AirPennNet Is Watching: What Penn keeps track of, and what they don’t

From the quiet study lounges in Huntsman Hall to the closet-like bathrooms in Van Pelt Library to the air conditioner-less rooms of Hill College House, AirPennNet is a constant presence on Penn’s campus.

Students connect their computers and mobile devices to the University’s far-reaching Wi-Fi network for academic, personal and sometimes questionable purposes. It is rather easy to configure AirPennNet for personal electronic devices and have them connect by default every time they turn on.

With AirPenn Net’s prevalence, it is easy for students to overlook the University’s policies they are adhering to by using Penn’s online network.

Penn’s Information Systems & Computing staff operates AirPennNet. Last month, the network’s infrastructure consisted of 4,000 wireless access points that supported over 34,000 distinct users transfer 406 terabytes of data in a recent peak month, according to ISC leadership in an email.

ISC keeps operational logs when systems connect to Penn networks, including the device’s IP address and PennKey username, if available, among other key identifiers.

What does this mean for students’ privacy?

“If the site [visited] uses ‘http,’ Penn will have access to the name of the site they visited, which pages they visited [and] the content from that site, but it is my understanding that the actual content of the page is not recorded anywhere by default,” said a Penn student and former Internet Technology Advisor. The student was not comfortable discussing the internal activities of ITAs for attribution.

He added, “I believe that only the metadata [is recorded], like which address it was connected to and which computer made the request is logged, but not the content of the website itself.”

Although ISC does not routinely monitor the content of Penn’s internet traffic, it can do so under certain conditions.

“We do not examine the content of Penn’s Internet traffic unless it is in the specific context of investigating an active incident — such as may affect the integrity of the campus network or a suspected violation of law — responding to a valid legal request, or to an emergency,” ISC leadership said.

These exceptions are stipulated in Penn’s Policy on Privacy in the Electronic Environment. According to ISC, “such events are infrequent.”

If the University does have justifiable grounds to check a student’s internet activity, e-mails can be scrutinized. According to the former ITA, content sent under Penn-provided e-mail accounts would be readily available for investigators. Content sent from personal e-mail accounts would be more inaccessible.

“For non-affiliated emails, these services usually use “https,” so the content of the messages isn’t going to be visible to anyone at ISC even if they tried,” said the former ITA.

One of ISC’s roles is to intervene when a student on Penn’s network is downloading or sharing copyrighted material, such as movies or music, in an illegal manner. Under the 1998 Digital Millennium Copyright Act, ISC is required to notify a user about suspected copyright infringement if it receives a takedown notice from a copyright holder, such as a movie studio or record label.

“It’s not like you go to download a movie and ISC is immediately alerted because they’re running some monitoring software,” said the former ITA. “No, ISC doesn’t do that from what I understand. It would only be if they’re notified by someone else.”

A student is subject to disciplinary action by the Office of Student Conduct if multiple takedown notices are received. As reported by The Daily Pennsylvanian in May 2012, sanctions against students have included paying fines, performing certain hours of community service and the threat of a notation in their academic records.

“The allegations and the enforcement are being driven by the copyright holders, and not by Penn,” said ISC leadership. “The number of takedown notices and/or subpoenas we receive is considered confidential.”

A common misconception among students is that torrenting or peer-to-peer file sharing is illegal and prohibited by Penn.

“Torrenting by itself is just a technology to speed up the downloading of large files. It’s when you torrent content that is copyrighted that you run into issues,” said the source.

The former ITA also noted that when it comes to streaming copyrighted material through websites, students do not face much of a risk.

“So I know there are some websites, for example, that offer TV shows for free through various means that are not necessarily legal. The chances of that affecting someone who has viewed them are very slim. Typically the copyright holder is more concerned with the website itself than people who have watched the content,” said the former ITA.

The former ITA denied any notion that ISC has any malicious intent in handling students’ data and expressed confidence in AirPennNet’s security. According to ISC leadership, user activity in the network is encrypted using industry-standard practice.

“It means that if someone is sitting next to you or in the room across and they’re trying to wirelessly look through your data, they won’t be successful. It’s the strongest type of security that’s offered currently,” said the source.

In fact, one of ISC’s main objectives is to maintain the network security by proactively monitoring for viruses and malicious activity on the network’s devices. When disruptive activity is detected by ISC, it follows a protocol in which ITAs and other Penn staff sit down with students to assess and clear any damaging software from their devices.

“Their motivation behind it is not to get anyone in trouble,” said the ITA. “They do it all to protect the student and protect their own network, especially in cases of malware that could spread across the network and infect a lot of machines.”

Please note All comments are eligible for publication in The Daily Pennsylvanian.