The Culture of Logging In
Let's begin with a brief quiz.
Last summer, the management of my university's dorm network was outsourced to a third party ISP. This has placed the dorms outside of the university's IP address range. For the first time ever, more than 6,000 students living in the dorms have been required to authenticate themselves through EZproxy to access research materials licensed by the library. As a result, the library received this approximate number of complaints:
a. Dozens
b. Forty
c. Ten
d. None
If you selected "d", you pass the quiz and get an A in Modern Reality Librarianship.
So here's the story. We in my library had a hazy notion that the management of the dorm network had been outsourced. But we didn't connect this with the fact - not at all inevitable - that the IP range had moved off of the campus network. So, for the last four months, and unknown to any of us, EZproxy logins from the dorms have been required.
I got wind of this last week when a colleague asked me to help him solve a username/password problem for a student who lived in the dorms. My colleague and I were puzzled about why this was an issue in the first place. If the student was on campus, no login should be required. The student was using a wireless laptop, so at first we thought this might be a wireless issue.
I investigated. Within a few hours, I learned about the new IP range for the dorms.
This brings to mind two interesting questions.
1. Why didn't a single student complain to anyone in the library?
I can only speculate.
Students aren't shy about registering complaints. And, as I said, this particular one has never once come up. We've got three libraries and a multitude of public services points. Besides visiting us in person, students can e-mail us, IM us, and call us up. But there has been utter silence on this issue.
As an experiment, I came right out and asked a student why it didn't bother him that he could get to our resources directly last year, but this year he had to log in. He shrugged and said it was no big deal - entering his credentials was nothing.
I've got to think that the culture of the university and of the wider Web has engendered this point of view. On campus Web spaces, students are required to log into their e-mail accounts, WebCT, MyUAlbany (to register for courses, etc.), the campus wireless network, the ERes electronic reserves system, our ILLiad interlibrary loan site, and our catalog's My Minerva Account. On the wider Web, there are all sorts of sites that require logins in order to use their services. (This reminds me of the amusing Useless Account site that calls attention to this very thing.) What's the big deal if one more login is required? This probably passed pretty much unnoticed.
But one of my colleagues said to me yesterday, "Students should always question this!" They should never blindly accept that they need to hand over their credentials.
On the other hand, we caution students about security issues. We encourage them to understand that privacy is an important factor in their lives on the Web. They should pay attention to it. Logging in to restricted sites is not only expected, but desirable. When they log in to campus Web spaces, we're protecting their privacy and adhering to copyright law. These are good things. Why should we expect them to understand the rules of license agreements and network access technologies?
2. Despite the lack of complaints, should I volunteer to incorporate the new IP range into EZproxy so that dorm students won't have to log in?
I love this question. Too often, I think, we tell ourselves we'll offer services based on user need. And our users - students in the dorms - obviously don't need not to log in. They don't care. Really, they don't. They've proven this.
Maybe our students don't care, but I'm not about to stand by and require them to log in when they're not only affiliated with us, but are also living right on campus. It's a matter of principle, not need or expectation or complaint or even request. In short, it's a professional responsibility to fix this problem.
So I publicized the situation to my colleagues and figured out a solution. My goal was to relieve our Acquisitions Department from having to contact every last vendor about the new IP range, especially since we couldn't guarantee the stability of this range. Thankfully, EZproxy has a nifty feature called AutoLoginIP. This has turned out to be the solution.
So what have I learned? Well, I've learned that students can be tolerant of barriers to access, but maybe for a good reason. I've also confirmed my notion that professionals shouldn't wait for surveys or complaints before fixing problems that are eminently solvable and deserved by the community.
Comments
Just curious - is the IP that the dorms use allotted only for the dorms, or might non-students also fall into that IP range, either now or in the future?
I guess I would want to turn the thing around - require the outsourced ISP to use a predefined IP range, allocated and dedicated to the University. If you are going to open the security door for the IP, I would want a very secure control on that IP.
Interesting insight into how we have become so accustomed to logins, that we no longer associate logins with either privacy or security. They have become just a clerical procedure - like presenting a driver license to check in a motel, write a check.
Posted by: Brad K. | December 6, 2007 11:53 PM
Brad, good question! The IP range in the dorms is exclusive to our campus alone. The ISP assured me of this. The range is also large enough to accommodate growth. I checked this out before even considering providing access to this range through EZproxy.
Posted by: Laura Cohen | December 7, 2007 10:10 AM
What is unsettling about your description of the ISP/Dorm story is less about the students as much as that of the disconnect between departments in the university which allowed this to happen. Didn't anyone on Central IT, the business office, the academic office, or even facilities connect the dots? What if it had been more serious?
I am always amused at the lack of communication that characterizes all of our schools. They seem to treasure secrecy more than many intelligence agencies. And to what end?
