradford Persistent Agent as the college’s network security software.

While ITS staff explained in an August e-mail that SafeConnect would make network connections faster and more reliable, the software has created controversy over privacy issues when implemented at other colleges — most notably in 2010 at The New School in New York. Like Swarthmore, The New School switched from a troublesome product to SafeConnect at the same time as improvements were being made to wireless bandwidth capacity. Over time, many students and faculty at the New School grew wary of the software, which they saw as an unnecessary nuisance and an invasion of privacy.

Pivotal in this controversy was a 2010 report on SafeConnect by Professor Ted Byfield at The New School’s Parsons School for Design. In principle, he argues, the software has too many invasive capacities to justify at an institution that values the freedom of speech. Byfield points to the fact that SafeConnect is typically given high-level administrative privileges on students’ computers, can procure certain information from a computer, and is constantly online. In this capability, he argues, there is the potential for abuse.

For Byfield, this potential is particularly concerning due to the fact that colleges are bound by the Higher Education Opportunity Act of 2008, which requires colleges and universities to take concrete steps toward combatting content piracy and illegal file sharing. With the incentive to control student and faculty internet behavior, the capabilities offered by SafeConnect are — in the eyes of Byfield — questionable. In some sense, the very flexibility that makes SafeConnect a better alternative to Bradford may mean that it is also a more dangerous one.

The category of software that both Bradford and SafeConnect belong to is called NAC — short for Network Access Control. While NACs offer a range of tools to system administrators,  their primary function is a network security tool called “posture analysis.” Put simply, posture analysis checks whether any given computer is up to date on whatever software requirements a network may have. Aaron Smith, a network engineer at the college who had a leading role in the transition to SafeConnect, explained that the college strictly limits posture analysis to checking that operating systems and anti-virus software are properly installed and up to date.

While the software makes a more invasive stance possible, Smith said he has mostly heard of that sort of policy with regards to NACs at boarding schools. Smith pointed out that the college doesn’t even have a procedure or program for using NAC software towards the regulation of peer2peer sharing or piracy.

“We never go out looking. We have no process that ever goes out looking for illegal downloads. We’re not police. We don’t do that,” said Smith.

The switch from Bradford to SafeConnect, ITS staff argued, was a simple matter of technology requirements changing over time. Chief Information Technology Officer Joel Cooper pointed out that the Bradford agent was over a decade old, and said that he expects SafeConnect to make signing up and connecting to SwatNet faster and easier.

“The old system was cumbersome to register a computer,” Cooper said. “And then when you registered your computer it took a long time to actually get registered. SafeConnect is basically an almost instantaneous process. You register your computer, it does a check, and you’re on the network. That’s that.”

Director of Networking and Telecommunications Mark Dumic and Smith reinforced this point, emphasizing the growing need for quick and reliable connections to the college network. They reported that the number of simultaneous device connections — an indicator of the number of devices students, faculty and staff have on campus — has been steadily growing for years. Last spring, Smith stated, the number of connections regularly reached 2,000 devices. This semester the network has already experienced a peak of around 2,200, a number that Smith only expects to grow. In addition, the three ITS staff members explained, students are bringing a greater variety of devices to campus — tablets, gaming consoles, smart TVs, and desktops on top of the standard laptop/smartphone pair. SafeConnect is supposed to handle the bulk and spread of device connections more effectively.

Smith added that the switch to SafeConnect should also resolve troubleshooting difficulties that made Bradford notorious among the student body.

“Because it was embedded the way it was, we were seeing a lot of connection problems that would crop up in a way we couldn’t reproduce on demand,” said Smith. ”On two separate occasions, [a single] troubleshooting process took two months before we just sort of ran into a wall of ‘well, this is what we can do.’”

While ITS does not use NACs to monitor illegal activity, the college does block downloads by computers on the college network — but only in cases where the download is flagged by one of the malware blacklists that the college uses. Cooper also mentioned that the college has given up on an old practice wherein ITS would restrict the bandwidth of students suspected of illegal downloads.

In general, Cooper explained, the ITS staff do not interfere with the privacy of students and faculty except in extenuating circumstances. The college only takes action against illegal software downloads and sharing when contacted with a formal complaint from content producers and organizations such as the Motion Pictures Association of America and the Recording Industry Association of America. In such cases, the college is required by law to respond.