I’m not sure how many of our friends to the south are aware of this, but using web services hosted in the United States is deemed to be a threat to the rights of Canadian students.
Indeed, a public institution such as the one I work for is expected to take ‘rigorous measures’ to “mitigate against illegal and surreptitious access” of students’ private data. What that means has been left open to interpretation, but apparently a student’s email address can constitute private data, and the effect has been a common perception that telling students to set up accounts on Flickr or WordPress.com represents a potential breach of the law. In the absence of a clear sense of what can and cannot be done, our old friends Fear, Uncertainty and Doubt become the default policy drivers.
I haven’t heard the groovy President-elect say anything about revoking the PATRIOT Act (then again, I don’t have cable TV, maybe he said it on Larry King), so I’m not expecting change I can or cannot believe in.
As someone who would like to see higher education tapping more of the fine online applications available outside the academy, and who intuitively favours a platform-agnostic, let-the-students-decide approach to tool selection, the personal privacy issue has been something of a showstopper. I can’t tell you how many times I have known of some free, popular online service that could meet a specific need quickly and easily, only to be shot down by the question “is it hosted in Canada?”
I’m kind of surprised some company hasn’t set up some sort of subscription-based proxy or hosting service for US-based apps to protect private data. The higher education market in Canada alone would be substantial. (As usual, the librarians have moved ahead on this, for example by setting up Canadian-based hosting for RefWorks.)
So I have this naive idea that wider adoption of OpenID might alleviate this problem. Not every service accepts OpenID, but lots of good ones do. I don’t know whether we should look into becoming OpenID providers ourselves, but at the very least, perhaps we can back a trusted Canadian-based OpenID provider so student data stays in the Great White North.
I’ve asked around, and am not sure whether I should be pushing this or not. Scott, while assuring me this wasn’t an idiotic idea, also cautioned me that this would not necessarily be easy to do… Then, as he often does, he said a bunch of smart stuff I didn’t really understand.
Then I run into the problem of explaining how OpenID works to the people I would need to support such a plan. To address this particular challenge, I was grateful to come across OpenID Explained, a very nifty tutorial – now, can I get people to look at it…
If I haven’t made my fuzziness clear, rest assured I would grateful for feedback on any of the above.