Increased enrollments, changing student expectations, and shifting patterns of Internet access and usage continue to generate resource and administrative challenges for colleges and universities. Computer center staff and college administrators must balance increased access demands, changing system loads, and system security within constrained resources.
To assess the changing academic computing environment, computer center directors from several geographic regions were asked to respond to an online questionnaire that assessed patterns of usage, resource allocation, policy formulation, and threats. Survey results were compared with data from a study conducted by the authors in 1999. The analysis includes changing patterns in Internet usage, access, and supervision. The paper also presents details of usage by institutional type and application as well as recommendations for more precise resource assessment by college administrators.
The rapid growth in the use of the Internet has revolutionized the flow of information in colleges and universities. Higher education institutions continue to respond to increased demand by reallocating scarce resources when expanding their Internet capabilities. How have institutions responded to these challenges? Do institutions establish more restrictive procedures and policies for accessing the Internet? How have student usage patterns changed? Are music downloads a concern? How do students access the Internet, using institutional facilities, to perform tasks? These and related questions were asked in an expanded version of a study conducted by the authors in 2001 and 2002.
Comments received from respondents on the initial survey led to key survey revisions and the addition of new topic questions. The initial survey instrument was revised and mailed to Computer Center Directors in two geographic (Northwest and Southeast) regions of the United States. Even though the response rate was less than ideal, the addition of several relevant survey questions provides insights into the continuing and challenging issues confronting higher education.
Current findings are presented with emphasis on responses to the new questions. Comparisons with previous findings appear, but only when significant. As expected, some changes have occurred in worm and virus attacks with a surprising decrease in hacker attacks. Although we hope that the level of attacks has decreased because of improved systems, it may also be true that institutions are either more reluctant to acknowledge the attacks or unable to accurately quantify the number of attacks. We intend to expand the next survey to probe this issue of attacks in more depth.
We begin with a description of how the research was conducted and provide commentary on university Internet policies. We conclude with an analysis of the results and make recommendations applicable to the changing direction and future trends for managing computer resources in college and university settings.
In 1999 the authors surveyed computer center directors at selected colleges and universities to assess and report Internet policies and usage. Results of that survey appear in First Monday in the November 1999 issue at http://www.firstmonday.org/issues/issue4_11/fleck/. The original survey instrument was revised and expanded to include a broader range of questions looking at issues such as virus attacks. The revised survey solicitation was mailed to 972 computer center directors in the southeast and two states in the northwest (Oregon and Washington). The 2001 Higher Education Directory was used to identify the most current postal addresses of these administrators.
The solicitation letter encouraged respondents to complete the survey online with an option to request a paper copy. The letter provided survey information, the URL, and required password. The survey was published to a Web server as a convenience for respondents with the expectation that this methodology would provide a higher response rate than a mailed paper form. While this methodology did not generate as high a response rate as the first survey, the procedure did enable a more efficient method for assembling data. Because the survey was online, we were able to provide the questionnaire for an extended time period to increase the response rate; some responses were received in late 2003 when we began to analyze the data.
Over a quarter of a million students are represented by the respondents. A total of 68 institutions (seven percent) responded to the survey online; no surveys were returned via postal service. This response rate is within the normal response rate for paper surveys.
The information and charts in this study represent the collection of responses received; therefore, the figures may not total 68 in every instance.
Distribution by state and degree
Figure 1 shows the distribution by state of those responding to the survey (seven surveys did not specify a location). The institutions represent a wide variety of degree programs ranging from certificates to doctorates (Figure 2). We believe that the survey results fairly represent Internet issues facing the academy through late 2003.
Student enrollment figures at the institutions responding totals 196,528 for fulltime equivalents (FTE) and 283,990 for overall student enrollment, or head count (Figure 3).
The majority of institutions responding are categorized as "public," followed by "private." The remaining classified themselves as either proprietary or military. Figure 4 shows the distribution of public, private, proprietary, and military.
