Posts Tagged ‘“College”’

Executive-Level IT Consulting on Campus: General and Personal Notes

Fresh eyes are important: they see differently, uncover issues, broaden perspective, clarify thinking, suggest alternatives. This is why cross-cutting teams are so important to successful IT management and innovation. It’s also one reason to use consultants. But not the only one.

By “consultants” I don’t mean outsiders who are contracted to operate a service, implement a system, or otherwise do regular IT work; those I think of as “contractors”. (The language is imperfect, to be sure: those we contract with to do regular IT work often call themselves consultants, and those I think of as consultants often work technically as contractors. But this distinction between “consultant” and “contractor” seems reasonably clear, so I’ll stick with it.)

Purposes

In my experience, in or around higher-education IT we use consultants  for several purposes. It’s important not to confuse them, because arguably different purposes call for different kinds of consultants and engagements. I suggest there are at least five distinct categories: Implementation, Advice, Evaluation, Scrutiny, and Leadership.

Implementation. Consultants can play roles at various points as projects or services are conceived, developed, and implemented. They can assist with design, either of entire projects or of key elements: for example, if a campus is implementing a new parking system that authenticates electronic parking cards, collects parking fees, and interconnects its kiosks and gateways over the campus network, a consultant might help design the entire system, or might focus on a particularly vexing component such as ensuring that the system’s network use is PCI compliant (that is, encrypts credit-card information appropriately). Or they can critique how campus staff have designed an entire system or any of its components. They can help IT staff and their campus partners identify appropriate vendors, screen them, and make a good choice. Finally, they can provide oversight as a project goes forward or a service is implemented.

Advice. In this domain consultants bring expertise and experience to bear on various dimensions of campus IT, its organization, or the challenges it faces. I include hiring advice in this category, including both general guidance as to how positions should be specified and filled and more specific guidance such as that provided by search consultants. The category includes advice on how to organize IT, on how to describe and advocate its financing, or on other structural matters. And it also includes advice on campus IT policy, including both exogenously-driven policies ensuring campus compliance with federal and state law and endogenously-driven policies ensuring, for example, that IT is treated consistently with other campus resources insofar as acceptable use, disciplinary processes, and penalties are concerned.

Evaluation. Consultants can help IT organizations evaluate various dimensions of their activity internally (evaluation of IT organizations, staff, or function by outsiders is the next category, Scrutiny). Consultants can appraise the overall catalog of IT services and functions, or they can appraise individual services. Consultants can evaluate specific individuals, or the overall entity’s organization or effectiveness. Finally, consultants can provide benchmarks for IT staffing, spending, or service levels.

Scrutiny. As my friend and colleague Brian Voss has written with some passion, senior campus leaders often don’t understand IT. (I’ve written a followup to his piece.) Yet they know it’s important, and that it consumes substantial campus resources, and so sometimes seek external help to evaluate campus IT, usually from consultants. These engagements generally start with analysis of how campus IT functions, including the array, effectiveness, and cost of IT services. They usually go on to examine the organization of IT on campus, and especially the balance among central, departmental, and other IT providers. And quite frequently the engagement ends up focusing on IT leadership, specifically whether the CIO (whatever his or her title) is well aligned with what the campus needs.

Leadership. Finally, and importantly if rarely, consultants sometimes provide leadership for campus IT. This can take three overlapping forms: consultants can outsource leadership through long-term arrangements, such as Collegis does for many campuses; they can provide temporary leadership while a campus searches for a permanent candidate, as the aforementioned Voss did for Case Western Reserve; or they can provide supplementary leadership for a CIO who has become overloaded, undertaken a temporary assignment elsewhere on campus,  faces an unexpected set of challenges, or otherwise needs extra hands, heads, and help to get through a taxing time, transition, or project.

Types

As I suggested above, different uses of consultants call for different types of consultants. Here again there are usefully distinct categories to think about:

  • Firms that market an extensive array of consulting, implementation, and other services across general markets, such as majors like Accenture, PwC Consulting, McKinsey, and Bain.
  • Firms that offer similarly extensive services but focus on higher education, such as Collegis and Moran.
  • Firms that focus in a limited area, such as Bruns-Pak for data-center design or Kroll for security, across general markets.
  • Firms that focus on a limited area and on higher education, such as Unicon for Web portals on campuses.
  • Individuals who consult freelance, usually with limited focus, in higher education–often retired CIOs.
  • Individuals working  in limited areas for general markets or in higher education through formal or informal consulting groups.

An early (if unsuccessful) example of that last in higher education was the Educom Consulting Group.  A current general-market example (promo alert!) is Fortium Partners, which consists largely of consultants with years of experience as CIOs in diverse industries, like me in higher education. More on that below.

The classification works better as a table than a list:

consultant types

I’ve seen the campus-consultant relationship personally from at least three perspectives. First, I (or more precisely my IT organization) was a frequent consumer of consultant services, mostly of the General/Limited type for the Implementation purpose. Second, on many occasions I served as a consultant to other campuses, of the Limited/Higher Education type (as a peer) usually for the Advice or Evaluation purposes. Third, at various points my IT organizations were the focus for consultant engagements of the General/Extensive type (McKinsey, PwC, CSC) for the Scrutiny purpose.

So What?

Looking across this landscape, it seems to me that some campus consulting needs are reasonably well served, and some aren’t.

Implementation. This purpose seems reasonably well served, with examples from all four consultant categories. I think this is because campuses are especially likely to seek implementation advice in areas where campuses resemble other entities (for example, parking systems), in which case general consultants can be helpful, or where they resemble other campuses (for example, instructional systems), in which case they prefer higher-education consultants. In either case consultants’ expertise tends to align well with campus circumstances.

Advice. This purpose is a bit less well served. Where campuses resemble other entities or other campuses consultants can be effective. But when advice is needed with regard to policy, or with regard to processes or problems that are more peculiar to higher education, advice from consultants unfamiliar with higher education can be problematic–for example, around security or procurement, where consultants often assume campuses have greater central control over their community and resources than is the case.

Evaluation. The situation here is similar to that for Advice. When the focus of evaluation is generic (that is, has no peculiarly higher-education attributes) and/or the consultant understands a campus’s circumstances outcomes can be good. Otherwise their usefulness can be constrained.

Scrutiny. Most campuses undertake Scrutiny without engaging consultants, relying on administrators and faculty outside the IT organization. This tends to highlight problems and to underrepresent success, since IT tends to be invisible when it’s successful. When campuses seek external help, sometimes they rely on CIOs from other campuses. More typically, they engage General/Extensive firms, use trustee visiting committees, or rely on IT members of accrediting teams. The first two rarely yield useful information, since the firms and committees often do not understand the campus context in which IT operates. This is the same problem that arises when generic outsiders provide Advice or Evaluation. Scrutiny by IT-savvy members of accreditation teams is much the same as relying on CIOs from other campuses ad hoc, and it can produce useful feedback.

Leadership. Campuses can find themselves shorthanded at the CIO level at least four different ways. A CIO may leave abruptly, and so the campus needs interim leadership until he or she is replaced. Similarly, a CIO may be temporarily assigned to other duties on or off campus, yielding a similar need for temporary leadership. A CIO may be temporarily swamped, for example by having to handle a major security breach, a system failure, or a major project. Or a CIO may face problems which he or she is ill equipped to handle, and so require senior-level help. The General/Higher Education firms I mentioned above both provide consulting in this domain, and sometimes campuses draw on particular individuals such as CIOs who have recently retired elsewhere. But overall it’s rare for campuses to use consultants for Leadership purposes, preferring instead to rely on temporary internal promotions or reassignments.

The lacunae I see are three: it appears hard for campuses to find consulting to provide Advice and Evaluation for campus IT overall, to provide productive Scrutiny of IT organization and resources, and to address temporary Leadership needs.

The Personal Note

People like me can fill some of these lacunae. I’ve done that freelance for years, as have many CIO peers from other campuses, often after “retiring”. Most of my own consulting has served Advice, Evaluation, and Scrutiny purposes.

But it’s hard for senior campus leaders to find people like me. And it’s hard for people like me to organize ourselves, especially in collaboration with complementary peers, to ensure that we stay in touch with current IT and campus thinking, that we market ourselves effectively, and that we draw on additional resources and colleagues as necessary. The Educom Consulting Group attempted to do this, but was unable to sustain itself. Collegis, Moran, and other firms that operate within higher-education IT have been more successful, but much of their success has been with smaller institutions. The lacuna remains.

And so to Fortium Partners, which I was recently invited and agreed to join as a partner. Fortium describes itself as “…an IT turnaround and technology services firm providing world-class IT leadership to clients focused on finding solutions to complex IT infrastructure issues or difficult-to–solve operational challenges.” Fortium Partners is modeled on Tatum Partners, a CFO-focused enterprise. In effect, it’s a co-op comprising people like me, except not just from higher education. I hope for two outcomes from this new venture: Interesting projects for me to work on, including some that take me into new domains, and a new resource for those work within and oversee IT on college and university campuses.

If, having read this, you’re thinking “hey, maybe Greg could be helpful,” drop me a line: greg.jackson@fortiumpartners.com

 

 

Timsons, Molloys, & Collective Efficiency in Higher Education IT

It’s 2006, and we’re at Duke, for a meeting of the Common Solutions Group.PNCportrait_400x40014b2503

On the formal agenda, Paul Courant seeks to resurrect an old idea of Ira Fuch‘s, for a collective higher-education IT development-and-procurement entity provisionally called Educore.

220px-National_LambaRail_logointernet2_logo_200pxOn the informal agenda, a bunch of us work behind the scenes trying to persuade two existing higher-education IT entities–Internet2 and National LambdaRail–that they would better serve their constituencies, which overlap but do not coincide, by consolidating into a single organization.

The merged organization would both lease capacity with some restrictions (the I2 model) and “own” it free and clear (the NLR model, the quotes because in many cases NLR owns 20-year “rights to use”–RTUs–rather than actual infrastructure.) The merged organization would find appropriate ways to serve the sometimes divergent interests of IT managers and IT researchers in higher education.

westvan_houweling_doug-5x7Most everyone appears to agree that having two competing national networking organizations for higher education wastes scarce resources and constrains progress. But both NLR and Internet2 want to run the consolidated entity. Also, there are some personalities involved. Our work behind the scenes is mostly shuttle diplomacy involving successively more complex drafts of charter and bylaws for a merged networking entity.

Throughout the process I have a vague feeling of déjà vu.

educom-logo-transcause-logoPartly I’m wistfully remembering the long and somewhat similar courtship between CAUSE and Educom, which eventually yielded today’s merged EDUCAUSE. I’m hoping that we’ll be able to achieve something similar for national higher-education networking.

5238540853_62a5097a2aAnd partly I’m remembering a counterexample, the demise of the American Association for Higher Education, which for years held its annual meeting at the Hilton adjacent to Grant Park in Chicago (almost always overlapping my birthday, for some reason). AAHE was an umbrella organization aimed comprehensively at leaders and middle managers throughout higher education, rather than at specific subgroups such as registrars, CFOs, admissions directors, housing managers, CIOs, and so forth. It also attracted higher-education researchers, which is how I started attending, since that’s what I was.

AAHE collapsed, many think, because of the broad middle-management organization’s gradual splintering into a panoply of “caucuses” that eventually went their own ways, and to a certain extent its leaders aligning AAHE with too many faddish bandwagons. (To this day I wince when I hear the otherwise laudable word “assessment”.) It was also affected by the growing importance of discipline-specific organizations such as NACUBO, AACRAO, and NASPA–not to mention Educom and CAUSE–and it always vied for leadership attention with the so-called “presidential” organizations such as ACE, AAU, APLU, NAICU, and ACC.

change_logoTogether the split into caucuses and over-trendiness left AAHE with no viable general constituency or finances to continue its annual meetings, its support for Change magazine, or its other crosscutting efforts. AAHE shut down in 2005, and disappeared so thoroughly that it doesn’t even have a Wikipedia page; its only online organizational existence is at the Hoover Institution’s archives, which hold its papers.

