Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: 2014 Omnibus Appropriations Act & NIH funding
From: Chris Green <chrisgreen () GSU EDU>
Date: Fri, 28 Mar 2014 11:07:58 +0000

Jarret,

Has EDUCAUSE had similar discussions with the other departments that were impacted with similar pornography language?  
NIH certainly funds lots of research but getting consistency of approach between these agencies is important.  
Department of Education could certainly have a high sector impact.

Thanks,
Chris

On Mar 26, 2014, at 9:25 AM, Jarret Cummings <jcummings () EDUCAUSE EDU<mailto:jcummings () EDUCAUSE EDU>> wrote:

Hi, Josh – No, the issue of cloud services in relation to the provision hasn’t appeared anywhere we’ve seen, so you may 
be the first to raise it. My guess is that your researcher will have to take this one to his/her grants officer, where 
most of the discussion could be around what constitutes “establishing and maintaining a computer network” as opposed to 
“purchasing user configurable cloud computing services.” What we might consider a de facto network might not be 
interpreted as such in the context of an outsourced cloud environment, but only NIH can make that determination in 
relation to the specifics of the award and project. - Jarret

_______________________________________________
Jarret S. Cummings
Director of External Relations

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5372 | main: 202.872.4200 | educause.edu<http://www.educause.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joshua 
Beeman
Sent: Tuesday, March 25, 2014 5:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Thanks Jarret. This is very helpful and I am very appreciative of the work EDUCAUSE is doing to coordinate our 
questions/concerns on this topic.

Are you aware of anyone considering or answering the question about funds used to stand up services in the cloud?  
e.g., I have a researcher using NIH funds to establish a compute instance (which includes an underlying network) at 
Amazon Web Services (AWS).  What if the cloud service doesn't allow me to implement network controls of the type 
described?

Thanks again.

Sincerely,
Josh


________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>] on behalf of Jarret Cummings [jcummings () EDUCAUSE EDU<mailto:jcummings () EDUCAUSE EDU>]
Sent: Monday, March 24, 2014 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding
Hi, All – I posted a blog entry on what EDUCAUSE has learned to date about the 2014 Consolidated Appropriations Act 
restrictions on network funding in relation to pornography blocking/filtering and NIH’s response to it 
(http://www.educause.edu/blogs/jcummings/nih-notice-network-restriction-pornography).

Below is the post summary. Essentially, this provision does not appear to apply to general campus networks and is 
unlikely to do so in the future unless NIH or other affected departments and agencies dramatically change their 
approach to it. Our understanding is that NIH is evaluating its grants and contracts portfolio to identify affected 
projects, which will allow it to contact the relevant researchers to discuss the arrangements those researchers may 
need to make based on specific provisions of their awards. We have not seen any indication that any other federal 
department or agency has or plans to release guidelines or regulations on this issue that might impact higher 
education, and some have had it attached to their appropriations for the last few budget cycles. - Jarret

Summary: NIH released a notice alerting award recipients of a new restriction on the use of funds “to maintain or 
establish computer network” unless that network blocks access to pornography. NIH interprets the provision as applying 
only to funds awarded directly for such purposes; overhead funds are not involved. That essentially restricts NIH’s 
application of the provision to project-based networks, removing the concern that any institution receiving NIH funds 
might have to implement blocking or filtering across its campus network. Researchers with potentially impacted projects 
should consider discussing their concerns with their NIH grants and contracts officer.

_______________________________________________
Jarret S. Cummings
Director of External Relations

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5372 | main: 202.872.4200 | educause.edu<http://www.educause.edu/>

From: Jarret Cummings
Sent: Thursday, February 27, 2014 2:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: RE: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Hi, Everyone - I wanted to let you know that EDUCAUSE is looking into this issue. We have conversations ongoing with 
various congressional sources, and we'll let you know what we learn when we have something clear enough to share. 
Thanks for highlighting the issue. - Jarret

Jarret S. Cummings
Director, External Relations
EDUCAUSE
jcummings () educause edu<mailto:jcummings () educause edu>
(202) 331-5372
www.educause.edu<http://www.educause.edu/>

-----Original Message-----
From: Tracy Beth Mitrano [tbm3 () CORNELL EDU<mailto:tbm3 () CORNELL EDU>]
Received: Thursday, 27 Feb 2014, 12:59pm
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> [SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>]
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding
Not a word from the NACAU list, folks, just thought I would report … and usually responses, when they come, come 
quickly ….

Cheers, Tracy


On Feb 25, 2014, at 7:50 AM, Matt Morton <mmorton () UNOMAHA EDU<mailto:mmorton () UNOMAHA EDU>> wrote:

Thanks Tracy!
Matt

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tracy 
Beth Mitrano
Sent: Monday, February 24, 2014 8:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Hi Matt,

The First Amendment is what jumped out at me.  If I understand the jurisprudence correctly, the federal government may 
not pass a law that disallows adult i.e. legal pornography … as distinguished from obscenity (“I know it when I see it” 
— N.B. is about obscenity, not, as is often misquoted, about pornography) and pornography that involves minors, i.e. 
people under the age of 18.

I did send the message out on the NACUA List Serve, and as of yet no one has responded, which is in itself interesting. 
 I think we owe Josh and his grant office connection at UPenn gratitude for unearthing this interesting issue.

By the way, academic freedom belongs per the law to an institution, not individual faculty, even if professional 
associations have appropriated its terms for private institutions which are not subject to constitutional law.  And if 
a private institution for whatever reason — mission, civil rights VII compliance, etc. — wants to block for 
pornography, there is no law prohibiting the institution from so doing.  What was curious to me was that this example 
came from federal law.

I promise to keep you posted if anything crops up on the list.