Access points and types
All of the responding institutions provide some type of access to the Internet for their students. The analysis includes access to the World Wide Web, email, and Telnet. The library is the most common access point for students followed by access from supervised laboratories. Less often provided/used access points are department labs, unsupervised labs, classrooms, and dormitories. Figure 5 lists the type of access point and the number of institutions providing each type of access.
Access monitoring and control
Twentyseven institutions make a conscious decision not to limit, supervise, monitor, or record Internet access. When access is monitored, it is primarily accomplished by software, staff, and faculty. The most common monitoring methods are software and staff (Figure 6). Written comments from respondents included monitoring methods such as bandwidth metering, filtering, and performing history checks.
Policies and policy dissemination procedures
Many institutions have policies governing appropriate and acceptable use of computer resources. Figure 7 shows the methods used by institutions, and the number of institutions using each method, to disseminate computer and Internet policies to students. Over half of the respondents state that they have developed policies concerning Internet access by students using the institution’s network. Twentynine institutions publish their policies in a student handbook. Others disseminate their policies by mailing copies to students, posting in labs, disseminating verbally, displaying on the Home page of their Web site, displaying when a student boots the computer, or activates his/her account.
Penalties for policy violations
Policy violations often carry penalties and these penalties usually relate to the severity of the violation. Only 29 institutions have penalties in the event that students violate their policies. In addition to probation, most institutions report employing a graduated penalty scale depending on the number of violations and the severity. For example, the first policy violation would result in a verbal warning or reprimand; the second violation would lead to temporary revocation of network privileges. Consequences of the third violation would be disciplinary action or dismissal from school.
One institution reported the requirement of "retraining" related to the specific policy violation before regaining access. In some instances, a student’s Internet privileges are suspended. Others block student participation in extracurricular activities or assign the case to the Dean of Students for appropriate action. In more serious cases, a campus judicial committee hearing is conducted or prosecution by local or state criminal authorities. Eleven (16 percent of the responding) institutions indicated that they did not establish any type of penalty for violating their policies.
Access to pornographic sites
Pornographic sites are part of Internet access and policy issues. The authors separated this component from other topics since it was evident from the first survey that this was an issue being debated on many campuses. From written comments, it appeared and continues to be an item of concern on many campuses.
When asked, "Do you limit access to pornographic sites?" 23 of those responding state that they limit access to pornographic sites. On the other hand, 20 respondents state that they do not limit access to these sites. Figure 8 shows that institutions believe students will make appropriate choices with regard to the sites they visit. Respondents indicate, in the "other" category, that they limit "hardcore" pornographic sties or that they are "still hashing it out."
Policies, when enforced, are enforced primarily by staff and faculty respectively. Institutions still depend on the services of student assistants to enforce policies as well as depending on students to regulate themselves. Figure 9 represents this analysis. This is consistent with the 1999 study results.
Policy development procedures
The college or university networking services director is the most likely source of procedures, policies, and rules (Figure 10). In instances where a committee is responsible for developing policies and procedures, the group is composed of administrators, faculty, staff, and students. Figure 11 represents a sample composition of such a policy making committee.
Committee Composition Sample Administrators 4 Faculty 6 Staff 4 Students 2
Controlling access to unauthorized sites
Hardware and software strategies are used to control access to prohibited sites. Thirtyseven percent of those responding utilize hardware to disallow some Web sites while 35 percent utilize software. Examples of software include WebNot, Websense, Internet Security System (ISS), Packet Shaper, Bess, and Norton Internet Security.
Of those responding, 34 percent log access to the college or university network by user ID, station, and date/time. Thirtythree percent log access to the Internet and record user and URL accessed.
Access logs are primarily used to evaluate bandwidth usage or to investigate problems reported by staff or external agencies. Respondents indicated that regular monitoring for policy violations was too time consuming and that staff resources were better utilized on other tasks. A few reported spot checking for policy compliance. At least one respondent emphasized that the logs were only used when complaints were made.