Fox_Student_CenterAt the Duke CSG meeting I’m hoping, as we work on I2 and NLR leaders to encourage convergence, that NLR v. I2 won’t turn out like AAHE, and that instead the two organizations will agree to a collaborative process leading to synergy and merger like that of CAUSE and Educom.

We fail.

Glenn-RicartFollowing the Duke CSG meeting, NLR and I2 continue to compete. They manage to collaborate briefly on a joint proposal for federal funding, a project called “U.S. UCAN“, but then that collaboration falls apart as NLR’s finances weaken. Internet2 commits to cover NLR’s share of U.S. UCAN, an unexpected burden. NLR hires a new CEO to turn things around; he leaves after less than a year. NLR looks to the private sector for funding, and finds some, but it’s not enough: its network shuts down abruptly in 2014.

In the event, Internet2 survives, especially by extending its mission beyond higher education, and by expanding its collective-procurement activities to include a diversity of third-party products and services under the Net+ umbrella. It also builds some cooperative ventures with EDUCAUSE, such as occasional joint conferences and a few advocacy efforts.

Educause_LogoMeanwhile, despite some false starts and missed opportunities, the EDUCAUSE merger succeeds. The organization grows and modernizes. It tackles a broad array of services to and advocacy on behalf of higher-education IT interests, organizations, and staff.

Portrait of New York Yankees guest coach Yogi Berra during spring training photo shoot at Legends Field. Tampa, Florida 3/2/2005 (Image # 1225 )

But now I’m having a vague feeling of déjà vu all over again. As was the case for I2/NLR, I sense, there’s little to be gained and some to be lost from Internet2 and EDUCAUSE continuing as separate organizations.

unizin2Partly the issue is simple organizational management efficiency: in these times of tight resources for colleges, universities, and state systems, does higher education IT really need two financial staffs, two membership-service desks, two marketing/communications groups, two senior leadership teams, two Boards, and for that matter two CEOs? (Throw ACUTA, Unizin, Apereo, and other entities into the mix, and the question becomes even more pressing.)

7192011124606AMBut partly the issue is deeper. EDUCAUSE and Internet2 are beginning to compete with one another for scarce resources in subtle ways: dues and memberships, certainly, but also member allegiance, outside funding, and national roles. That competition, if it grows, seems perilous. More worrisome still, some of the competition is of the non-salutary I’m OK/You’re Not OK variety, whereby each organization thinks the other should be subservient.

1294770315_1We don’t quite have a Timson/Molloy situation, I’m glad to say. But with little productive interaction at the organizations’ senior levels to build effective, equitable collaboration, there’s unnecessary risk that competitive tensions will evolve into feudal isolation.

If EDUCAUSE and Internet2 can work together on the basis of mutual respect, then we can minimize that risk, and maybe even move toward a success like CAUSE/Educom becoming EDUCAUSE. If they can’t–well, if they can’t, then I think about AAHE, and NLR’s high-and-dry stakeholders, and I worry.

Revisiting IT Policy #3: Harassment

OwlBThe so-called “star wars” campuses of the mid-1980s (Brown, Carnegie Mellon, Dartmouth, and MIT) invented (or at least believe they invented–IT folklore runs rampant) much of what we take for granted and appreciate today in daily electronic life: single signon, secure authentication, instant messaging, cloud storage, interactive online help, automatic updates, group policy, and on and on.

They also invented things we appreciate less. One of those is online harassment, which takes many forms.

Early in my time as MIT’s academic-computing head, harassment seemed to be getting worse. Partly this was because the then-new Athena computing environment interconnected students in unprecedentedly extensive ways, and partly because the Institute approached harassment purely as a disciplinary matter–that is, trying to identify and punish offenders.

Those cases rarely satisfied disciplinary requirements, so few complaints resulted in disciplinary proceedings. Fewer still led to disciplinary action, and of course all of that was confidential.

Stopit

imgresWorking with Mary Rowe, who was then the MIT “Ombuds“, we developed a different approach. Rather than focus on evidence and punishment, we focused on two more general goals: making it as simple as possible for victims of harassment to make themselves known, and persuading offenders to change their behavior.

The former required a reporting and handling mechanism that would work discreetly and quickly. The latter required something other than threats.

stopit poster (2)Satisfying the first requirement was relatively simple. We created an email alias (stopit@mit.edu) to receive and handle harassment (and, in due course, other) complaints.  Email sent to that address went to a small number of senior IT and Ombuds staff, collectively known as the Stopits. The duty Stopit–often me–responded promptly to each complaint, saying that we would do what we could to end the harassment.

We publicized Stopit widely online, in person, and with posters. In the poster and other materials, we gave three criteria for harassment:

  • Did the incident cause stress that affected your ability, or the ability of others, to work or study?
  • Was it unwelcome behavior?
  • Would a reasonable person of your gender/race/religion subjected to this find it unacceptable?”

Anyone who felt in danger, we noted, should immediately communicate with campus police or the dean on call, and we also gave contact information for other hotlines and resources. Otherwise, we asked that complainants share whatever specifics they could with us, and promised discretion under most circumstances.

To satisfy the second requirement, we had to persuade offenders to stop–a very different goal, and this is the key point, from bringing them to justice. MIT is a laissez-faire, almost libertarian place, where much that would be problematic elsewhere is tolerated, and where there is a high bar to formal action.

As I wrote in an MIT Faculty Newsletter article at the time, we knew that directly accusing offenders would trigger demands for proof and long, futile arguments about the subtle difference between criticism and negative comments–which are common and expected at the Institute–and harassment. Prosecution wouldn’t address the problem.

UYA

And so we came up with the so-called “UYA” note.

“Someone using your account…”, the note began, and then went on to describe the alleged behavior. “If you did not do this,” the note went on, “…then quite possibly someone has managed to access your account without permission, and you should take immediate steps to change your password and not share it with anyone.” The note then concluded by saying “If the incident described was indeed your doing, we ask that you avoid such incidents in the future, since they can have serious disciplinary or legal consequences”.

keep-calm-and-change-your-password-1Almost all recipients of UYA notes wrote back to say that their accounts had indeed been compromised, and that they had changed their passwords to make sure their accounts would not be used this way again. In virtually all such cases, the harassment then ceased.

Did we believe that most harassment involved compromised accounts, and that the alleged offenders were innocent? Of course not. In many cases we could see, in logs, that the offender was logged in and doing academic work at the very workstation and time whence the offending messages originated. But the UYA note gave offenders a way to back off without confession or concession. Most offenders took advantage of that. Our goal was to stop the harassment, and mostly the UYA note achieved that.

heatherThere was occasional pushback, usually the offender arguing that the incident was described accurately but did not constitute harassment. Here again, though, the offending behavior almost always ceased. And in a few cases there was pushback of the “yeah, it’s me, and you can’t make me stop” variety. In those, the Stopits referred the incident into MIT’s disciplinary process. And usually, regardless of whether the offender was punished, the harassment stopped.

So Stopit and UYA notes worked.

Looking back, though, they neglected some important issues, and those remain problematic. In fact, the two teaching cases I mentioned in the Faculty Newsletter article and have used in myriad class discussions since–Judy and Michael–reflect two such issues: the difference between harassment and a hostile work environment, and jurisdictional ambiguity.

Work Environment

fishbowl.57Judy Hamilton complains that images displayed on monitors in a public computing facility make it impossible for her to work comfortably. This really isn’t harassment, since the offending behavior isn’t directed at her. Rather, the offender’s behavior made it uncomfortable for Judy to work even though the offender was unaware of Judy or her reaction.

The UYA note worked: the offender claimed that he’d done nothing wrong, and that he had every right to display whatever images he chose so long as they weren’t illegal, but nevertheless he chose to stop.

But it was not correct to suggest that he was harassing Judy, as we did at the time. Most groups that have discussed this case over the years come to that conclusion, and instead say this should have been handled as a hostile-work-environment case. It’s an important distinction to keep in mind.

Jurisdiction

001Michael Zareny, on the other hand, is interacting directly with Jack Oiler, and there’s really no work environment involved. Jack feels harassed, but it’s not clear Michael’s behavior satisfies the harassment criteria. Jack appears to be annoyed, rather than impaired, by Michael’s comments. In any case the interaction between the two would be deemed unfortunate, rather than unacceptable, by many of Jack’s peers.

Or, and this is a key point, the interaction would be seen that way by Jack’s peers at MIT. There’s an old Cambridge joke: At Harvard people are nice to you and don’t mean it, and MIT people aren’t nice to you and don’t mean it. The cultural norms are different. What is unacceptable to someone at Harvard might not be to someone at MIT. So arises the first jurisdictional ambiguity.

In the event, the Michael situation turned out to be even more complicated. When Kim tried to send a UYA note to Michael, it turned out that there was no Michael Zareny at MIT. Rather, it turned out that Michael Zareny was a student elsewhere, and his sole MIT connection was interacting with Jack Oiler in an the newsgroup.

There thus wasn’t much Kim could do, especially since Michael’s own college declined to take any action because the problematic behavior hadn’t involved its campus or IT.

Looking Ahead

The point to all this is straightforward, and it’s relevant beyond the issue of harassment. In today’s interconnected world, it’s rare for problematic online behavior to occur within the confines of a single institution. As a result, taking effective action generally requires various entities to act consistently and collaboratively to gather data from complainants and dissuade offenders.

Yet the relevant policies are rarely consistent from campus to campus, let alone between campuses and ISPs, corporations, or other outside entities. And although campuses are generally willing to collaborate, this often proves difficult for FERPA, privacy, and other reasons.

It’s clear, especially with all the recent attention to online bullying and intimidation, that harassment and similarly antisocial behavior remain a problem for online communities. It’s hard to see how this will improve unless campuses and other institutions work together. If they don’t do that, then external rules–which most of us would prefer to avoid–may well make it a legal requirement.

Revisiting IT Policy #2: Campus DMCA Notices

Under certain provisions from the Digital Millennium Copyright Act, copyright holders send a “notification of claimed infringement” (sometimes called a “DMCA” or “takedown” notice) to Internet service providers, such as college or university networks, when they find infringing material available from the provider’s network. I analyzed counts of infringement notices from the four principal senders to colleges and universities over three time periods (Nov 2011-Oct 2012, Feb/Mar 2013, and Feb/Mar 2014).

In all three periods, most campuses received no notices, even campuses with dormitories. Among campuses receiving notices, the distribution is highly skewed: a few campuses account for a disproportionately large fraction of the notices. Five campuses consistently top the distribution in each year, but beyond these there is substantial fluctuation from year to year.

The volume of notices sent to campuses varies somewhat positively with their size, although some important and interesting exceptions keep the correlation small. The incidence of detected infringement varies strongly with how residential campuses are. It varies less predictably with proxy measures of student-body affluence.

I elaborate on these points below.

Patterns

The estimated total number of notices for the twelve months ending October 2012 was 243,436. The actual number of notices in February/March 2013 was 39,753, and the corresponding number a year later was 20,278.

The general pattern was the same in each time period.

  • According to the federal Integrated Postsecondary Education Data Service (IPEDS), from which I obtained campus attributes, there are 4,904 degree-granting campuses in the United States. Of these, over 80% received no infringement notices in any of the three time periods.
  • 90% of infringement notices went to campuses with dormitories.
  • Of the 801 institutions that received at least one notice in one period, 607 received at least one notice in two periods, and 437 did so in all three. The distribution was highly skewed among the campuses that received at least one infringement notice. The top two recipients in each period were the same: they alone accounted for 12% of all notices in 2012, and 10% in 2013 and 2014.
  • In 2012, 10 institutions accounted for a third of all notices, and 41 accounted for two thirds. In 2013, the distribution was only a little less skewed: 22 institutions accounted for a third of all notices, and 94 accounted for two thirds. In 2014, 22 institutions also accounted for a third of all notices, and 99 accounted for two thirds.