Cheers, Tracy


On Feb 24, 2014, at 9:16 PM, Matt Morton <mmorton () UNOMAHA EDU<mailto:mmorton () UNOMAHA EDU>> wrote:

Fascinating topic.  Now - not that I believe the provisions in this ACT are valid the following is how I explain my 
understanding of academic freedom when reconciling the needs of security with openness.

While the goal of the faculty is to teach, complete research, and grow new ideas, the goals of administration are to 
function in a manner that does not interfere with this process (at least in my opinion?).  So, to manage the 
environment in an effective and efficient manner we must review tradeoffs between the level of interference or doing 
the extra effort to structure ourselves to meet the demands of research and compliance.  This also means we have the 
responsibility to do the difficult work of segmenting concerns on campus to provide the appropriate level of compliance.

Segmenting concerns can create more effort but it is an effort that increases the effectiveness of what the overall 
goal of the academe’ is.  A good read on academic freedom is at the following link.
http://www.aacu.org/about/statements/academic_freedom.cfm

I would be interested in any feedback or anything that I am missing since I noticed yet another article on academic 
freedoms in the Chronicle today and this continues to be a point of discussion.

In regards to this particular item,  I wonder if the "intent" is this the segmentation of concerns at the network 
between administration and the academe' ?  And isn't "intent" what will be used to evaluate its enforcement?

Matt

Matt Morton, CISSP, MHEA
Chief Information Security Officer
University of Nebraska at Omaha
6001 Dodge St., Omaha NE  68182
402.554.2425 (o)
402.214.5943 (g)
402.708.2176 (m)

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary 
Warner
Sent: Monday, February 24, 2014 11:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Note WHERE in the doc the four mentions are as well:

None of the funds made available in
this Act may be used to maintain or establish a computer network unless such network blocks the viewing, downloading, 
and exchanging of pornography.

Porn block:
- p. 197  (Division B - Sec. 534) - Commerce, Justice & Science
- p. 684  (Division F - Sec. 555) - Department of Homeland Security
- p. 1021 (Division H - Sec. 528) - Labor, HHS, and Education
- p. 1128 (Division J - Sec. 409) - Military construction & VA

I believe when we are dealing with OMNIBUS bills, "Act" refers to anything within the Division where the word Act is 
mentioned - not to the overall Omnibus bill.

For example, Division H is sublabeled as:

DIVISION H—DEPARTMENTS OF LABOR, HEALTH AND HUMAN SERVICES, AND EDUCATION, AND RELATED AGENCIES APPROPRIATIONS ACT, 2014


----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and 
Joint Forensics Research
205.422.2113
gar () cis uab edu<mailto:gar () cis uab edu>

-----------------------------------------------------------

----- Original Message -----
From: "Tracy Beth Mitrano" <tbm3 () CORNELL EDU<mailto:tbm3 () CORNELL EDU>>
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Monday, February 24, 2014 11:21:31 AM
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Well I’ll be darned, it is mentioned four times in this document … along with China and detainees of Guantanamo and a 
host of other restrictions … but for the life of me, I do not know how or if the pornography provision has ever been 
challenged, perhaps I will post to the NACUA list and see if the legal eagles know more about it and get back to you 
guys.

Thanks, and to those who send me the unwrapped link especially!

Tracy


On Feb 24, 2014, at 11:36 AM, Manjak, Martin <mmanjak () ALBANY EDU<mailto:mmanjak () ALBANY EDU>> wrote:
Tracey,

It 404ed because the link is wrapped.

Try this:
http://docs.house.gov/billsthisweek/20140113/CPRT-113-HPRT-RU00-h3547-
hamdt2samdt_xml.pdf


Marty Manjak
ISO
University at Albany


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tracy Beth
Mitrano
Sent: Monday, February 24, 2014 11:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] 2014 Omnibus Appropriations Act & NIH funding

Hi Josh,

This case is interesting.  First, when I hit on the link, I get a 404 error.

More important, I cannot believe that this appropriation act would meet constitutional scrutiny.  Pornography is legal; 
obscenity and chid pornography are not.  Unless there are separate rulings related to grants or some such thing, the 
federal government is not allowed to restrict this form of "speech" via First Amendment law.

And as a matter of policy, UPenn strikes it exactly correct for a research university especially.

If you have more information on that act, please share?  (Maybe Time
Warner is blocking it! JK :-)

Tracy


On Feb 24, 2014, at 11:01 AM, Joshua Beeman <jbeeman () ISC UPENN EDU<mailto:jbeeman () ISC UPENN EDU>> wrote:
Hi,

I received an email recently from a grants administrator asking
whether or not we had a filter in place to block pornography.  Her
question was prompted by a new provision in the 2014 Omnibus
Appropriations Act, which (as I understand it) includes NIH funding.  The provision states:

"None of the funds made available in this Act may be used to maintain
or establish a computer network unless such network blocks the
viewing, downloading, and exchanging of pornography."

http://docs.house.gov/billsthisweek/20140113/CPRT-113-HPRT-RU00-h3547
-
hamdt
2samdt_xml.pdf

Penn does not block pornography at the border, because of the diverse
nature of research at Penn, and the problems with defining pornography.
That said, local network segments/subnets may have network security
devices (e.g., next generation firewalls, web proxy's, etc.) that can
perform this function.

Is anyone aware of and/or reviewing this new provision in relation to
grants and grant applications?  If so, any thoughts, suggestions,
comments?

Thanks, as always, for any input.

Sincerely,
Josh


--
Joshua Beeman
University Information Security Officer University of Pennsylvania /
ISC
3401 Walnut Street, Suite 230A
215-746-7077 / jbeeman () isc upenn edu<mailto:jbeeman () isc upenn edu>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]