Access to chat
Excluding the chat component in Webmanaged courses such as WebCT or Blackboard, access to Chat areas is limited by 23 percent of the responding institutions. Limitations are imposed primarily by written institutional policy. Following written statements, verbal admonitions are given, software is used, and course instructors reinforce Chat limitation guidelines.
Email, Internet, and telnet usage rates
Email usage continues to increase at all responding institutions. The specific question asked for increases during the past twelve months. For many institutions, the volume of email has increased more than 50 percent. None reported a decrease in email usage (Figure 12). Compared to the previous study, it appears that the email usage increase rate is beginning to level off.
For purposes of comparison, each institution was assigned an arbitrary number. These numbers often appear along one of the axes in several of the following charts. This enables comparison between institutions.
Similar increases were noted for Internet usage (Figure 13). One institution noted a fivefold increase in usage. Since we collected data from an online electronic form, this is not a data entry error on the part of the authors.
Telnet usage by institutions continues to decline and this decline is consistent with the findings of our previous study. While some institutions indicate an increase in usage, the number of institutions reporting a decrease equals the number reporting an increase (Figure 14). In addition, the total number of institutions reporting any telnet usage, compared to our earlier study, has declined.
Gaming and music usage
Downloads of any file type absorb valuable bandwidth. Music and gaming files absorb bandwidth in two ways: 1) the absolute bandwidth used to load the file on a local drive; and, 2) when the file is used interactively, i.e., it is played "live" from the Internet. Live radio broadcasts or gaming between players in remote locations serve as good examples. These issues were mentioned by respondents in our earlier study and more carefully quantified in this study. Changes in usage rates over the past twelve months are shown in Figures 15 and 16.
Units of measure
Respondents were first asked to indicate the percentage increase or decrease for resources and then to specify units of measurement. A variety of units were used to track resource utilization during the past 12 months (The "past 12 months" refers to a time span at the responding institutions). The units used by respondents are shown in Figure 17. The predominant measure is a professional estimate of usage based on past experience. Other units of measure are number of workstations, hours of usage, and number of classes using the Internet.
Access to resources
Resource use and resource access are closely linked. As demand for services increases, institutions may attempt to improve access. Increased resources also may increase usage rates. Figures 1822 shows access capability increases or decreases during the past 12 months with particular emphasis on email, surfing, telnet, gaming, and music. Note that resources available for telnet decreased while access to other resources generally increased, consistent with usage patterns.
The majority of reporting institutions indicated an increase in attacks by worms, viruses, and hackers (Figures 23 and 24). While several institutions indicated a decrease in attacks, it is unclear if the decrease is an actual decrease or a measurement problem. The authors provide some speculation for these events in the conclusion to this paper.
Along with a general increase in attacks is a concomitant increase in resources devoted to preventing attacks. All but one institution reported an increase in resource allocation toward this effort (Figure 25).
The respondents were asked to list their current concerns and these concerns were grouped into major categories. When the summarized list was compared to the 1999 study, no new major concerns emerged. While some detailed comments differed in emphasis, e.g., "maintaining enduser equipment," the emphasis was consistent.
Computer center directors are continuing to deal with issues which fall into familiar categories. While familiarly may provide some level of comfort, it also means that directors are faced with issues that do not have a finite resolution.
The survey asked computer center managers to rank how they spent and expect to spend their time on information management issues. Figure 26 shows their responses. Resource management and security remain the top concerns for directors.
Institutions, as in our 1999 study, are still concerned with students accessing appropriate sites. While some institutions continue to report that they do not monitor access, or only monitor access when a problem arises, it is unclear if the lack of monitoring is due to resource issues mentioned in other questions or a genuine belief that students will make appropriate choices. Some respondents mention that defining inappropriate sites remains a difficulty and without a definition, policy formulation and enforcement is not possible. For those interested in formulating a policy, the authors suggest visiting the Web sites of similar institutions since many respondents indicate that their policies are posted on the institution’s home page or computer center page.