Campus Type

In 2014, just 590 of the 4,904 campuses received infringement notices in 2014. Here is a breakdown by institutional control and type:

Capture

Here are the same data, this time broken down by campus size and residential character (using dormitory beds per enrolled student to measure the latter; the categories are quintiles):

Capture2

About a third of all notices went to very large campuses in the middle residential quintile. In keeping with the classic Pareto ratio, the largest 20% of campuses account for 80% of all notices (and enroll ¾ of all students). Although about half of the largest group is nonresidential (mostly community colleges, plus some state colleges), only a few of them received notices.

Campus Distributions

The top two among the 100 campuses that received the most notices in Feb/Mar 2014 received over 1,000 notices each in the two months. The next highest campus received 615. As the graph below shows, the top 100 campuses accounted for two thirds of the notices; the next 600 campuses accounted for the remaining third (click on this graph, or the others below, to see it full size):

image001

Below is a more detailed distribution for the top 30 recipient campuses, with comparisons to 2012 and 2013 data. To enable valid comparison, this chart shows the fraction of notices received by each campus in each year, rather than the total. The solid red bars are the campus’s 2014 share, and the lighter blue and green bars are the 2012 and 2013 shares. The hollow bar for each campus is the incidence of detected infringement, defined as the number of 2014 notices per thousand headcount students.

image003

As in earlier analyses, there is an important distinction between campuses whose high volume of notices stems largely from their size, and those where it stems from a combination of size and incidence—that is, the ratio of notices received to enrollment.

In the graph, Carbon and Nitrogen are examples of the former: they are both very large public urban universities enrolling over 50,000 students, but with relatively low incidence of around 7 notices per thousand students. They stand in marked contrast to incidences of 20-60 notices per thousand students at Lithium, Boron, Neon, Magnesium, Aluminum, and Silicon, each of which enrolls 10-25,000 students—all private except Aluminum.

Changes over Time

The overall volume of infringement notices varies from time to time depending on how much effort copyright holders devote to searching for infringement (effort costs money), and to a lesser extent based on which titles they use to seed searches. The volume of notices sent to campuses varies accordingly. However, the distribution of notices across campuses should not be affected by the total volume. To analyze trends, therefore, it is important to use a metric independent of total volume.

As in the preceding section, I used the fraction of all campus notices each campus received for each period. The top two campuses were the same in all three years: Hydrogen was highest in 2012 and 2014, and Helium was highest in 2013.

Only five campuses received at least 1.5% of all notices in more than one year:

image005

These campuses consistently stand at the top of the list, account for a substantial fraction of all infringement notices, and except for Beryllium have incidence over 20. As I argue below, it makes sense for copyright holders to engage them directly, to help them understand how different they are from their peers, and perhaps to persuade them to better “effectively combat” infringement from their networks by adopting policies and practices from their low-incidence peers.

Aside from these five campuses, there is great year-to-year variation in how many notices campuses receive. Below, for example, is a similar graph for the approximately 50 campuses receiving 0.5%-1.5% of all notices in at least one of the three years. Such year-to-year variation makes engagement much more difficult to target efficiently and much less likely to have discernible effects.

image007

Relationships

Size

All else equal, if infringement is the same across campuses and campuses take equally effective measures to prevent it from reaching the Internet, then the volume of detected infringement should generally vary with campus size. That this is only moderately the case implies that student behavior varies from campus to campus and/or that campuses’ “effectively combat” measures are different and have different effects.

Here are data for the 100 campuses receiving the most infringement notices in 2014:

image009

It appears visually that the overall correlation between campus size and notice volume is modest (and indeed r=0.29) because such a large volume of notices went to Hydrogen and Helium, which are not the largest campuses.

However, the correlation is slightly lower if those two campuses are omitted. This is because Lithium has the next highest volume, yet is of average size, and Manganese, the largest campus in the group, with over 70,000 students, had very low incidence of 2 notices per thousand students. (I’ve spoken at length with the CIO and network-security head at Manganese, and learned that its anti-infringement measures comprise a full array of policies and practices: blocking of peer-to-peer protocols at the campus border, with well-established exception procedures; active followthrough on infringement notices received; and direct outreach to students on the issue.)

Residence

If students live on campus, then typically their network connection is through the campus network, their detectable infringement is attributed to the campus, and that’s where the infringement notice goes. If students live off campus, then they do not use the campus network, and infringement notices go to their ISP. This is why most infringement notices go to campuses with dorms, even though the behavior of their students probably resembles that of their nonresidential peers.

For the same reason, we might expect that residentially intensive campuses (measured by the ratio of dormitory beds to total enrollment) would have a higher incidence of detectable infringement, all else equal, than less residential campuses. Here are data for the 100 campuses receiving the most infringement notices:

image011

The relationship is positive, as expected, and relatively strong (r=.58). It’s important, though, to remember that this relationship between campus attributes (residential intensity and the incidence of detected infringement) does not necessarily imply a relationship between student attributes such as living in dorms and distributing infringing material. Drawing inferences about individuals from data about groups is the “ecological fallacy.”

Affluence

One hears arguments that infringement varies with affluence, that is, that students with less money are more likely to infringe. There’s no way to assess that directly with these data, since they do not identify individuals. However, IPEDS campus data include the fraction of students receiving Federal grant aid, which varies inversely with income. The higher this fraction, the less affluent, on average, the student body should be. So it’s interesting to see how infringement (measured by incidence rather than volume) varies with this metric:

image013

The relationship is slightly negative (r=-.12), in large part because of Polonium, a small private college with few financial-aid recipients that received 83 notices per 1000 students in 2014. (Its incidence was similar in 2012, but much lower in 2013.) Even without Polonium, however, the relationship is small.

For the same reason, we might expect a greater incidence of detected infringement on less expensive campuses. The data:

image015

Once again the relationship is the opposite (r=.54), largely because most campuses have both low tuition and low incidence.

Campus Interactions

Following the 2012 and 2013 studies, I communicated directly with IT leaders at several campuses with especially high volumes of infringement notices. All save one (Hydrogen) of these interactions were informative, and several appear to have influenced campus policies and practices for the better.

  • Helium. Almost all of Helium’s notices are associated with a small, consecutive group of IP addresses, presumably the external addresses for a NAT-mediated campus wireless network. I learned from discussions with Helium’s CIO that the university does not retain NAT logs long enough to identify wireless users when infringement notices are received; as a result, few infringement notices reach offenders, and so they have little impact directly or indirectly. Helium apparently understands and recognizes the problem, but replacing its wireless logging systems is not a high priority project.
  • Hydrogen. Despite diverse direct, indirect, and political efforts to engage IT leaders at Hydrogen, I was never able to open discussions with them. I do not understand why the university receives so many notices (unlike Helium’s, they are not concentrated), and was therefore unable to provide advice to the campus. It is also unclear whether the notices sent to Hydrogen are associated with its small-city main campus or with its more urban branch campus.
  • Krypton. Krypton used to provide guests up to 14 days of totally unrestricted and anonymous use of its wired and wireless networks. I believe that this led to its high rate of detected infringement. More recently, Krypton implemented a separate guest wireless network, which is still anonymous but apparently is either more restricted or is routed to an external ISP. I believe that this change is why Krypton is no longer in the top 20 group in 2014. (Krypton still offers unrestricted 14-day access to its wired network.)
  • Lithium. The network-security staff at Lithium told me that there are plans to implement better filtering and blocking on their network, but that implementation has been delayed.
  • Nitrogen. Nitrogen enrolls over 50,000 students, more than almost any other campus. As I pointed out above, although Nitrogen’s infringement notice counts are substantial, they are actually relatively low when adjusted for enrollment.
  • Gallium. I discussed Gallium’s high infringement volume with its CIO in early 2013. She appeared to be surprised that the counts were so high, and that they were not all associated with Gallium affiliate campuses, as the university had previously believed. Although the CIO was noncommittal about next steps, it appears that something changed for the better.
  • Palladium. The Palladium CIO attended a Symposium I hosted in March 2013, and while there he committed to implementing better controls at the University. The CIO appears to have followed through on this commitment.
  • No Alias. Although it doesn’t appear in the graph, No Alias is an interesting story. It ranked very high in the 2012 study. NA, it turns out, provides exit connections for the Tor network, which means that some traffic that appears to originate at NA in fact originates from anonymous users elsewhere. Most of NA’s 2012 notices were associated with the Tor connections, and I suggested to NA’s security officer that perhaps No Alias might impose some modest filters on those. It appears that this may have happened, and may be why NA dropped out of the top group.

I also interacted with several other campuses that ranked high in 2013. In many of these conversations I was able to point IT staff to specific problems or opportunities, such as better configuring firewalls. Most of these campuses moved out of the top group.

And So…

The 2014 DMCA notice data reinforce earlier implications (from both data and direct interactions) for campus/industry interactions. Copyright holders should interact directly with the few institutions that rank consistently high, and with large residential institutions that rank consistently low. In addition, copyright holders should seek opportunities to better understand how best to influence student behavior, both during and after college.

Conversely, campuses that receive disproportionately many notices, and so give higher education a bad reputation with regard to copyright infringement, should consult peers at the other end of the distribution, and identify reasonable ways to improve their policies and practices.

9|4|14 gj-c

 

Revisiting IT Policy #1: Network Neutrality

The last time I wrote about network neutrality, higher education was deeply involved in the debate, especially through the Association of Research Libraries and EDUCAUSE, whose policy group I then headed. We supported a proposal by the then Federal Communications Commission (FCC) chairman, Julius Genachowski, to require public non-managed last-mile networks to transmit end-user Internet traffic neutrally.

We worried that otherwise those networks might favor commercial over intellectual content, and so make it difficult for off-campus students to access course, library, and other campus content, and for campus entities such as libraries to access content on other campuses or in central shared repositories. (The American Library Association had similar worries on behalf of public libraries and their patrons.) Almost as a footnote, we opposed so-called “paid prioritization”, an ill-defined concept, rarely implemented, but now reborn as “Internet fast lanes”.

Although courts overturned the FCC on neutrality, for the most part its key principle has held: traffic should flow across the Internet without regard for its source, its destination, or its content.

But the paid-prioritization footnote is pushing its way back into the main text. It’s doing so in a particularly arcane way, but one that may have serious implications for higher education. Understanding this requires some definitions. After addressing those (as Steve Worona points out, an excellent Wired article has even more on how the Internet, peering, and content delivery networks work), I’ll  turn to current issues and higher education’s interests.

What Is Network Neutrality?

To be “neutral”, in the FCC’s earlier formulation, a network must transmit public Internet traffic equivalently without regard for its source, its destination, or its content. Public Internet traffic means traffic that involves externally accessible IP addresses. A network can discriminate on the basis of type–for example, treat streaming video differently from email. But a neutral network cannot discriminate on source, destination, or content within a given type of traffic. A network can  treat special traffic such as cable TV programming or cable-based telephony–“managed services”, in the jargon–differently than regular public Internet traffic, although this is controversial since the border is murky. More controversial still, given current trends, is the exclusion of cellular wireless Internet traffic (but not WiFi) from neutrality requirements.

Pipes

The word “transmit” is important, because it’s different from “send” and “receive”. Users connect computers, servers, phones, television sets, and other devices to networks. They choose and pay for the capacity of their connection (the “pipe”, in the usual but imperfect plumbing analogy) to send and receive network traffic. Not all pipes are the same, and it’s perfectly acceptable for a network to provide lower-quality pipes–slower, for example–to end users who pay less, and to charge customers differently depending on where they are located. But a neutral network must provide the same quality of service to those who pay for the same size, quality, and location of “pipe”.

A user who is mostly going to send and receive small amounts of text (such as email) can get by with very modest and inexpensive capacity. One who is going to view video needs more capacity, one who is going to use two-way videoconferencing needs even more, and a commercial entity that is going to transmit multiple video streams to many customers needs lots. Sometimes the capacity of connections is fixed–one pays for a given capacity regardless of whether one uses it all–and sometimes their capacity and cost adjust dynamically with use. But in all cases one is merely paying for a connection to the network, not for how quickly traffic will get to or arrive from elsewhere. That last depends on how much someone is paying at the other end, and on how well the intervening networks interconnect. Whether one can pay for service quality other than the quality of one’s own connection is central to the current debate.

