Report of the Senate Information and
Communications Technology Committee

2013-2014

This past year the IT Committee considered the following issues:

Continuing issues with ARC

The Committee together with members of the Research Officers Committee and visitors from the faculty at large met in September with Ron Forino, Director, Business Enterprise Solutions; Paul Reedy, Associate Vice President, Finance Service Management; Kate Sheeran, Executive Director, Finance Human Resources; Richard Hall, Senior Director, Budget and Business Intelligence; Ingrid Cole, Lead Business Intelligence Analyst; and Ed Huang, Director, Financial Reporting. The committees and visitors presented a number of faculty concerns to the ARC representatives, who presented some plans to address some of them. (See presentation.) These included bundled PDF reports for principal investigators which are now provided to all PIs through a web interface, developed with CUIT, so that each PI does not need to access ARC or FDS directly. Committee members and visitors expressed concern over the slowness of the new systems (accessing a given report could take 25 seconds), the timeliness of reports, access to information on gift and other non-sponsored accounts, lack of information about each project’s original budget (which would allow PIs to know how much was left to spend), lack of information on payroll categories which are needed for reporting to government sponsors, and inadequate training material and training sessions for staff and PIs. They also noted very significant financial losses to PIs because of ARC problems. The ARC team responded that some of these issues were being looked into and gave several presentations (attached) to explain how. The Committee members and visitors expressed considerable dissatisfaction with these measures but were informed that there were cost issues involved.

New digital initiatives

The Committee heard from Candace Fleming, head of CUIT and Committee member,
Medha Bhalodkar, Chief Information Security Officer; Chuck Eigen, Project Manager; and
Demian Vanderputten, Analyst, all from CUIT, about new digital security measures that will be adopted at Columbia. (See presentation.)

Ms. Fleming presented the first topic: heightening awareness of what data is sensitive and improving access to tools for protecting data. Sensitive data is data protected by laws or regulations. Examples of such data are protected health information, personally identifiable information, and student education records. She said that university employees were now being required to change their UNI passwords twice a year. CUIT is requiring stronger passwords. Passwords now must be 8-64 characters and include at least three of four components: upper-case letters, lower-case letters, numbers and special characters. Users should not use their UNIs or names as parts of their passwords. Users should never use common passwords such as “password,” “12345,” “admin,” etc. A recent study showed that 90 percent of all passwords at Columbia were vulnerable to hacking.

Users are advised to use passphrases or word combinations that are easy for the user to remember but hard for others to guess. Users should use a password ring and including part of the relevant web site’s name in the passwords. They should beware of phishing attacks and remember that legitimate companies do not request account information by email. Everyone should also should lock mobile devices and computers when not using them.
                 
Medha Bhalodkar explained that her team was aiming for continuous improvement. She invited the committee to reach out to them with questions and suggestions (presentation attached). Columbia has recently revised its data protection policies. The university now has four categories of data: sensitive, contractual, internal and public. University policy calls for minimizing the use of sensitive data. For instance, if an operation doesn’t require social security numbers, they should not be used. The university has eliminated their use in many areas.  CUIT now provides tools and monitoring mechanisms for dealing with them. If SSNs must be used, they must be encrypted or, where that is impossible, be subject to access controls. CUIT has developed tutorials, FAQ documents and tools regarding data security. There is also an IT leadership council to monitor this.

Files containing sensitive information should be encrypted when stored and emailed. If such information must be emailed, it should be sent as an encrypted attachment. Files can be encrypted using WinZip or the file encryption feature of MS Office. The university provides MS Office and is buying licenses for Winzip. CUIT also provides tools to scan workstations for sensitive information. When employees dispose of old computers, the hard disks should be wiped of data; similarly, scanners also keep information and should be wiped. CUIT also monitors the university network for abnormal behavior and spam. They were piloting new tools (now in use in Lionmail) that filter for sensitive information such as SSNs and credit card numbers, and block emails containing it. They also check university web sites and whether they link to sensitive data. CUIT representatives also noted that unpublished research is also sensitive and cautioned that if one emailed an encrypted file, one should not send the password in the same email as the file or even in an immediately subsequent email and that one should put it a few lines down in the message so it doesn’t show up in the first line or two that are often displayed in a list of unopened emails.

