Month: March 2019

What happens when a faculty member or department is the target of a coordinated attack?

• Initially, someone (frequently a student) who is offended by something a faculty member or campus group has done or said will alert an outlet such as Campus Reform or Turning Point USA (TPUSA). This alert may be sent directly or indirectly (e.g., by posting it on social media and in places where representatives of these outlets will see it).
• Campus Reform and TPUSA then post articles about the issue or the faculty member and broadcast the situation on social media, in an effort to provoke public outrage about the incident.
• If the issue involves a specific faculty member, TPUSA may add that faculty member to Professor Watchlist, its directory of left-leaning faculty members or faculty members TPUSA believes have demonstrated a liberal bias.
• Similar Web sites (such as the ones cited by TPUSA’s Professor Watchlist) and blogs then pick up the story; many of these sites and blogs present themselves as news sources and, in some cases, mimic the appearance of well-known media outlets.
• Local news media are then alerted to the story and are presented with the coverage from far-right media as evidence that there is a controversy. A “both sides” approach is frequently taken to present the story as having two genuinely opposed parties, often without analyzing how the story first came about.
• National outlets, particularly conservative outlets such as Fox News, and notable individuals associated with these outlets may also pay attention, providing a larger platform from which to publicize the issue.
• As the story gains traction, viewers and readers are encouraged by various outlets to contact the institution, the faculty member, and other members of the institution (e.g., department chairs, faculty administrators, trustees). Phones and in-boxes are quickly overwhelmed, and faculty and staff members must spend time and energy fielding the messages. Many of these messages include threats to pull funding but may also include overt or implicit threats of harm or violence to the faculty member, the institution, or students.

Are your personal and professional data secure? A few modest actions in three key areas—accessing your accounts, browsing the Web, and using your devices—can significantly improve the security of an academic’s digital life.

Secure Your Accounts

We always start with passwords. They’re very important, they’re often not that great, and they’re very easy to fix. You can follow some simple best practices to strengthen them:

• Avoid commonly used passwords like “123456” or “password.” For more guidance, review the annual worst password list from the Internet security company SplashData. (And, obviously, do not use any of the passwords found on that list.)
• Instead, use passwords that contain long, complex, nonsensical phrases intermixed with numbers and special characters—The New York Times has some helpful tips for generating these. Keep each password unique to its account.
• Since keeping track of all of this can be burdensome, consider using a password manager like 1Password or LastPass. These services require you to create one master password; then, they create strong, unique passwords for all your accounts. While it might sound counterintuitive to store all your passwords in one place, these companies do take security seriously. For more detailed information, we recommend reading “The Best Password Managers” on The Wirecutter.

Strong passwords, however, are only the first step. Enabling two-factor authentication (2FA) provides an extra layer of security. With 2FA, you first enter your password, then the service sends you a second piece of information to verify your identity, through a text message, an e-mail, a phone call, or an app.

Many widely used services offer 2FA. Two Factor Auth—an open-source, frequently updated project—details these offerings and provides links to the appropriate documentation.

Browse Safely

While strong passwords and 2FA will increase the security of your accounts, you still remain vulnerable when browsing the Web. Technology companies in particular tend to be very interested in collecting and analyzing the browsing habits of their users. By implementing a few small changes, however, you can begin to lower your exposure to these threats.

• Look at your browser and see whether the URL starts with “http” or “https.” “HTTP” stands for “Hypertext Transfer Protocol,” which allows servers and browsers to communicate and powers the Web. “HTTPS” is the secure version of this protocol that encrypts data in transit between servers and browsers. When visiting a site, especially if you’re going to be entering any personal information, make sure that “https://” precedes the URL. To force secure connections as much as possible, try the HTTPS Everywhere browser extension developed by the Tor Project and the Electronic Frontier Foundation.
• Learn more about who tracks you online by installing an extension like Ghostery or uBlock Origin. These extensions show all the third parties that track you on a given site and allow you to block them.
• Search engines like Google track you even when you use a browser’s incognito or private modes. If you would like to opt out of this tracking, try using a search engine like DuckDuckGo that clearly states that it does not collect or share personal information.
• Consider using a virtual private network (VPN). A VPN allows you to use your public network as if you were directly connected to a private network. This has a number of security benefits, such as encrypting data in transit and assigning your device an Internet protocol (IP) address not tied to your geographic location. A VPN might be provided by your institution, or you might need to purchase one. Picking one will require some research, but The Wirecutter provides a decent overview for those interested.

