A committee appointed by Provost Paul N. Courant and chaired by James Hilton has issued recommendations resulting in policy changes that make it clear the University does not tolerate identity misrepresentation.
The new Standard Practice Guide (SPG) section 601.19 states that the authenticity of information is “of critical importance to the University’s mission.” It says members of the U-M community may not assume another person’s identity or role through deception or without proper authorization, and it says that the consequences for doing so may include dismissal and legal action.
|
“As scholars and colleagues, we care enormously about the origins of information. Whether in research papers, class lectures or e-mails to members of our community, we depend upon knowing where ideas and expressions originate,” Courant says. “We care, in part, because we have a long and valued tradition of attributing ideas and expressions to their authors. Where things come from matters in how they are received and interpreted. Identity misrepresentation is a violation of essential academic norms. The committee has recommended that we treat identity misrepresentation as a serious offense, and I concur.”
“Unlike spam, which is an annoyance and a burden, identity misrepresentation is a potentially much more serious problem,” says Hilton, associate provost for academic, information and instructional technology affairs and chair of the committee that recommended the new SPG section. “It goes to the heart of academic integrity. It is serious in the same way that plagiarism is serious and forgery is serious.”
The policy is intended to apply to a wide variety of technological and non-technological issues, including the practice commonly known as “spoofed,” or forged, e-mail. But Hilton notes that the committee members avoided the use of the term because they feel it “fails to capture the gravity of identity misrepresentation.”
The committee also recommended changes to the existing SPG section 601.7, which refers to the proper use of information resources, information technology and networks; the “Guidelines for Implementing the Proper Use Policy of the University of Michigan: Responsible Use of Technology Resources”; and the Statement of Student Rights and Responsibilities. All of those now include language that says members of the University community may not misrepresent another person’s identity.
“The idea is to remind the community that expectations of authenticity are valued,” says Jack Bernard, assistant general counsel and a member of the committee.
He hopes that getting the word out about the change in the SPG “might quell some desire to play with the technology,” he says. “And it will remind people there are repercussions.”
Raising awareness that identity misrepresentation won’t be tolerated is essential in the effort to stop it, says Paul Howell, an information systems security officer for Michigan Administrative Information Services and a member of the committee.
“Since the technology can be easily subverted, it really comes down to a people issue,” he says.
Often, people whose e-mail addresses have been misused don’t even know it has happened until they receive returned e-mail, IT experts say.
“People see mail returned to them that they didn’t send, and they feel violated,” says Kitty Bridges, executive director of Information Technology Central Services (ITCS).
The University is looking into ways of authenticating that the person identified as the sender of an e-mail did, in fact, send it. One possibility is the use of Public Key Infrastructure technology, which would create a verifiable digital signature and allow the recipient of an e-mail to make sure the sender is who he claims to be, says Liz Sweet, director of the ITCS User Advocate Office and a member of the committee.
To see the full text of SPG section 601.19, visit http://spg.umich.edu/section/601.19.pdf.