Student IT Concerns: Student Affairs Committee Quality of Life Survey.

Representatives from the Senate Student Affairs Committee presented preliminary results from the Quality of Life Survey to the IT Committee. Full results of this survey have been presented in the Student Affairs Committee report. The Committee was pleased to note that, over all, students were satisfied with university technology. However, printing and innovation garnered the lowest ratings. It is difficult to know which printers around the campus are actually functioning. One cannot send a print job to a central server that can route the job appropriately. Pay rates and weekly quotas for printing were also an issue. Students were also general satisfied with Columbia’s move to Lionmail. The students also recommended some changes in the way names could be changed in the Columbia Online Directory and allowing for parallel e-mail address aliases, with a provision that would allow students with name changes to select an alias that matches the student’s chosen name. Columbia websites were generally rated low. There are still wifi issues on campus. Students also wanted to write their own apps to access Columbia data (e.g., Courseworks), but there are no open APIs due to confidentiality issues. The Application Development Initiative at Columbia (ADI) has been a leader in this (see presentation).

Online directory

The Committee also investigated issues with the university’s online directory. Jim Lindner, Assistant Vice President, Human Resources Information Services, and Chris Dowden, Director, Identity and Access Management, spoke with the Committee. There are serious issues involving business titles in the directory which are often inconsistent due to the large size (over 50,000 entries) of the directory and the multiple sources from which information is derived (e.g., Human Resources, Student Information Systems, Barnard, Teachers College, and so on). Even department names can appear in multiple formats. One issue is how much information faculty and staff are allowed to change for themselves and what information needs to be entered by department representatives. The Committee raised issues about the amount of time it takes for new appointees’ information to appear in the directory; a case in point is summer interns who cannot obtain Rascal accounts to do human subjects research until their entries appear in the directory. Mr. Lindner attributed these problems to the continued dependency of the university on paper hiring forms. The worst periods are June and July. The data entry staff for this task is down to only four people (see presentation).

CourseWorks

The Committee also raised issues about continuing problems with Courseworks. Maneesha Aggarwal, Director, Director Teaching and Learning Applications, CUIT, and
Dan Beeby, Associate Director, Center for New Media Teaching and Learning, visited the Committee to address these concerns.

The transition to “New CourseWorks” was begun in the spring of 2011. As of January 2014, CUIT had moved about 30,000 users to the new system. There has been considerable outreach to introduce faculty and students to the new system from CUIT. CourseWorks has approximately 32,000 users a day, about 100 per minute.  One local tool allows professors to submit grades to Student Services Online (SSOL). Faculty can also see data on classrooms before they use them, including number of seats, existence of black- and whiteboards, electronic features, photographs of the classroom, and other information. Community tools now available allow synchronous web conferencing, recording, wiki spaces, and other capabilities. Evaluation tools are also being migrated to the new system. CUIT is happy to come to individual departments to tell them about the new features.

The Committee discussed the issue of getting students to submit course evaluations but with no solution to the problem of low submission. There is currently no way to require that students submit evaluations before they can view their grades.

Lionmail

In April 2014, the IT Committee discussed current issues with the move to Lionmail, Columbia’s new Google-based email system, with Candace Fleming; Suzi Varnhagen, Project Director of the Program Management Office of CUIT and project director of the Lionmail changeover; and a number of others from CUIT involved in the Lionmail move. The discussion was a response to many faculty having recently been moved to Lionmail and experiencing a variety of problems, including difficulties using their old mailers (e.g., Thunderbird, Pine), lost mail, odd search performance, lack of decent IMAP support, substandard security, and slow performance.