Lock Down Your Devices

Information security usually starts with online accounts, but the physical devices everyone relies on day-to-day also offer opportunities to strengthen your information security profile.

• For phones and tablets, opt for a passcode longer than four digits. A six-digit passcode is a good start, but an eight- or a ten-digit passcode is even better.
• Keep your operating systems up-to-date. While the constant nudges to install updates might annoy you, they do serve a purpose. Updates almost always include patches to known security bugs. (There’s a black market for these bugs, too.)
• Consider encrypting your hard drive using BitLocker for Windows or FileVault for Mac. Be careful if you decide to take this route. It requires some technical know-how, and you could lock yourself out of your own hard drive.

Even everyday browsing and shopping information is very valuable in the aggregate for marketing companies and corporations. But beyond this, academics often handle sensitive data—research on human subjects or confidential information about student health or immigration status.

While navigating between security and convenience always involves tradeoffs, we believe that these suggestions offer a good balance of security and simplicity. Making even one change can make a big difference.

It is easy to feel helpless when contemplating the dangers assaulting campuses lately. Higher education is facing everything from coordinated alt-right attacks on faculty members to threats of public violence directed toward invited speakers to political mandates that could destabilize campus life by targeting people on the basis of immigration status. Volatile situations create complicated dilemmas: for example, should faculty members under attack be removed from classrooms for their own safety, or does doing so simply allow the trolls to win?

Campus representatives who are underprepared to deal with threats are more likely to succumb to public pressure in handling situations and ultimately to leave victims more vulnerable and less supported than they should be.

However, there are proactive steps members of a campus community can take before an incident is imminent or underway, to help ensure that situations can be handled efficiently and effectively, preserving both academic freedoms and individual and campus safety to the greatest extent possible. These involve anticipating key areas of conflict, identifying the teams that will respond, and having a clear consensus about the basic principles and procedures for how to respond—whether you are a graduate student, faculty member, department chair, staff member, or member of the campus administration.

Campus policies are highly specific, based on the size, location, and type of institution, the level of imminent danger, and many other factors. Similarly, individual concerns depend on one’s place within institutional structures. For example, department chairs need to know that faculty members whose names appear on the Web site Professor Watchlist are likely to have different needs than do non-tenure-track faculty members who are developing syllabi for courses that have come under public scrutiny for contentious content. Thus, what follows makes no effort to shape policy. Rather, it argues that every campus constituency should know what to do ahead of time to help minimize dangers, where to turn if facing threats, what intervention protocols exist, and, more broadly, which campus offices undertake routine preventative measures to address potential threats.

Protecting Yourself and Students on Campus

You should know the answers to the following key questions about general campus safety and targeted threats. These may provide starting points for faculty members to bring issues to the attention of their chairs, deans, or provosts, which in turn may encourage them to disseminate information, open discussions, or even enhance campus procedures.

• Does your campus have a dedicated e-mail address you can write to or a number you can text or call to report an emergency incident as it is occurring? Does it have an alert system you need to sign up for so that you get incident alerts in real time?
• Do you know the number for campus security? Who else on campus has been trained to de-escalate face-to-face situations, and how do you contact those people in the event of an emergency?
• If you live in a state that has adopted or is considering adopting legislation regarding campus carry of firearms, what is your campus doing to comply with those regulations while ensuring safety on campus? How do the specific laws in your state define your rights and responsibilities for regulating the presence of guns in your office or classrooms?
• FERPA legally prevents faculty members from giving out any information about students to anyone, including someone with a subpoena or a badge. To whom does your campus want you to refer an official who approaches you with any questions related to students?
• What is your campus’s position on DACA students? What resources are available to these students? Who are the contact people for students who need to access those resources? How is student confidentiality protected?
• What are the policies and procedures for providing support to a member of the campus community who is being targeted online? Faculty senates, unions, and other governing bodies often work to protect their members’ academic freedom. What procedures have they adopted for responding to public attacks on course content and design, social media, or public writing by faculty members? What are their protocols for getting public statements approved before release, if such a thing is necessary? How do they extend protections to non-tenure-track or graduate student members of the faculty?
• Communications offices and campus security typically coordinate procedures to protect members of the campus community who are facing online threats. How do they monitor social media? What statements have they drafted about policies for dealing with online harassment?
• Upper administration’s policies and procedures to support members of the campus community who become individual targets are often complex and for security reasons may not be widely publicized. Do deans and department chairs know what roles they play when acting on these policies and procedures?