Users

It’s also important to consider two different (although sometimes overlapping) kinds of users: “end users” and “providers”. In general, providers deliver services to end users, sometimes content (for example, Netflix, the New York Times, or Google Search), sometimes storage (OneDrive, Dropbox), sometimes communications (Gmail, Xfinity Connect), and sometimes combinations of these and other functionality (Office Online, Google Apps).

The key distinctions between providers and end users are scale and revenue flow. The typical provider serves thousands if not millions of end users; the typical end user uses more than a few but rarely more than a few hundred providers. End users provide revenue to providers, either directly or by being counted; providers receive revenue (or sometimes other value such as fame) from end users or advertisers, and use it to fund the services they provide.

Roles

Networks (and therefore network operators) can play different roles in transmission: “first mile”, “last mile”, “backbone”, and “peering”. Providers connect to first-mile networks. End users do the same to last-mile networks. (First-mile and last-mile networks are mirror images of each other, of course, and can swap roles, but there’s always one of each for any traffic.) Sometimes first-mile networks connect directly to last-mile networks, and sometimes they interconnect indirectly using backbones, which in turn can interconnect with other backbones. Peering is how first-mile, last-mile, and backbone networks interconnect.

To use another imperfect analogy, first mile networks are on-ramps to backbone freeways, last-mile networks are off-ramps, and peering is where freeways interconnect. But here’s why the analogy is  imperfect: sometimes providers connect directly to backbones, and sometimes first-mile and last-mile networks have their own direct peering interconnections, bypassing backbones. Sometimes, as the Wired article points out, providers pay last-mile networks to host their servers, and sometimes special content-distribution systems such as Akamai do roughly the same. Those imperfections account for much of the current controversy.

Consider how I connect the Mac on my desk in Comcast‘s downtown office (where a few of us from NBCUniversal also work) to hostmonster.com, where this blog lives. I connect to the office wireless, which gives me a private (10.x.x.x) IP address. That goes to an internal (also private) router in Philadelphia, which then connects to Comcast’s public network. Comcast, as the company’s first-mile network, takes the traffic to Pennsylvania, then to Illinois, then back east to Virginia. There Comcast has a peering connection to Cogent, which is Hostmonster’s first-mile network provider. Cogent carries my traffic from Virginia to Illinois, Missouri, Colorado, and Utah, where Hostmonster is located and connects to Cogent.

If Comcast and Cogent did not have a direct connection, then my traffic would flow through a backbone such as Level3. If Hostmonster placed its servers in Comcast data centers, my traffic would be all-Comcast. As I’ll note repeatedly, this issue–how first-mile, last-mile, and backbones peer, and how content providers deal with this–is driving much of today’s network-neutrality debate. So is the increasing consolidation of the last-mile network business.

Public/Private

“Public” networks are treated differently than “private” ones. Generally speaking, if a network is open to the general public, and charges them fees to use it, then it’s a public network. If access is mostly restricted to a defined, closed community and does not charge use fees, then it’s a private network. The distinction between public and private networks comes mostly from the Communications Assistance to Law Enforcement Act (CALEA), which took effect in 1995. CALEA required “telecommunications carriers” to assist police and other law enforcement, notably by enabling court-approved wiretaps.

Even for traditional telephones, it was not entirely clear which “telecommunications carriers” were covered–for example, what about campus-run internal telephone exchanges?–and as CALEA extended to the Internet the distinction became murkier. Eventually “open to the general public, and charges them fees” provided a practical distinction, useful beyond CALEA.

Most campus networks are private by this definition. So are my home network, the network here in the DC Comcast office, and the one in my local Starbucks. To take the roadway analogy a step further, home driveways, the extensive network of roads within gated residential communities (even a large one such as Kiawah Island), and roadways within large industrial facilities (such as US Steel’s Gary plant) are private. City streets, state highways, and Interstates are public. (Note that the meaning of “public network” in Windows, MacOS, or other security settings is different.)

Neutrality

In practice, and in most of the public debate until recently, the term “network neutrality” has meant this: except in certain narrow cases (such as illegal uses), a neutral-network operator does not prioritize traffic over the last mile to or from an end user according to the source of the traffic, who the end user is, or the content of the traffic. Note the important qualification: “over the last mile”.

An end user with a smaller, cheaper connection will receive traffic more slowly than one who pays for a faster connection, and the same is true for providers sending traffic. The difference may be more pronounced for some types of traffic (such as video) than for others (email). Other than this, however, a neutral network treats all traffic the same. In particular, the network operator does not manipulate the traffic for its own purposes (such as degrading a competitor’s service), and does not treat end users or providers differently except to the extent they pay for the speed or other qualities of their own network connections.

“Public” networks often claim to be neutral, at least to some degree; “private” ones rarely do. Most legislative and regulatory efforts to promote network neutrality focus on public networks.

Enough definition. What does this all mean for higher education, and in particular how is that meaning different from what I wrote about back in 2011?

The Rebirth of Paid Prioritization

Where once the debate centered on last-mile neutrality for Internet traffic to and from end users, which is relatively straightforward and largely accepted, it has now expanded to include both Internet and “managed services” over the full path from provider to end user, which is much more complicated and ambiguous.

An early indicator was AT&T’s proposal to let providers subsidize the delivery of their traffic to AT&T cellular-network end users, specifically by allowing providers to pay the data costs associated with their services to end users. That is, providers would pay for how traffic was delivered and charged to end users. This differs fundamentally from the principle that the service end users receive depends only on what end users themselves pay for. Since cellular networks are not required to be neutral, AT&T’s proposal violated no law or regulation, but it nevertheless triggered opposition: It implied that AT&T’s customers would receive traffic (ads, downloads, or whatever) from some providers more advantageously–that is, more cheaply–than equivalent traffic from other providers. End user would have no say in this, other than to change carriers. Thus far AT&T’s proposal has attracted few providers, but this may be changing.

Then came the running battles between Netflix, a major provider, and last-mile providers such as Comcast and Verizon. Netfllix argued that end users were receiving its traffic less expeditiously than other providers’ traffic, that this violated neutrality principles, and that last-mile providers were responsible for remedying this. The last-mile providers rejected this argument: in their view the problem arose because Netfllix’s first-mile network (as it happens, Cogent, the same one Hostmonster uses) was unwilling to pay for peering connections capable of handling Netflix’s traffic (which can amount to more than a quarter of all Internet traffic some evenings). In the last-mile networks’ view, Netflix’s first-mile provider was responsible for fixing the problem at its (and therefore presumably Netflix’s) expense. The issue is, who pays to ensure sufficient peering capacity? Returning to the highway metaphor, who pays for sufficient interchange ramps between toll roads, especially when most truck traffic is in one direction?

In the event Netflix gave in, and arranged (and paid for) direct first-mile connections to Comcast, Verizon, and other last-mile providers. But Netflix continues to press its case, and its position has relevance for higher education.

Colleges and Universities

Colleges and universities have traditionally taken two positions on network neutrality. Representing end users, including their campus community and distant students served over the Internet, higher education has taken a strong position in support of the FCC’s network-neutrality proposals, and even urged that they be extended to cover cellular networks. As operators of networks funded and designed to support campuses’ instructional, research, and administrative functions, however, higher education also has taken the position that campus networks, like home, company, and other private networks, should continue to be exempted from network-neutrality provisions.

These remain valid positions for higher education to take in the current debate, and indeed the principles recently posted by EDUCAUSE and various other organizations do precisely that. But the emergence of concrete paid-prioritization services may require more nuanced positions and advocacy.  This is partly because the FCC’s positions have shifted, and partly because the technology and the debate have evolved.

Why should colleges and universities care about this new network-neutrality battleground? Because in addition to representing end users and operating private networks, campuses are increasingly providing instruction to distant students over the Internet. Massively open online courses (MOOCs) and other distance-education services often involve streamed or two-way video. They therefore require high-quality end-to-end network connections.

In most cases, campus network traffic to distant student flows over the commercial Internet, rather than over Internet2 or regional research and education (R&E) networks. Whether it reaches students expeditiously depends not only on the campus’s first-mile connection (“first mile” rather than “last mile” because the campus is now a provider rather than simply representing end users), but also on how the campus’s Internet service provider connects to backbones and/or to students’ last-mile networks–and of course on whether distant students have paid for good enough connections. This is similar to Netflix’s situation.

Unlike Netflix, however, individual campuses probably cannot afford to pay for direct connections to all of their students’ last-mile networks, or to place servers in distant data centers. They thus depend on their first-mile networks’ willingness to peer effectively with backbone and last-mile networks. Yet campuses are rarely major customers of their ISPs, and therefore have little leverage to influence ISPs’ backbone and peering choices. Alternatively, campuses can in theory use their existing connections to R&E networks to deliver instruction. But this is only possible if those R&E networks peer directly and capably with key backbone and last-mile providers. R&E networks generally have not done this.

Here’s what this all means: Higher education needs to continue supporting its historical positions promoting last-mile neutrality and seeking private-network exemptions for campus networks. But colleges and universities also need to work together to make sure their instructional traffic will continue to reach distant students. One way to achieve this is by opposing paid prioritization, of course. But FCC and other regulations may permit limited paid prioritization, or technology may as usual stay one step ahead of regulation. Higher education must figure out the best ways to deal with that, and collaborate to make them so.

 

 

 

 

Notes From (or is it To?) the Dark Side

“Why are you at NBC?,” people ask. “What are you doing over there?,” too, and “Is it different on the dark side?” A year into the gig seems a good time to think about those. Especially that “dark side” metaphor.  For example, which side is “dark”?

This is a longer-than-usual post. I’ll take up the questions in order: first Why, then What, then Different; use the links to skip ahead if you prefer.

Why are you at NBC?

5675955This is the first time I’ve worked at a for-profit company since, let’s see, the summer of 1967: an MIT alumnus arranged an undergraduate summer job at Honeywell‘s Mexico City facility. Part of that summer I learned a great deal about the configuration and construction of custom control panels, especially for big production lines. I think of this every time I see photos of big control panels, such as those at older nuclear plants—I recognize the switch types, those square toggle buttons that light up. (Another part of the summer, after the guy who hired me left and no one could figure out what I should do, I made a 43½-foot paper-clip chain.)

One nice Honeywell perk was an employee discount on a Pentax 35mm SLR with a 40mm and 135mm lenses, which I still have in a box somewhere, and which still works when I replace the camera’s light-meter battery. (The Pentax brand belonged to Honeywell back then, not Ricoh.) Excellent camera, served me well for years, through two darkrooms and a lot of Tri-X film. I haven’t used it since I began taking digital photos, though.

5499942818_d3d9e9929b_nI digress. Except, it strikes me, not really. One interesting thing about digital photos, especially if you store them online and make most of them publicly visible (like this one, taken on the rim of spectacular Bryce Canyon, from my Backdrops collection), is that sometimes the people who find your pictures download them and use them for their own purposes. My photos carry a Creative Commons license specifying that although they are my intellectual property, they can be used for nonprofit purposes so long as they are attributed to me (an option not available, apparently, if I post them on Facebook instead).

So long as those who use my photos comply with the CC license requirement, I don’t require that they tell me, although now and then they do. But if people want to use one of my photos commercially, they’re supposed to ask my permission, and I can ask for a use fee. No one has done that for me—I’m keeping the day job—but it’s happened for our son.

dmcaI hadn’t thought much about copyright, permissions, and licensing for personal photos (as opposed to archival, commercial, or institutional ones) back when I first began dealing with “takedown notices” sent to the University of Chicago under the Digital Millennium Copyright Act (DMCA). There didn’t seem to be much of a parallel between commercialized intellectual property, like the music tracks that accounted for most early DMCA notices, and my photos, which I was putting online mostly because it was fun to share them.

Neither did I think about either photos or music while serving on a faculty committee rewriting the University’s Statute 18, the provision governing patents in the University’s founding documents.

sealThe issues for the committee were fundamentally two, both driven somewhat by the evolution of “textbooks”.