I was reminded of a book I read a while ago which was filled with useful observations and even some techniques for overcoming the too common disconnects in communications that large organizations foster. William Pegonis' recounting of his life in the Army and his experience as the top chief of logistics during the first Gulf War give his book some real credibility in talking about planning and execution on a plan. The book, Moving Mountains, may seem an unlikely text for academic librarians (unless you view a semester as somewhat like a campaign) but most big organizations are more alike than different. The text is filled with some very useful techniques for communicating within and without. The one I remember readily was that each day Pegonis would have his morning staff meeting standing up! These meetings did not go too long as a result. If it is still in the stacks of your library, it is worth a perusal by inquiring librarians.
Moving mountains : lessons in leadership and logistics from the Gulf War / William G. Pagonis with Jeffrey L. Cruikshank.
Posted by: John Callahan | December 12, 2007 01:10 AM
John, We do have this book in our stacks, thanks!
The person I spoke with from campus IT said he had thought that we in the library were informed about the move to outsource the dorm network. The move had been well publicized.
I'm of two minds about this: 1) I can't expect IT to understand how EZproxy works; and 2) IT should, in fact, understand that traffic restrictions would be based on the IP addresses of the users. In any case, I made sure to articulate EZproxy requirements during our conversation, and to request that any IP changes be communicated to our systems department.
There was no secrecy here, but rather (as you correctly note) failures in communication and also failures to connect the dots. I was one of the people who failed in the latter.
One of our biggest problems, I think, was a staffing one. Our library systems department experienced two key resignations this summer when the outsourcing was taking place, and we'd been without a department head for over two years. With more stable staffing in the library, this situation probably would not have occurred. At least, I'd like to think so!
Posted by: Laura Cohen | December 12, 2007 08:28 AM
Hi Laura and all,
Whenever I write a comment, believe me, I am looking into a mirror - I am talking more about myself, my institution, and my failures within the organization than pointing to anyone else's story. I am a humble servant of the state.
Our systems people cultivate a relationship with the IT and Telecomm tribes so that they know us and will remember to tell us 'stuff' that may not surface in the higher echelon meetings. It works most of the time. Key - no surprises. Often it works to our advantage. But I know how much work goes into keeping those channels open and their limits. I do recommend the Pegonis book as a cut above the usual business management books as it is fun to read and there are some really good techniques in there.
My final shot - it is hard to promote a revolution in student collaboration when the parent organization cannot do the same.
Posted by: John Callahan | December 12, 2007 09:26 AM
My final shot - it is hard to promote a revolution in student collaboration when the parent organization cannot do the same.
Very wise words, John.
Posted by: Laura Cohen | December 12, 2007 09:35 AM
I'm not surprised that the students didn't notice, or mind.
First of all, think of how few of them actually USED, or even wanted to use, the controlled library resources from their dorm rooms. Many of them undoubtedly used them from other places on campus, or even in the library. And then there are the majority who don't use them at all.
Second, as noted, they are used to logging in to their email, their MySpace, their FaceBook, and a zillion other sites. Why should the library be any different.
We're just too used to thinking of things the ways that WE THINK they ought to be, rather than the way the really are. We're not students and they're not us.
Posted by: Dan Lester | December 19, 2007 07:06 AM
Dan, thanks. With regards to your first comment, the EZproxy logs showed a significant use of library resources from the dorm IP range. In fact, this is one of the things that helped tip me off that the dorms are on a different IP range.
What interested me about this situation is the fact that returning students didn't mind that, unlike in previous years, they had to log in from the dorms. If the change was noticed, it was accepted.
In any case - and unlike MySpace, Facebook, etc. - I can make a difference by removing the requirement that students log in. This is one way in which a library network can position itself differently than the external Web, even if this happens behind the scenes and students don't notice. This is a service we can, and do, provide.
Posted by: Laura Cohen | December 19, 2007 09:25 AM
Agree completely that if you can eliminate the login requirement from the dorms, that is a good thing to do. It does sound like a bit of a hassle to change things with all the vendors, but certainly worth doing if you have some reasonable assurance the contractor won't change the range on you with any frequency.
We may have the opposite problem in the next few years (though I'll be retired by then). We have a branch campus about 20 miles away that is in the process of becoming a separate community college. Right now they're under a block of our IP range, and may well remain under it for the foreseeable future. In that case we'll need to exclude a block of IP addresses from the currently nice and simple 132.178.*.* Maybe they'll get their own IP address block and we won't have the problem.
Fortunately we have an excellent relationship with campus IT, in part because I've been on the university wide IT committee for 17 years, and partly because we filter all support calls from library staff. We only pass on the 2 percent of calls that we can't handle.
Happy holidays,
dan
Posted by: Dan Lester | December 20, 2007 01:20 AM
Dan, thanks again. Cultivating an excellent relationship with campus IT is crucial, just as you say, and it's obvious you've done your part. I think things will improve on my campus, now that we finally have a new head of Systems. My Dean told the campus CIO about what happened with the dorm IP range, and reported back that there's lots of chagrin going around that this fell through the cracks. A good sign, I hope!
Posted by: Laura Cohen | December 20, 2007 08:27 AM