University provides security for e-mail, Internet technology

With the importance of online resources and electronic communication on the rise in courses at Princeton, the need for heightened Internet security has prompted the University to seek additional means to authenticate a user's identity.

The University was the first institution to be issued a digital certificate from the Corporation for Research and Educational Networking in mid-December. Such certificates allow people using computers to prove to other computers that they are who they say they are, said CIT vice president Ira Fuchs, who also serves as the president of CREN.

The University library Website will use the digital certificate before the end of the academic year. Currently, a user needs to be in one of the campus' libraries or connected through the University network to access certain electronic resources, such as J-Stor journals, Fuchs said.

"The certificates will give the ability to the Princeton community to gain access to facilities that they usually would need to physically be on campus for," Fuchs said.

Within the next academic year, Fuchs said he also expects the technology to be used for authenticating electronic messaging, including e-mail.

He added, however, that e-mail communication can be secured only if both the sender and the recipient possess the digital certificates, meaning e-mail will be protected only when peer institutions also have certificates.

Privacy

Before the digital certificates became available, Princeton was one of the first institutions to implement policies that protect the privacy of students' e-mail accounts.

The rules of privacy relating to technological media — such as e-mail and voice-mail — are included in Rights, Rules, Responsibilities, CIT policy and security advisor Rita Saltz said.

According to RRR's guidelines for use of University information technology resources and Internet access, "Policies that pertain to property, privacy and publication in the physical sense pertain as well to those areas when they involve computers. . . . [Students] can expect [their] right to access information and to express [their] opinion to be protected as it is for paper and other forms of non-electronic communication."

Saltz said she viewed Princeton's policy as part of the logical progression in electronic security. "If you put it on a computer, it's just a different vehicle but it's all a piece of the same thing and is protected in the same way," Saltz said.

Other universities, such as the University of Pennsylvania, are considering similar policies to ensure the privacy of students' e-mail accounts.

Penn's proposed policy on Privacy in the Electronic Environment attempts to extend to the "virtual office" the university's policy on safeguarding university assets, which currently pertains only to physical documents, communications committee chair Martin Pring said.