First, where is the line between faculty inventions, which belong to the University (or did at the time), and creations, which belong to creators—between patentable inventions and copyrightable creations, in other words? This was an issue because textbooks had always been treated as creations, but many textbooks had come to include software (back then, CDs tucked into the back cover), and software had always been treated as an invention.

Second, who owns intellectual property that grows out of the instructional process? Traditionally, the rights and revenues associated with textbooks, even textbooks based on University classes, belonged entirely to faculty members. But some faculty members were extrapolating this tradition to cover other class-based material, such as videos of lectures. They were personally selling those materials and the associated rights to outside entities, some of which were in effect competitors (in some cases, they were other universities!).

fathomAs you can see by reading the current Statute 18, the faculty committee really didn’t resolve any of this. Gradually, though, it came to be understood  that textbooks, even textbooks including software, were still faculty intellectual property, whereas instructional material other than that explicitly included in traditional textbooks was the University’s to exploit, sell, or license.

With the latter well established, the University joined Fathom, one of the early efforts to commercialize online instructional material, and put together some excellent online materials. Unfortunately, Fathom, like its first-generation peers, failed to generate revenues exceeding its costs. Once it blew through its venture capital, which had mostly come from Columbia University, Fathom folded. (Poetic justice: so did one of the profit-making institutions whose use of University teaching materials prompted the Statute 18 review.)

Gradually this all got me interested in the thicket of issues surrounding campus online distribution and use of copyrighted materials and other intellectual property, and especially the messy question how campuses should think about copyright infringement occurring within and distributed from their networks. The DMCA had established the dual principles that (a) network operators, including campuses, could be held liable for infringement by their network users, but (b) they could escape this liability (find “safe harbor”) by responding appropriately to complaints from copyright holders. Several of us research-university CIOs worked together to develop efficient mechanisms for handling and responding to DMCA notices, and to help the industry understand those and the limits on what they might expect campuses to do.

heoaAs one byproduct of that, I found myself testifying before a Congressional committee. As another, I found myself negotiating with the entertainment industry, under US Education Department auspices, to develop regulations implementing the so-called “peer to peer” provisions of the Higher Education Opportunity Act of 2008.

That was one of several threads that led to my joining EDUCAUSE in 2009. One of several initiatives in the Policy group was to build better, more open communications between higher education and the entertainment industry with regard to copyright infringement, DMCA, and the HEOA requirements.

hero-logo-edxI didn’t think at the time about how this might interact with EDUCAUSE’s then-parallel efforts to illuminate policy issues around online and nontraditional education, but there are important relevancies. Through massively open online courses (MOOCs) and other mechanisms, colleges and universities are using the Internet to reach distant students, first to build awareness (in which case it’s okay for what they provide to be freely available) but eventually to find new revenues, that is, to monetize their intellectual property (in which case it isn’t).

music-industryIf online campus content is to be sold rather than given away, then campuses face the same issues as the entertainment industry: They must protect their content from those who would use it without permission, and take appropriate action to deter or address infringement.

Campuses are generally happy to make their research freely available (except perhaps for inventions), as UChicago’s Statute 18 makes clear, provided that researchers are properly credited. (I also served on UChicago’s faculty Intellectual Property Committee, which among other things adjudicated who-gets-credit conflicts among faculty and other researchers.) But instruction is another matter altogether. If campuses don’t take this seriously, I’m afraid, then as goes music, so goes online higher education.

Much as campus tumult and changes in the late Sixties led me to abandon engineering for policy analysis, and quantitative policy analysis led me into large-scale data analysis, and large-scale data analysis led me into IT, and IT led me back into policy analysis, intellectual-property issues led me to NBCUniversal.

Peacock_CleanupI’d liked the people I met during the HEOA negotiations, and the company seemed seriously committed to rethinking its relationships with higher education. I thought it would be interesting, at this stage in my career, to do something very different in a different kind of place. Plus, less travel (see screwup #3 in my 2007 EDUCAUSE award address).

So here I am, with an office amidst lobbyists and others who focus on legislation and regulation, with a Peacock ID card that gets me into the Universal lot, WRC-TV, and 30 Rock (but not SNL), and with a 401k instead of a 403b.

What are you doing over there?

NBCUniversal’s goals for higher education are relatively simple. First, it would like students to use legitimate sources to get online content more, and illegitimate “pirate” sources less. Second, it would like campuses to reduce the volume of infringing material made available from their networks to illegal downloaders worldwide.

477px-CopyrightpiratesMy roles are also two. First, there’s eagerness among my colleagues (and their counterparts in other studios) to better understand higher education, and how campuses might think about issues and initiatives. Second, the company clearly wants to change its approach to higher education, but doesn’t know what approaches might make sense. Apparently I can help with both.

To lay foundation for specific projects—five so far, which I’ll describe briefly below—I looked at data from DMCA takedown notices.

Curiously, it turned out, no one had done much to analyze detected infringement from campus networks (as measured by DMCA notices sent to them), or to delve into the ethical puzzle: Why do students behave one way with regard to misappropriating music, movies, and TV shows, and very different ways with regard to arguably similar options such as shoplifting or plagiarism? I’ve written about some of the underlying policy issues in Story of S, but here I decided to focus first on detected infringement.

riaa-logoIt turns out that virtually all takedown notices for music are sent by the Recording Industry Association of America, RIAA (the Zappa Trust and various other entities send some, but they’re a drop in the bucket).

MPAAMost takedown notices for movies and some for TV are sent by the Motion Picture Association of America, MPAA, on behalf of major studios (again, with some smaller entities such as Lucasfilm wading in separately). NBCUniversal and Fox send out notices involving their movies and TV shows.

sources chartI’ve now analyzed data from the major senders for both a twelve-month period (Nov 2011-Oct 2012) and a more recent two-month period (Feb-Mar 2013). For the more recent period, I obtained very detailed data on each of 40,000 or so notices sent to campuses. Here are some observations from the data:

  • Almost all the notices went to 4-year campuses that have at least 100 dormitory beds (according to IPEDS). To a modest extent, the bigger the campus the more notices, but the correlation isn’t especially large.
  • Over half of all campuses—even of campuses with dorms—didn’t get any notices. To some extent this is because there are lots and lots of very small campuses, and they fly under the infringement-detection radar. But I’ve learned from talking to a fair number of campuses that, much to my surprise, many heavily filter or even block peer-to-peer traffic at their commodity Internet border firewall—usually because the commodity bandwidth p2p uses is expensive, especially for movies, rather than to deal with infringement per se. Outsourced dorm networks also have an effect, but I don’t think they’re sufficiently widespread yet to explain the data.
  • Several campuses have out-of-date or incorrect “DMCA agent” addresses registered at the Library of Congress. Compounding that, it turns out some notice senders use “abuse” or other standard DNS addresses rather than the registered agent addresses.
  • Among campuses that received notices, a few campuses stand out for receiving the lion’s share, even adjusting for their enrollment. For example, the top 100 or so recipient campuses got about three quarters of the total, and a handful of campuses stand out sharply even within that group: the top three campuses (the leftmost blue bars in the graph below) accounted for well over 10% of the notices. (I found the same skewness in the 2012 study.) With a few interesting exceptions (interesting because I know or suspect what changed), the high-notice groups have been the same for the two periods.

utorrent-facebook-mark-850-transparentThe detection process, in general, is that copyright holders choose a list of music, movie, or TV titles they believe likely to be infringed. Their contractors then use BitTorrent tracker sites and other user tools to find illicit sources for those titles.

For the most part the studios and associations simply look for titles that are currently popular in theaters or from legitimate sources. It’s hard to see that process introducing a bias that would affect some campuses so much differently than others. I’ve also spent considerable time looking at how a couple of contractors verify that titles being offered illicitly (that is, listed for download on a BitTorrent tracker site such as The Pirate Bay) are actually the titles being supplied (rather than, say, malware, advertising, or porn), and at how they figure out where to send the resulting takedown notices. That process too seems pretty straightforward and unbiased.

argo-15355-1920x1200Sender choices clearly can influence how notice counts vary from time to time: for example, adding a newly popular title to the search list can lead to a jump in detections and hence notices. But it’s hard to see how the choice of titles would influence how notice counts vary from institution to institution.

This all leads me to believe that takedown notices tell us something incomplete but useful about campus policies and practices, especially at the extremes. The analysis led directly to two projects focused on specific groups of campuses, and indirectly to three others.

Role Model Campuses

Based on the results of the data analysis, I communicated individually with CIOs at 22 campuses that received some but relatively few notices: specifically, campuses that (a) received at least one notice (and so are on the radar) but (b) fewer than 300 and fewer than 20 per thousand student headcount, (c) have at least 7,500 headcount students, and (d) have at least 10,000 dorm beds (per IPEDS) or sufficient dorm beds to house half your headcount. (These are Group 4, the purple bars in the graph below. The solid bars represent total notices sent, and the hollow bars represent incidence, or notices per thousand headcount students. Click on the graph to see it larger.)

I’ve asked each of those campuses whether they’d be willing to document their practices in an open “role models” database developed jointly by the campuses and hosted by a third party such as groups charta higher-education association (as EDUCAUSE did after the HEOA regulations took effect). The idea is to make a collection of diverse effective practices available to other campuses that might want to enhance their practices.

High Volume Campuses

Separately, I communicated privately with CIOs at 13 campuses that received exceptionally many notices, even adjusting for their enrollment (Group 1, the blue bars in the graph). I’ve looked in some detail at the data for those campuses, some large and some small, and in some cases that’s led to suggestions.

For example, in a few cases I discovered that virtually all of a high-volume campus’s notices were split evenly among a small number of consecutive IP addresses. In those cases, I’ve suggested that those IP addresses might be the front-end to something like a campus wireless network. Filtering or blocking p2p (or just BitTorrent) traffic on those few IP addresses (or the associated network devices) might well shrink the campus’s role as a distributor without affecting legitimate p2p or BitTorrent users (who tend to be managing servers with static addresses).

Symposia

Back when I was at EDUCAUSE, we worked with NBCUniversal to host a DC meeting between senior campus staff from a score of campuses nationwide and some industry staff closely involved with the detection and notification for online infringement. The meeting was energetic and frank, and participants from both sides went away with a better sense of the other’s bona fides and seriousness. This was the first time campus staff had gotten a close look at the takedown-notice process since a Common Solutions Group meeting in Ann Arbor some years earlier; back then the industry’s practices were much less refined.

university-st-thomas-logo-white croppedBased on the NBCUniversal/EDUCAUSE experience, we’re organizing a series of regional “Symposia” along these lines on campuses in various cities across the US. The objectives are to open new lines of communication and to build trust. The invitees are IT and student-affairs staff from local campuses, plus several representatives from industry, especially the groups that actually search for infringement on the Internet. The first was in New York, the second in Minneapolis, the third will be in Philadelphia, and others will follow in the West, the South, and elsewhere in the Midwest.

Research

We’re funding a study within a major state university system to gather two kinds of data. Initially the researchers are asking each campus to describe the measures it takes to “effectively combat” copyright infringement: its communications with students, its policies for dealing with violations, and the technologies it uses. The data from the first phase will help enhance a matrix we’ve drafted outlining the different approaches taken by different campuses, complementing what will emerge from the “role models” project.

Based on the initial data, the researchers and NBCUniversal will choose two campuses to participate in the pilot phase of the Campus Online Education Initiative (which I’ll describe next). In advance of that pilot, the researchers will gather data from a sample of students on each campus, asking about their attitudes toward and use of illicit and legitimate online sources for music, movies, and video. They’ll then repeat that data collection after the pilot term.

Campus Online Entertainment Initiative

Last but least in neither ambition nor complexity, we’re crafting a program that will attempt to address both goals I listed earlier: encouraging campuses to take effective steps to reduce distribution of infringing material from their networks, and helping students to appreciate (and eventually prefer) legitimate sources for online entertainment.

maxresdefaultWorking with Universal Studios and some of its peers, we’ll encourage students on participating campuses to use legitimate sources by making a wealth of material available coherently and attractively—through a single source that works across diverse devices, and at a substantial discount or with similar incentives.

