Hacker News new | ask | show | jobs
by crazygringo 36 days ago
I really don't know what to tell you. You're literally calling for universities to either break the law or not worry so much about following it, and calling people who do want to be careful about following the law "incompentent and useless".

If you don't see how extreme that is, and how much society would break down if everyone started thinking laws were optional and ought to be ignored when they prevent you from accomplishing your "mission", I just don't know what to tell you.
2 comments
ndriscoll 36 days ago
Quite the contrary: society very obviously runs because people ignore policies and laws constantly. That's why following all laws exactly is considered a protest or subversion strategy: malicious compliance.

Like the entire AI industry could only work by completely ignoring copyright law. Basically no software could be written if developers were concientious enough to check for and avoid patents first. Tradesmen ignore safety policies. Doctors ignore limits on hours. People do work on their homes with no permits.

Part of being an adult is exactly knowing which rules are important and which you ignore.

link
crazygringo 36 days ago
Individuals can choose which laws to ignore, like when they jaywalk.

Corporations, universities, etc. are very different. They create policies which are documented and which their employees are required to follow. They engage in risk analysis.

"Part of being an adult" has nothing whatsoever to do with the laws and regulations that apply to organizations. You're making a severe category error.

link
ndriscoll 36 days ago
Organizations are made of individuals who I assure you regularly ignore or don't even read the policies they are "required" to follow.
link
crazygringo 35 days ago
I don't know what world you live in. Everywhere I've ever worked, that gets you fired. Real quick.
link
ndriscoll 35 days ago
I've worked at a couple F100s and a startup.

At IBM, vim was specifically banned by legal because of reputational risk because the license asks you to consider donating to children in Africa, and IBM didn't want to be called out for not doing so. Guess which editor pretty much everyone in my org used? We also weren't allowed to move furniture because of some union agreement, but guess how many people cared when furniture mysteriously moved from an empty office room into ours? None.

At the startup, people in our satellite office in Arizona openly mocked the California HR harassment training over lunch. It was also an open secret that one of the managers started dating a report. As far as I know many years later they've both moved on to other jobs and they're still together. Nothing bad happened.

Breaking some policies will absolutely get you fired, but that's mostly around doing things you shouldn't be doing, and even then usually only matters if someone else that has some power might themselves get in trouble/have more work/lose something because of what you did. Others no one will care about. Again, part of growing up is figuring out which policies have a purpose and which came from some busybody.

I also already gave the entire AI industry as an example. We know for a fact that Meta trained on pirated material, and it's pretty obvious that everyone else does too. It's blatant industry wide flouting the law. The realpolitik answer here is everyone knows that enforcing the law here would be the final nail in the coffin for China superceding the West, so it's not going to happen.

link
trollbridge 36 days ago
Just to be clear:

E-mailing a student their grade is not "breaking the law".

Not e-mailing a student their grade is not "being careful about following the law". It is just sheer laziness.

A university may develop a policy of "we don't e-mail grades" for another reason, but FERPA is not a valid reason.

link
crazygringo 36 days ago
"Just to be clear":

It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.

There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.

link
trollbridge 36 days ago
Yes, I have written software that would email a student information that was in scope for FERPA.

It’s rather simple to restrict sending email to @student.uni.edu and then further force their email to match the username and email address that is synced from the SIS.

How much FERPA compliant software have you written?

link
crazygringo 35 days ago
That's great for you. I've been in meetings with lawyers around FERPA compliance.

You are right that if you are creating a custom tool you can create that restriction easily.

But if you are creating a learning management system where administrators can configure it a million different ways and the university lawyers want to make sure that administrators don't set it up the wrong way, it makes sense to have that safeguard.

You are looking at the wrong level here. This isn't a software coding issue around technology. This is a policy compliance issue around people. When you create tools you have to consider the possibility of those tools being misused by an employee and mitigate those risks when possible.

link