Reducing Threats: Preparing Online and in Person

It is possible to minimize your own vulnerability without compromising your intellectual integrity, your participation in public discourse, or your students’ educations. Taking precautionary steps is a concrete action that can be empowering in the face of growing fears about safety in academic settings. To help reduce the risk that ensuring personal safety will require curtailing academic freedom, you can do the following:

• Protect your personal online identity. Review privacy settings, consider setting up two-factor authentication, and seek out expert advice for making your online self less vulnerable.
  • Speak Up & Stay Safe(r): A Guide to Protecting Yourself from Online Harassment
  • Doxxing Defense: Remove Your Personal Info from Data Brokers (information from Computer World on protecting personal information)
  • AAUP: Academic Freedom and Electronic Communications
• If you are engaged in digital humanities projects, remember that online audiences can grow in unexpected ways. Have conversations with staff members in information technology to reduce the vulnerability of your scholarly work as much as possible, through methodical choices about hosting, firewalls, and other protections from would-be attacks.
• Start a conversation with administrators and campus security about what is being done to monitor whether your campus appears in discussions on common online channels used to plan violence.
• Have a conversation with administrators and campus security about best practices for handling targeted harassment.
  • Best Practices for Conducting Risky Research and Protecting Yourself from Online Harassment (also contains guidelines for institutions, condensed here: Online Harassment Information for Universities)
  • The Alt-Right on Campus: What Students Need to Know (from the Southern Poverty Law Center)
  • Some Reminders for Women’s History Month (tips for supporting writers who do women’s history for public audiences)

Many campus offices operate on the principle that a campus is not safe if its individuals do not feel safe. Campus police want to know about anything you have to report to local law enforcement if it is in any way related to campus work or your status as a student, faculty member, or employee. They are likely to have specific physical protections available for classrooms, offices, and other campus venues. Offices of campus communications and administration want to ensure that everyone who could be potentially affected by incidents is informed about them, whether isolated or ongoing—so include those offices in any reports you must make.

There are also numerous resources beyond the campus level that can provide support networks and resources:

• AAUP: Targeted Online Harassment of Faculty
• Crash Override Network’s list of tools and resources for dealing with online harassment (contains an interactive tool to use if you are currently a target, plus policy recommendations for both institutions and individuals about how to take proactive and responsive steps)
• FemTechNet Center for Solutions to Online Violence

It is highly likely that campuses have plans in place, but it is also likely that members of the community are not clear on what those plans are, since such plans are complicated and may feel irrelevant until they are suddenly urgent. One of the most reassuring things I did when I became the chair of my department was to have a meeting with the head of our campus communications office to clarify what our campus was already doing about many of these issues. (There was a tremendous amount I did not know.) The net result of that meeting, and answers to some of my follow-up questions, was an increased sense of confidence, both because I knew that there were already procedures in place and because I had a clearer sense of whom I would contact in various scenarios.

At the very least, members of the faculty and staff ought to feel assured that their offices of the president, communications, and campus security all support a statement like the following: “We do not make staffing decisions on this campus on the basis of pressure from any external groups or individuals.” It would be worthwhile for chairs and deans to consider crafting similar statements for public release, which can be used in a wide variety of situations, and to clear them with the offices who oversee such statements, before an incident occurs.

Too many campuses in the last few years have been caught by surprise when a crisis hits and have had to release statements or make decisions without much time to think carefully about the ramifications of their words and actions. Some have thereby ended up stifling the free exchange of ideas, undermining their own faculty members, or inadvertently letting the bullies win because they allowed protecting campuses from physical threats to take precedence over protecting intellectual inquiry. There are times, of course, when curtailing imminent violence has to be the only objective. But careful planning about campus procedures—and the language through which they are communicated to the public—has the potential to enable responses that do not require deleting publicly available scholarship, firing faculty members, or compromising students’ education in order to maintain campus safety. And every one of us can participate in that kind of planning.