Participating campuses, in turn, will maintain or implement policies and practices likely to shrink the volume of infringing material available from their networks. In some cases the participating campuses will already be like those in the “role models” group; in others they’ll be “high volume” or other campuses willing to  adopt more effective practices.

I’m managing these projects from NBCUniversal’s Washington offices, but with substantial collaboration from company colleagues here, in Los Angeles, and in New York; from Comcast colleagues in Philadelphia; and from people in other companies. Interestingly, and to my surprise, pulling this all together has been much like managing projects at a research university. That’s a good segue to the next question.

Is it different on the dark side?

IMG_1224Newly hired, I go out to WRC, the local NBC affiliate in Washington, to get my NBCUniversal ID and to go through HR orientation. Initially it’s all familiar: the same ID photo technology, the same RFID keycard, the same ugly tile and paint on the hallways, the same tax forms to be completed by hand.

But wait: Employee Relations is next door to the (now defunct) Chris Matthews Show. And the benefits part of orientation is a video hosted by Jimmy Fallon and Brian Williams. And there’s the possibility of something called a “bonus”, whatever that is.

Around my new office, in a spiffy modern building at 300 New Jersey Avenue, everyone seems to have two screens. That’s just as it was in higher-education IT. But wait: here one of them is a TV. People watch TV all day as they work.

Toto, we’re not in higher education any more.

IMG_1274It’s different over here, and not just because there’s a beautiful view of the Capitol from our conference rooms. Certain organizational functions seem to work better, perhaps because they should and in the corporate environment can be implemented by decree: HR processes, a good unified travel arrangement and expense system, catering, office management. Others don’t: there’s something slightly out of date about the office IT, especially the central/individual balance and security, and there’s an awful lot of paper.

Some things are just different, rather than better or not: the culture is heavily oriented to face-to-face and telephone interaction, even though it’s a widely distributed organization where most people are at their desks most of the time. There’s remarkably little email, and surprisingly little use of workstation-based videoconferencing. People dress a bit differently (a maitre d’ told me, “that’s not a Washington tie”).

But differences notwithstanding, mostly things feel much the same as they did at EDUCAUSE, UChicago, and MIT.

tiny NBCUniversal_violet_1030Where I work is generally happy, people talk to one another, gossip a bit, have pizza on Thursdays, complain about the quality of coffee, and are in and out a lot. It’s not an operational group, and so there’s not the bustle that comes with that, but it’s definitely busy (especially with everyone around me working on the Comcast/Time Warner merger). The place is teamly, in that people work with one another based on what’s right substantively, and rarely appeal to authority to reach decisions. Who trusts whom seems at least as important as who outranks whom, or whose boss is more powerful. Conversely, it’s often hard to figure out exactly how to get something done, and lots of effort goes into following interpersonal networks. That’s all very familiar.

MIT_Building_10_and_the_Great_Dome,_Cambridge_MAI’d never realized how much like a research university a modern corporation can be. Where I work is NBCUniversal, which is the overarching corporate umbrella (“Old Main”, “Mass Hall”, “Building 10”, “California Hall”, “Boulder”) for 18 other companies including news, entertainment, Universal Studios, theme parks, the Golf Channel, Telemundo (which are remarkably like schools and departments in their varied autonomy).

Meanwhile NBCUniversal is owned by Comcast—think “System Central Office”. Sure, these are all corporate entities, and they have concrete metrics by which to measure success: revenue, profit, subscribers, viewership, market share. But the relationships among organizations, activities, and outcomes aren’t as coherent and unitary as I’d expected.

Dark or Green?

So, am I on the dark side, or have I left it behind for greener pastures? Curiously, I hear both from my friends and colleagues in higher education: Some of them think my move is interesting and logical, some think it odd and disappointing. Curioser still, I hear both from my new colleagues in the industry: Some think I was lucky to have worked all those decades in higher education, while others think I’m lucky to have escaped. None of those views seems quite right, and none seems quite wrong.

The point, I suppose, is that simple judgments like “dark” and “greener” underrepresent the complexity of organizational and individual value, effectiveness, and life. Broad-brush characterizations, especially characterizations embodying the ecological fallacy, “…the impulse to apply group or societal level characteristics onto individuals within that group,” do none of us any good.

It’s so easy to fall into the ecological-fallacy trap; so important, if we’re to make collective progress, not to.

Comments or questions? Write me: greg@gjackson.us

(The quote is from Charles Ess & Fay Sudweeks, Culture, technology, communication: towards an intercultural global village, SUNY Press 2001, p 90. Everything in this post, and for that matter all my posts, represents my own views, not those of my current or past employers, or of anyone else.)

3|5|2014 11:44a est

The Rock, and The Hard Place

Looking into the near-term future—say, between now and 2020—we in higher education have to address two big challenges, both involving IT. Neither admits easy progress. But if we don’t address them, we’ll find ourselves caught between a rock and a hard place.

  • The first challenge, the rock, is to deliver high-quality, effective e-learning and curriculum at scale. We know how to do part of that, but key pieces are missing, and it’s not clear how will find them.
  • The second challenge, the hard place, is to recognize that enterprise cloud services and personal devices will make campus-based IT operations the last rather than the first resort. This means everything about our IT base, from infrastructure through support, will be changing just as we need to rely on it.

“But wait,” I can hear my generation of IT leaders (and maybe the next) say, “aren’t we already meeting those challenges?”

If we compare today’s e-learning and enterprise IT with that of the recent past, those leaders might rightly suggest, immense change is evident:

  • Learning management systems, electronic reserves, video jukeboxes, collaboration environments, streamed and recorded video lectures, online tutors—none were common even in 2000, and they’re commonplace today.
  • Commercial administrative systems, virtualized servers, corporate-style email, web front ends—ditto.

That’s progress and achievement we all recognize, applaud, and celebrate. But that progress and achievement overcame past challenges. We can’t rest on our laurels.

We’re not yet meeting the two broad future challenges, I believe, because in each case fundamental and hard-to-predict change lies ahead. The progress we’ve made so far, however progressive and effective, won’t steer us between the rock of e-learning and the hard place of enterprise IT.

The fundamental change that lies ahead for e-learning
is the the transition from campus-based to distance education

Back in the 1990s, Cliff Adelman, then at the US Department of Education, did a pioneering study of student “swirl,” that is, students moving through several institutions, perhaps with work intervals along the way,before earning degrees.

“The proportion of undergraduate students attending more than one institution,” he wrote, “swelled from 40 percent to 54 percent … during the 1970s and 1980s, with even more dramatic increases in the proportion of students attending more than two institutions.” Adelman predicted that “…we will easily surpass a 60 percent multi-institutional attendance rate by the year 2000.”

Moving from campus to campus for classes is one step; taking classes at home is the next. And so distance education, long constrained by the slow pace and awkward pedagogy of correspondence courses, has come into its own. At first it was relegated to “nontraditional” or “experimental” institutions—Empire State College, Western Governors University, UNext/Cardean (a cautionary tale for another day), Kaplan. Then it went mainstream.

At first this didn’t work: fathom.com, for example, a collaboration among several first-tier research universities led by Columbia, found no market for its high-quality online offerings. (Its Executive Director has just written a thoughtful essay on MOOCs, drawing on her fathom.com experience.)

Today, though, a great many traditional colleges and universities successfully bring instruction and degree programs to distant students. Within the recent past these traditional institutions have expanded into non-degree efforts like OpenCourseWare and to broadcast efforts like the MOOC-based Coursera and edX. In 2008, 3.7% of students took all their coursework through distance education, and 20.4% took at least one class that way.

Learning management systems, electronic reserves, video jukeboxes, collaboration environments, streamed and recorded video lectures, online tutors, the innovations that helped us overcome past challenges—little of that progress was designed for swirling students who do not set foot on campus.

We know how to deliver effective instruction to motivated students at a distance. Among policy issues we have yet to resolve, we don’t yet know how to

  • confirm their identity,
  • assess their readiness,
  • guide their progress,
  • measure their achievement,
  • standardize course content,
  • construct and validate curriculum across diverse campuses, or
  • certify degree attainment

in this imminent world. Those aren’t just IT problems, of course. But solving them will almost certainly challenge IT.

The fundamental change that lies ahead for enterprise technologies
is the transition from campus IT to cloud and personal IT

The locus of control over all three principal elements of campus IT—servers and services, networks, and end-user devices and applications—is shifting rapidly from the institution to customers and third parties.

As recently as ten years ago, most campus IT services, everything from administrative systems through messaging and telephone systems to research technologies, were provided by campus entities using campus-based facilities, sometimes centralized and sometimes not. The same was true for the wired and then wireless networks that provided access to services, and for the desktop and laptop computers faculty, students, and staff used.

Today shared services are migrating rapidly to servers and systems that reside physically and organizationally elsewhere—the “cloud”—and the same is happening for dedicated services such as research computing. It’s also happening for networks, as carrier-provided cellular technologies compete with campus-provided wired and WiFi networking, and for end-user devices, as highly mobile personal tablets and phones supplant desktop and laptop computers.

As I wrote in an earlier post about “Enterprise IT,” the scale of enterprise infrastructure and services within IT and the shift in their locus of control have major implications for and the organizations that have provided it. Campus IT organizations grew up around locally-designed services running on campus-owned equipment managed by internal staff. Organization, staffing, and even funding models ensued accordingly. Even in academic computing and user support, “heavy metal” experience was valued highly. The shifting locus of control makes other skills at least as valuable: the ability to negotiate with suppliers, to engage effectively with customers (indeed, to think of them as “customers” rather than “users”), to manage spending and investments under constraint, to explain.

To be sure, IT organizations still require highly skilled technical staff, for example to fine-tune high-performance computing and networking, to ensure that information is kept secure, to integrate systems efficiently, and to identify and authenticate individuals remotely. But these technologies differ greatly from traditional heavy metal, and so must enterprise IT.

The rock, IT, and the hard place

In the long run, it seems to me that the campus IT organization must evolve rapidly to center on seven core activities.

Two of those are substantive:

  • making sure that researchers have the technologies they need, and
  • making sure that teaching and learning benefit from the best thinking about IT applications and effectiveness.

Four others are more general:

  • negotiating and overseeing relationships with outside providers;
  • specifying or doing what is necessary for robust integration among outside and internal services;
  • striking the right personal/institutional balance between security and privacy for networks, systems, and data; and last but not least
  • providing support to customers (both individuals and partner entities).

The seventh core activity, which should diminish over time, is

  • operating and supporting legacy systems.

Creative, energetic, competent staff are sine qua non for achieving that kind of forward-looking organization. It’s very hard to do good IT without good, dedicated people, and those are increasingly difficult to find and keep. Not least, this is because colleges and universities compete poorly with the stock options, pay, glitz, and technology the private sector can offer. Therein lies another challenge: promoting loyalty and high morale among staff who know they could be making more elsewhere.

To the extent the rock of e-learning and the hard place of enterprise IT frame our future, we not only need to rethink our organizations and what they do; we also need to rethink how we prepare, promote, and choose leaders for higher-education leaders on campus and elsewhere—the topic, fortuitously, of a recent ECAR report, and of widespread rethinking within EDUCAUSE.

We’ve been through this before, and risen to the challenge.

  • Starting around 1980, minicomputers and then personal computers brought IT out of the data center and into every corner of higher education, changing data center, IT organization, and campus in ways we could not even imagine.
  • Then in the 1990s campus, regional, and national networks connected everything, with similarly widespread consequences.

We can rise to the challenges again, too, but only if we understand their timing and the transformative implications.

The Ghost is Ready, but the Meat is Raw

Old joke. Someone writes a computer program (creates an app?) that translates from English into Russian (say) and vice versa. Works fine on simple stuff, so the next test is a a bit harder: “the spirit is willing, but the flesh is weak.”  The program/app translates the phrase into Russian, then the tester takes the result, feeds it back into the program/app, and translates it back into English. Result: “The ghost is ready, but the meat is raw.”