Ms. Fleming said that CUIT had been on the path to Lionmail for more than two years. The changeover began in March 2012. They now had some 60,000 users, many of whom are students. They had started 30 months ago and were still migrating by groups, doing the more difficult groups last. This migration should now be complete for all but the Medical Center, which still uses the internal Exchange system due to privacy concerns. It is intended that Cubmail will be finally retired in 2014. The Committee learned that Google is providing the email service for free.

CUIT emphasized their willingness to help with any problems and noted that they had already done many desk-side visits. CUIT is working on FAQs and will provide more help sessions.

Research Data Storage, Accessibility, and Privacy

Committee member Victoria Stodden reported on a National Science Foundation meeting focusing on how to make research data more accessible, to implement a White House Office of Science and Technology Policy released in 2013 about making data available if research is funded by federal grants. Individual federal agencies will have to resolve issues such as: Does the apply to raw or to processed data? How can issues of human subjects’ protection be handled? In August 2013 the federal funding agencies submitted their public access plans to the Obama administration and are still waiting to hear back. The Office of Management and Budget says to make the research data available without supplying additional funds to investigators, which is a very demanding request. A process must be worked out.

Journals are also urging authors to release their data. PNAS requires data to be available in a repository prior to publication. Science requests that published papers make data and code available upon request. Nature requires data availability. High-impact journals are asking people to do more work, while lower-ranked journals are slower to adopt standards that demand more of their authors.

The Public Library of Science (PLOS) announced new data availability requirements on their blog and immediately receive considerable feedback. Researchers found it confusing as to how data was to be defined. PLIS has provided updates to clarify what that they meant “so that others can verify your results.”

Members of the Committee noted that formerly, a library could have a copy of every book ever published. Now, more data is produced than can be stored on all storage media that exist. A new definition of what constitutes data must be developed. However, scientific results can be reproducible if code and raw data are stored together, eliminating at least the need to store intermediate representations, although code may not run on future systems. There is a project called ResearchCompendia addressing this issue by running code in containers (lightweight virtual machines) to enable the persistent executability of code and verifiability of published results.

Amy Nurnberger of the Center for Digital Research and Scholarship also spoke about research data issues in the context of Columbia’s Scholarly Communication Program’s Research Data Management (RDM) effort. Governments and universities such as Columbia are training employees and researchers at schools and institutes in proper data storage and management. Ms. Nurnberger’s group provides RDM resources, including data management plan templates and tools, online training, and data description schemas.

Data policies include training and education as well as advocacy to federal agencies. Her group encourages clients to look at the whole data lifecycle, including planning, organizing and describing data. They are surveying researchers at Columbia to find out their needs and practices, and working with the schools. One effort is to develops improved metrics on data citation and getting researchers to cite data, giving credit to those who design datasets, not just author papers. She thinks we will see more of this. The NSF now considers datasets worthy of support. Her group is working to develop the Academic Commons, which will be useful to other institution as well as Columbia.

Organizational Changes

The IT Committee thanks its 2012-13 co-Chair Senator Breck Witte for his service upon his retirement from the Senate and welcomes a new co-Chair, Senator Matthew L. Jones.

Senate Information Technology Committee 2013-2014
n-s = non-senator

Fac.                Julia Hirschberg, CO-CHAIR      SEAS
Fac.                Henry Spotnitz                          P&S
Fac.                Itsik Pe’er n-s                             SEAS
Fac.                Victoria Stodden n-s                  A&S/NS
Fac.                Matthew L. Jones                      A&S/SS

Stu.                 William Zvara                           LAW
Stu.                 Jared Odessky                           CC
           
Off. Res.        Hatim Diab n-s

Libraries         Breck Witte, CO-CHAIR

Admin.           Candace Fleming n-s
Admin.           Ellen Binder n-s

Admin. staff   Vincent Santana

Alum.            Stephen Negron n-s