The University of Oregon has less than 18 months to revamp its telecommunications systems so law enforcement agencies will have easier access to information if given a court order to investigate, according to a new order from the Federal Communications Commission.
The FCC announced on Sept. 23 that the Communications Assistance for Law Enforcement Act now applies to facilities-based broadband Internet access providers, including higher education institutions, K-12 schools and libraries.
The act was first implemented in 1994 to require telephone carriers to make their systems open to federal surveillance with the permission of a court order. It was expanded to account for the increase in broadband Internet usage.
“Presumably, this is related to homeland security,” University Director of Telecommunications Services Dave Barta said.
Barta said it is unclear how much it will cost the University to comply with the order.
“The main thing is that we’re still a ways from really understanding what this would mean to us and being sure we’re required to comply with it,” Barta said.
Terry Hartle, a senior vice president of the American Council on Education, told The New York Times that the legislation would increase tuition at United States universities by at least $450 per student on average.
The needed changes could take numerous possible forms, Barta said, and some would be less costly and invasive than others. For example, simply having the capability to monitor communications entering and exiting campus networks would not require a significant investment.
Another possibility is the FBI having remote access to University systems, Barta said.
This would require substantial hardware, software and security changes, in addition to immense amounts of time training employees to operate the new equipment, Barta said.
“It’s easy to tell everyone to do this and not give money to do it,” Barta said.
Mark Luker, vice president of EDUCAUSE, a nonprofit organization that deals with the use of information technology in higher education, said in a letter to EDUCAUSE members and partners that the new legislation places unreasonable financial demands on universities.
“It is not cost effective, nor in the public interest, to overhaul the networks of all institutions just in case a lawful surveillance may be required in the future at one of them. And, there are effective alternative solutions to the problem that do not impose such a substantial burden of cost to the community,” Luker said.
Barta said that in his 16 years at the University, the University has not received a wiretap request from the government, even though the government could have made such a request under the 1994 act. He has not heard of other schools receiving such requests, although he said he assumes it must have happened somewhere.
“We’re only speculating as to what would prompt (a wiretap request),” Barta said.
Barta said he is concerned about what complying with the rule could do for the University’s efforts to protect computers from hackers. Computer technicians spend a lot of time trying to thwart hackers’ creativity, he said, and diverting their energy to redoing the system could give hackers an advantage.
“Here we are being asked by the government to basically poke a hole in the system,” Barta said.
Another issue is the short amount of time allotted, Barta said.
Barta said that some of the technology necessary for the university to comply with the new regulations has not even been developed yet.
“The technology is very much a moving target right now,” Barta said. The act is not a done deal, Barta said.
On Monday, the American Council on Education filed an appeal in the District of Columbia’s federal appellate court to challenge the regulations, according to a news release.
Barta said there has been some dispute over the accuracy of the council’s statistics. Its lawsuit regarding CALEA is not universally supported in the realm of higher education, he said.
“To generate meaningful numbers now is guesswork at best,” Barta said.