(The starting phrase is from Matthew 26:41 — the King James version has “indeed” before “willing”, ASV doesn’t, and weirdly enough, if you try this in Google Translate, the joke falls flat, because you get an accurate translation to Russian and back, except for some reason you end up with an extra “indeed” in the final version. It’s almost as though Google Translate has figured out where the quotation came from, and then substituted the King James version for the ASV one, but not quite correctly. Spooky. But I digress.)

Old joke, yes. Tired, even. But, as usual, it’s a metaphor, in this case for a problem that will only become larger as higher education outsources or contracts for ever more of its activity: we think we’ve doing the right thing when we contract with outside providers, but the actual effect of the contract, once it takes effect, isn’t quite what we expected. If we’re lucky, we figure this out before we’re irrevocably committed. If we’re unlucky, we box ourselves in.

Two examples.

1. Microsoft Site Licensing

About a decade ago, several of us were at an Internet2 meeting. A senior Microsoft manager spoke about relations with higher education (although looking back, I can’t see why Microsoft would present at I2. Maybe it wasn’t an I2 meeting, but let’s just say it was — never let truth get in the way of a good story). At the time, instead of buying a copy of Office for each computer, as Microsoft licenses required, many students, staff, and faculty simply installed Microsoft Office on multiple machines from one purchased copy — or even copied the installation disks and passed them around. That may save money, but it’s copyright infringement, and illegal.

Microsoft’s response to this problem had been threefold:

  • it began incorporating copy protection and other digital-rights-management (DRM) mechanisms into its installation media so that they couldn’t be copied,
  • it began berating campuses for tolerating the illegal copying (and in some cases attempted to audit compliance with licenses by searching campus computers for illegally obtained software), and
  • it sought to centralize campus procurement of Microsoft software by tailoring and refining its so-called “Select” volume-discount program to encourage campuses to license software campus-wide.

Problem was, the “Select” agreement required campuses to count how many copies of software they licensed, and to maintain records that would enable Microsoft to determine whether each installed copy on campus was properly licensed. This entailed elaborate bookkeeping and tracking mechanisms, exposed campuses to audit risk, and its costs into the future were unpredictable. The volume-discount “Select” program was clearly a step forward, but it fell far short of actually appealing to campuses.

So the several of us in the Internet2 session (or wherever it was) took the Microsoft manager aside afterwards, told him Microsoft needed a more attractive licensing model for campuses, and suggested what that might be.

To our surprise, Microsoft followed up, and the rump-group discussions evolved into the initial version of the Microsoft Campus Agreement. The Campus Agreement (since replaced by Enrollment for Education Solutions, EES) was a true site license: glossing over some complexities and details, its general terms were that campuses would pay Microsoft based on their size and the number of different products they wished to license, and in return would be permitted to use as many copies of those products as they liked.

Most important from the campus perspective, the Campus Agreement included no requirement to track or count individual copies of the licensed products, thereby making all copies legal; in fact, campuses could make their own copies of installation media. Most important from the Microsoft perspective, Campus Agreement pricing was set so that the typical campus would still pay Microsoft about as much as Microsoft had been receiving from that campus’s central or departmental users for Select or individual copies; that is, Micorsoft’s revenue from campuses would not decline.

The Campus Agreement did entail a fundamental change that was less appealing. In effect, campuses were paying to rent software, with Microsoft agreeing to provide updates at no additional cost, rather than campuses buying copies and then periodically paying to update them. Although it included a few other lines, for the most part the Campus Agreement covered Microsoft’s operating-system and Office products.

Win-win, right? Lots of campuses signed up for the Campus Agreement. It largely eliminated talk about “piracy” of MS-Office products in higher education (enhanced DRM played an important role in this too), and it stabilized costs for most Microsoft client software. It was very popular with students, faculty, and staff, especially since the Campus Agreement allowed institutionally-provided software to be installed on home computers.

But at least one campus, which I’ll call Pi University, balked. The Campus Agreement, PiU’s golf-loving CIO pointed out, had a provision no one had read carefully: if PiU withdrew from the Campus Agreement, he said, it might be required to list and pay for all the software copies that PiU or its students, faculty, and staff had acquired under the Campus Agreement — that is, to buy what it had been renting. The PiU CIO said that he had no way to comply with such a provision, and that therefore PiU could not in good faith sign an agreement that included it.

Some of us thought the PiU CIO’s point was valid but inconsequential. First, some of us didn’t believe that Microsoft would ever enforce the buy-what-you’d-rented clause, so that it presented little actual risk. Second, some of us pointed out that since there was no requirement that campuses document how many copies they distributed, and in general the distribution would be independent of Microsoft, a campus leaving the Campus Agreement could simply cite any arbitrary number of copies as the basis for its exit payment. Therefore, even if Microsoft enforced the clause, estimating the associated payment was entirely under the campus’s control. Those of who believed these arguments went forward with the Campus Agreement; Pi University didn’t.

So the ghost was ready (higher education had gotten most of what it wanted), but the meat was raw (what we wanted turned out problematic in ways no one had really thought through).

Now let’s turn to a more current case.

2. Outsourcing Campus Bookstores

In February 2012 EDUCAUSE agreed to work with Internet2 on an electronic textbooks pilot. This was to be the third in a series of pilots: Indiana University had undertaken one for the fall of 2011, it and a few other campuses had worked with Internet2 on second proof-of-concept pilot for the spring of 2012, and the third pilot was to include a broader array of  institutions.

Driving these efforts were the observations that textbook prices figured prominently in spiraling out-of-pocket college-attendance costs, that electronic textbooks might help attenuate those prices, and that electronic textbooks also might enable campuses to move from individual student purchases to more efficient site licenses, perhaps bypassing unnecessary intermediaries.

A small team planned the pilot, and began soliciting participation in mid-March. By April 7, the initial deadline, 70 institutions had expressed interest. Over 100 people joined an informational webinar two days later, and it looks as though about 25 institutions will manage to participate and help higher education, publishers, and e-reader providers understand their joint future better.

The ghost/meat example here isn’t the etext pilot itself. Rather, it’s something that caused many interested institutions to withdraw from the pilot: campus bookstore outsourcing.

According to the National Association of College Stores (NACS), there are about 4500 bookstores serving US higher education (probably coincidentally, that’s about the number of degree-granting institutions in the US, of which about two thirds are nonspecialized institutions enrolling more than just a few students). Many stores counted by NACS are simply stores near campuses rather than located on or formally associated with them.

Of the campus-located, campus-associated stores, over 820 are operated under outsourcing contracts by Follett Higher Education Group and about 600 are operated by Barnes & Noble College Booksellers. Another 140 stores are members of the Independent College Bookstore Association (ICBA), and the remainder — I can’t find a good count — are either independent, campus-operated, or operated by some other entity.

The arrangements for outsourced bookstores vary from campus to campus, but they have some features in common. The most prominent of those is the overall deal, which is generally that in return for some degree of exclusivity or special access granted by the campus, the store pays the campus a fee of some kind. The exclusivity or special access may be confined to textbook adoptions, or it may extend to clothing and other items with the campus logo or to computer hardware and software. The payment to the campus may be negotiated explicitly, or it may be a percentage of sales or profit. Some outsourced stores are in campus-owned buildings and pay rent, some own a building part of which is rented to campus offices or activities, and some are freestanding; the associated space payments further complicate the relationship between outsourced stores and campuses but do not change its fundamental dependence on the exchange of exclusivity for fees.

For the most part outsourcing bookstores seems to serve campuses well. Managing orders, inventories, sales, and returns for textbooks and insignia items requires skill and experience with high-volume, low-margin retail, which campus administrators rarely have. Moreover, until recently bookstore operations generally had little impact on campus operations and vice versa.

Because bookstore operations generally stood apart from academic and programmatic activities on campus, negotiating contracts with bookstores generally emphasized “business” issues. Since these for the most part involved money and space, negotiations and contract approvals often remained on the “business” side of campus administration, along with apparently similar issues like dining halls, fleet maintenance, janitorial service, lab supply, and so forth. Again, this served campuses well: the campus administrators most attuned to operations and finance (chief finance officers, chief administrative officers, heads of auxiliary services) were the right ones to address bookstore issues.

Over the past few years this changed, first gradually and then more abruptly.

  • First, having bookstores handle hardware and software sales to students (and in some cases departments) came into conflict with campus desires to guide individual choices and maximize support efficiency through standardization and incentives, none of which aligned well with bookstores’ need to maximize profit from IT sales — an important goal, with campus bookstore sales essentially flat since 2005-2006 despite 10%+ enrollment growth.
  • Second, the high price of textbooks drew attention as a major component of growing college costs, and campuses sought to regain some control over it — NACS reports that the average student spends $483 on texts and related materials, that the average textbook price rose from $56 in 2006-2007 to $62 in 2009-2010, and that the typical margin on textbooks is about 22% for new texts and 35% for used ones.
  • Third, as textbooks have begun to migrate from static paper volumes to interactive electronic form, they have come to resemble software more than sweatshirts in that individual student purchases through bookstores may not be the optimal way to distribute or procure them.

That last point — that bookstores may not be the right medium for selling and buying textbooks — potentially threatens the traditional bookstore model, and therefore the outsourcing industry based on it. Not surprisingly, bookstores have responded aggressively to this threat, both offensively and defensively. On the offensive front (I mean this in the sense “trying to advance”, rather than “trying to offend”), the major bookstore chains have invested in e-reader technology, and have begun experimenting extensively with alternative pricing and delivery models. On the defensive front, they have tried to extend past exclusivity clauses to include electronic texts and other new materials.

Many campuses expressed interest in the EDUCAUSE/Internet2 EText Pilot, going so far as to add themselves to a list, make preliminary commitments, and attend the webinar. Filled with enthusiasm, many webinar attendees began talking up the pilot on their campuses, and many of them then ran into a wall: they learned, often only when they double-checked with their counsel in the final stages of applying, that their bookstore contracts — Barnes & Noble and Follett both — precluded their participation in even a pilot exploration of alternative etext approaches, since the right to distribute electronic textbooks was reserved exclusively for the outsourced bookstore.

The CIO from one campus — I’ll call it Omega University — discovered that a recent renewal of the bookstore contract provided that during the 15-year term of the contract, “the Bookstore shall be the University’s  …exclusive seller of all required, recommended or suggested course materials, course packs and tools, as well as materials published or distributed electronically, or sold over the Internet.”  The OmegaU CIO was outraged: “In my mind,” he wrote, “the terms exclusive and over the Internet can’t even be in the same sentence!  And to restrict faculty use of technology for next 15 years is just insane.”

If the last decade has taught us anything, it is that the evolutionary cycle for electronic products is very short, requiring near-constant reappraisal of business models, pricing, and partnerships. That someone on campus signed a contract fixing electronic distribution mechanisms for 15 years may be an extreme case, but we’ve learned even from less pernicious cases  that exclusivity arrangements bound to old business models will drastically constrain progress.

And so the ghost’s readiness again yielded raw meat: technological progress translated well-intentioned, longstanding bookstore contracts that had served campuses well into obstacles impeding even the consideration of important changes.

3. So What Do We Do?

It’s important to draw the right inference from all this.

The problem isn’t simply Microsoft trying to lock customers into the Campus Agreement or bookstore operators being avaricious; rather, they’re acting in self-interest, albeit self-interest that in each case is a bit short-sighted.

The compounding problem is that we in higher education often make decisions too narrowly. In the case of the Campus Agreement, we were so focused on the important move from per-copy to site licensing, a major win, that we didn’t pay sufficient negotiating time or effort to the so-called exit clauses — which, in retrospect, could certainly have been written in much less problematic ways still acceptable to Microsoft. In the case of bookstore contracts, we failed to recognize that what had been a distinct, narrow set of activities readily handled within business and finance was being driven by technology into new domains requiring foresight and expertise generally found elsewhere on campus.

Sadly, there’s no simple solution to this problem. It’s hard to take everything into account or involve every possible constituency in a decision and still get it done, and decisions must get done. Perhaps the best solution we can hope for is better, more transparent discussion of both past decisions and future opportunities, so that we learn collectively and openly from our mistakes, take joint responsibility for our shared technological future, and translate accurately back and forth between what we want and what we get.