Those institutions that monitor access use a variety of methods to control, monitor, or record access. Both hardware and software are used to monitor access. Compared to the 1999 study, the only change was a variety of software packages mentioned.
There is a great diversity of opinion on the topic of pornography. When we discussed this issue with computer center directors at conferences, one response has been that if they attempt to monitor and control access, they have to define it. Defining pornography in a way as to limit offensive material yet allowing those in healthcare professions to access anatomical sites has been difficult.
Policy violations are dealt with in a variety of ways. We were not able to detect a uniform model that could be applied to other institutions. Insufficient information was available to link policy formulation with institution type and size. If there is a trend, it seems as if small, private institutions are less likely to extensively monitor Internet usage. This may reflect resource issues while larger state institutions may have a greater public accountability.
Resource allocation continues to be a high management concern. Respondents again report that access demands for email, Internet, gaming, and music are increasing while the demand for telnet continues to decline. Institutions have responded by providing greater access. It appears that access and usage rates have increased compared to our 1999 study. All of this comes at a price; a price contained within the resource allocation category. We did note an apparent inconsistency in responses to the download issues: some institutions reported increasing computer resources to meet the music and gaming system demands. The granularity of our study did not request information on the legitimacy of these downloads. For example, were the increased demands for bandwidth due to new academic programs in music? Similarly, there has been a movement toward the use of gaming to teach programming and other academic subjects. We suspect that resources in part were increased due to the increased use of nonacademic student usage and the inability to adequately capture or monitor this usage.
Assaults on institutional computer resources continue to be a concern and on the increase for the majority of responding institutions. While several institutions reported a decrease in attacks, we can only speculate why these few institutions were less likely to be attacked than in the past. One reason could be that those respondents classified failed attacks as noattack; e.g., the "blaster" attack was stopped external to the system and was therefore not an attack. Similarly, hacker attacks stopped at an external firewall when in the past no firewall had been in place could also explain these responses. Other reasons include a change in university structure for computing that moved the institution’s network deeper within the organizational structure. Our next survey will ask specific questions concerning activities taken to reduce or ameliorate attacks.
The underlying theme of our research indicates that resource and security issues continue to play, and will continue to play, an important role in the management of university computing facilities. The problem for managers of such systems continues to be the development of enforceable policies based on realistic measurement of resources. We foresee computer center directors having a difficult time requesting resources without quantifiable performance measures that are easily understood by others in the academic community. The most common method of measuring usage was "professional estimate." We believe it will be hard to justify continued funding increases when a professional estimate is the primary rationale. We strongly recommend coupling auditable measures of usage with the development of enforceable measures designed to reduce inappropriate uses of scarce bandwidth.
About the authors
Tena McQueen has degrees from the University of Louisville and Auburn University and has taught in higher education since 1968. She currently teaches computer applications classes at Columbus State University. Email: Mcqueen_Tena [at] colstate [dot] edu
Robert A. Fleck, Jr. is Distinguished Professor of Computer Information Systems Management and Chair, Department of Financial and Information Systems Management in the D. Abbott Turner College of Business at Columbus State University in Columbus, Georgia. Dr. Fleck earned his Ph.D. and MBA at the University of Illinois and has taught or held administrative positions at the University of South Carolina, Clarion State University, and the University of HoustonVictoria. He has authored or coauthored three textbooks in information systems and over one hundred papers. Email: Fleck_Bob [at] colstate [dot] edu
Paper received 8 March 2004; accepted 7 November 2004.
HTML markup: Edward J. Valauskas; Editor: Edward J. Valauskas.
Copyright ©2004, First Monday
Copyright ©2004, Tena F. McQueen and Robert A. Fleck, Jr.
Changing patterns of Internet usage and challenges at colleges and universities by Tena F. McQueen and Robert A. Fleck, Jr.
First Monday, volume 9, number 12 (December 2004),