In his book "NetPolicy.com", Leslie David Simon lays out the history of Internet and information technology policy, describes the efforts of the Clinton Administration regarding information technology policy, and makes recommendations for the future of information technology policy. Using this discussion as a basis, one can consider the leading policies and concepts that drive information technology efforts at Cornell University within the perview of Cornell Information Technologies (CIT).
CIT's policy efforts come from two sources. Official, documented policy is developed within the Policy Office of the Office of Information Technologies. The Policy Office has developed and promulgated four campus-wide policies that affect the entire Cornell community. (Five additional policies are under development as of this writing.) These policies are "Abuse of Computers and Network Systems" of June 1990, "Policy 5.1, Responsible Use of Electronic Communications" of October 1995, "Policy 5.2, Mass Electronic Mailing" of January 2003, and "Policy 5.3, Use of Escrowed Encryption Keys" of January 2003. Though made general enough to be applied throughout the disparate information technology systems at Cornell, these policies each address a specific issue that were found to require some form of standardization or formalization. None of these policies address the overall environment of information technologies at Cornell.
The second source of information technology policy at Cornell is the de facto policy developed by the choices of technology and architecture of and contracts for information resources at Cornell. For example, by deciding to utilize Kerberos for authentication, authorization, and auditing (AAA) within Cornell's administrative resources, CIT has effectively set a policy for the nature of AAA on those systems. Also, the user agreement ResNet customers sign before gaining access to the ResNet network stipulates certain conditions and behaviors when using that resource. Though no explicit policy has been developed behind these agreements, these conditions and stipulations enact a security and acceptable use policy on those users. As with the documented policies developed by the CIT Policy Office, these de facto policies are applied to specific and limited information technology implementations and are not designed to be used more generally.
The general policies Simon discussed, specifically those developed as part of the Clinton Administration's "National Information Infrastructure: Agenda for Action", apply directly to Cornell's environment. For example, among other directives, the Agenda calls for universal service at affordable prices; promotes technological innovation and new applications; promotes seamless, interactive, user-driven operation; and seeks information security and network reliability.
Using these directives as a base, a policy should be created for Cornell to act as a guide for all policy development at Cornell, both for policies promulgated through the University Policy Office and for policies that are created through technology, architecture, and usage requirements. In addition, this policy should stipulate that appropriate levels of protection should be applied to the confidentiality, integrity, and availability of Cornell information resources. Also, where possible and/or mandated by law, the privacy of Cornell students, staff, faculty, and affiliates should be protected and their personal information should be used in an appropriate manner. Cornell policy must consider local, State, and Federal laws regarding information resources. Above all, information technology policies should facilitate Cornell's mission to educate and perform research. All information technology policies should be considered potential benchmarks and examples for other institutions and for policy development within Cornell's many departments and offices.
A more general policy stating the goals and ideals considered most important to the University must be created. Once created, this policy can help base future policy development on a solid foundation. Though future policies may address specific and diverse technological issues, these policies will be consistant with other policies with that same foundation, strengthening the collection of policies and moving Cornell toward its goals and ideals.