IT Demography in Higher Education: Some Reminiscence & Speculation

In oversimplified caricature, many colleges and universities have traditionally staffed the line, management, and leadership layers of their IT enterprise thus:

Students with some affinity for technology (perhaps their major, perhaps work-study, perhaps just a side interest) have approached graduation not quite sure what they should do next. They’ve had some contact with the institution’s IT organizations, perhaps having worked for some part of them or perhaps having criticized their services. Whatever the reason, working for an institutional IT organization has seemed a useful way to pay the rent while figuring out what to do next, and it’s been a good deal for the IT organizations because recent graduates are usually pretty clever, know the institution well, learn fast, and are willing to work hard for relatively meager pay.

Moreover, and partly compensating for low pay, the technologies being used and considered in higher education often have been more advanced than those out in business, so sticking around has been a good way to be at the cutting edge technologically, and college and universities have tended to value and reward autonomy, curiosity, and creativity.

Within four or five years of graduation, most staff who come straight into the IT organization have figured out that it’s time to move on. Sometimes a romantic relationship has turned their attention to life plans and long-term earnings, sometimes ambition has taken more focused shape and so they seek a steeper career path, sometimes their interests have sharpened and readied them for graduate school — but in any case, they have left the campus IT organization for other pastures after a few good, productive years, and have been replaced by a new crop of recent graduates.

But a few individuals have found that working in higher education suits their particular hierarchy of needs (to adapt and somewhat distort Maslow). For them, IT work in higher education has yielded several desiderata (remember I’m still caricaturing here): there’s been job security, a stimulating academic environment, a relatively flat organization that offers considerable responsibility and flexibility, and an opportunity to work with and across state-of-the-art (and sometimes even more advanced) technologies. Benefits have been pretty good, even though pay hasn’t and there have been no stock options. Individuals to whom this mix appeals have stayed in campus IT, rising to middle-management levels, sometimes getting degrees in the process, and sometimes, as they have moved into #3 or #2 positions, even moving to other campuses as opportunities present themselves.

Higher-education IT leaders — that is, CIOs, the heads of major decentralized IT organizations, and in some cases the #2s within large central organizations — typically have come from one of two sources. Some have come from within higher-education IT organizations, sometimes the institution’s own but more typically, since a given institution usually has more leadership-ready middle managers than it has available leadership positions, another institution’s. (Whereas insiders once tended to be heavy-metal computer-center directors,  more recently they have come from academic technologies or networking.) Other leaders have come from faculty ranks, often (but not exclusively) in computer science or other technically-oriented disciplines. Occasionally some come from other sources, such as consulting firms or even technology vendors, or even from administration elsewhere in higher education.

The traditional approach staffs IT organizations with well educated, generally clever individuals highly attuned to the institution’s culture and needs. They are willing and able to tackle complex IT projects involving messy integration among different technologies. Those individuals also cost less that comparable ones would if hired from outside. Expected turnover among line staff notwithstanding, they are loyal to the institution even in the face of financial and management challenges.

But the traditional model also tilts IT organizations toward idiosyncrasy and patchwork rather than coherent architecture and efficiency-driven implementation. It often works against the adoption of effective management techniques, and it can promote hostility toward businesslike approaches to procurement and integration and indeed the entire commercial IT marketplace. All of this has been known, but in general institutions have continued to believe that the advantages of the traditional model outweigh its shortcomings.

I saw Moneyball in early October. I liked it mostly because it’s highly entertaining, it’s a good story, it’s well written, acted, directed, and produced, and it involves both applied statistical analysis (which is my training) and baseball (my son’s passion, and mine when the Red Sox are in the playoffs). I also liked it because its focus — dramatic change in how one staffs baseball teams — led me to think about college and university IT staffing. (And yes, I know my principles list says that “all sports analogies mislead”, but never mind.)

In one early scene, the Oakland A’s scouting staff explains to Brad Pitt’s character, Billy Beane, that choosing players depends on intuition honed by decades of experience with how the game is played, and that the approach Beane is proposing — choosing them based on how games are won rather than on intuition — is dangerous and foolhardy. Later, Arliss Howard’s character, the Red Sox owner John Henry, explains that whenever one goes against long tradition all hell breaks loose, and whoever pioneers or even advocates that change is likely to get bloodied.

So now I’ll move from oversimplification and caricature to speculation. To believe in the continued validity of the traditional staffing model may be to emulate the scouts in Moneyball. But to abandon the model is risky, since it’s not clear how higher-education IT can maintain its viability in a more “businesslike” model based on externally defined architectures, service models, and metrics. After all, Billy Beane’s Oakland A’s still haven’t won the World Series.

The Beane-like critique of the traditional model isn’t that the advantage/shortcoming balance has shifted, but rather that it depends on several key assumptions whose future validity is questionable. To cite four interrelated ones:

  • With the increasing sophistication of mobile devices and cloud-based services, the locus of technological innovation has shifted away from colleges and universities. Recent graduates who want to be in the thick of things while figuring out their life plans have much better options than staying on campus — they can intern at big technology firms, or join startups, or even start their own small businesses. In short, there is now competition for young graduates interested IT but unsure of their long-term plans.
  • As campuses have outsourced or standardized much of their IT, jobs that once included development and integration responsibility have evolved into operations, support, and maintenance — which are important, but not very interesting intellectually, and which provide little career development.  Increased outsourcing has exacerbated this, and so has increased reliance on business-based metrics for things like user support and business-based architectures for things like authentication and systems integration.
  • College and university IT departments could once offset this intellectual narrowing because technology prices were dropping faster than available funds, and the resulting financial cushion could be dedicated to providing staff with resources and flexibility to go beyond their specific jobs (okay, maybe what I mean is letting staff buy gadgets and play with them). But tightened attention to productivity and resource constraints have large eliminated the offsetting toys and flexibility. So IT jobs in colleges and universities have lost much of their nonpecuniary attractiveness, without any commensurate increase in compensation. Because of this, line staff are less likely to choose careers in college or university IT, and without this source of replenishment the higher-education IT management layer is aging.
  • As IT has become pervasively important to higher education, so responsibility for its strategic direction has broadened. As strategic direction has broadened, so senior leadership jobs, including the CIO’s, have evolved away from hierarchical control and toward collaboration and influence. (I’ve written about this elsewhere.) At the same time, increasing attention to business-like norms and metrics has required that IT leaders possess a somewhat different skillset than usually emerges from gradual promotion within college and university IT organizations or faculty experience. This has disrupted the supply chain for college and university IT leadership, as a highly fragmented group of headhunter firms competes to identify and recruit nontraditional candidates.

I think we’re already seeing dramatic change resulting from all this. The most obvious change is rapid standardization around commercial standards to enable outsourcing — which is appealing not only intrinsically, but because it reduces dependence on an institution’s own staff. (On the minus side, it also tends to emphasize proprietary commercial rather than open-source or open-standards approaches.) I also sense much greater interest in hiring from outside higher education, both at the line and management levels, and a concomitant reappraisal of compensation levels. That, combined with flat or shrinking resources, is eliminating positions, and the elimination of positions is promoting even more rapid standardization and outsourcing.

On the plus side, this is making college and university IT departments much more efficient and businesslike. On the minus side, higher education IT organizations may be losing their ability to innovate. This is yet another instance of the difficult choice facing us in higher-education IT: Is IT simply an important, central element of educational, research, and administrative infrastructure, or is IT also the vehicle for fundamental change in how higher education works? (In Moneyball, the choice is between player recruitment as a mechanism for generating runs, and as a mechanism for exciting fans. Sure, Red Sox fans want to win. But were they more avid before or after the Curse ended with Bill James’s help?)

If it’s the latter, we need to make sure we’re equipped to enable that — something that neither the traditional model nor the evolving “businesslike” model really does.

 

 

 

Institutional Demography in Higher Education: A Reminder

To understand why policy debates sometimes seem to make no sense, to circle endlessly, or to become bafflingly confused, it’s important to remember that the demography of higher education isn’t politically straightforward. By “demography” I don’t mean Gen X, Gen Y, and echo booms, but rather straightforward counts of degree-granting institutions and students. And by “politically” I don’t mean Republicans and Democrats, but rather the relative importance of different constituencies with different resources and goals.

Here’s a graph (I’ll append a more detailed table at the end). The data come from the National Center for Educational Statistics 2008 IPEDS surveys. They describe the 4,474 public and private degree-granting institutions in the United States, classified into the usual Carnegie categories. I’ve collapsed Carnegie and size categories:  “Small” means enrollment under 2,500, and “Large” means enrollment of 20,000 or more. The categories whose labels I’ve italicized are mostly private, those I’ve underscored are mostly public, and those I’ve both italicized and underscored are split between public and private institutions.

Most of us know some key demographic facts about higher education — for example, that the largest group of students is in 2-year colleges, followed closely by research universities. We also know that an awful lot of commentary and influence in higher education comes from people in or connected with research universities, and therefore many of us have trouble thinking about other kinds of institutions, let alone new kinds.

Here are some things we tend to forget:

  • There really aren’t very many research and doctoral universities — they account for fewer than 10% of institutions even though they enroll over 25% of all students.
  • Although there are lots of big community colleges and they enroll lots of students, not all 2-year colleges are big community colleges; rather, more than half of them are small, and most of those are private.
  • Most small 4-year and master’s institutions are also private, and although they comprise almost 20% of all institutions, they enroll only 5% of all students.
  • There are a lot of specialized institutions — that is, freestanding business, health, medical, engineering, technical, design, theological, and other similar institutions — but they don’t enroll very many students.
  • Enrollment isn’t quite a Pareto distribution (that’s the classic 20-80 rule), but it’s pretty close: 33% of institutions enroll 80% of the students.

What this tells us is that the politics of higher education — and, indeed, the politics of organizations, like my own EDUCAUSE, that try to represent all of higher education — are very different depending on whether we focus on students or on institutions.

If we focus on students, the politics are pretty straightforward. Big community colleges, big master’s institutions, and doctoral and research universities count, and all other institutions don’t. The group that counts is mostly public institutions, so state governments and state system offices also count. Research and doctoral universities employ lots of faculty to whom research is as important as teaching, and who are vocal about its importance, so disciplinary groups and research funders are also relevant.

From the enrollment perspective, how higher education evolves depends critically on what happens in big community colleges and in research and doctoral universities, since that’s where students are. Conversely, unless those institutions adapt to what students expect, we can expect cataclysmic change in higher education.

But community colleges and universities are at opposite ends of the cultural spectrum. To give just two examples, the former rely heavily on faculty hired ad hoc to teach specific courses, the latter rely on tenured or tenure-track faculty, and the former have no interest in research productivity or eminence whereas the latter stake their reputations on it. So the two most important sectors (in the enrollment sense) often are misaligned if not at odds about policy choices, and the changes they contemplate and implement are likely to be divergent rather than synergistic.

The other 3,000 institutions are different. Of the 4,474 institutions, almost 2/3 are private, and almost 2/3 are small, with lots of overlap: just over half of all institutions are small and private. If we focus on institutions rather than enrollment, we attend to a very large number of small, private institutions that often have different missions and challenges, typically do not work together, and, with a few exceptions, are not organized or collectively vocal.

For these institutions, the difference between survival and demise can depend on tiny changes in enrollment or financial aid or even audit policies, since their small size denies them the operating cushions and economies of scale available to their larger and public counterparts. This also means that these institutions have no excess resources to invest in innovation, so they are unlikely to adapt to changing student needs.

In a sense, focusing on enrollment tends to yield interesting and strategic (if conflicting) attention to the future, whereas focusing on institutions tends to balance (if not replace) this with a focus on tactical survival and the intricacies of current policy.

But my point isn’t about specific policy options or imperatives. Rather, it’s this: what’s important varies dramatically depending whether we focus on institutions or students. And that, I think, not only contributes to the complexity of our conversations within the status quo of higher education, but also complicates thinking about its future.

Detailed Table

Degree-Granting Institutions by Type, Control, and Size, IPEDS 2008 Data