may be thankful Sir Peter--Sir
Peter Shepheard, a Visionary Landscape Architect and Planner--never
saw Blanche Levy Park, his pedestrian-oriented area', degrade
into a high-speed bicycle raceway because our university hasn't
the courage to insist on good social citizenship. Penn is quite
likely the only school among the Ivy League wherein bicycle-riders
deliberately plow into walkers with a hearty "get the hell
out of my way!" And it ain't hell' they're yellin'. I
honestly believed that after that potential student's mother suffered
a broken collarbone during a campus tour somebody in charge would
wise up and take charge. But then I also thought we'd see some action
after a co-worker had her ankle snapped on the Walnut Street sidewalk
last April. Penn placed two nice green trashbins against the wall.
Now we can slink to and from work. Like the lady says, "It
isn't a family anymore, it's a business." Well it's bad business
when employees and customers are laid up murmuring to lawyers.
Briggs, Van Pelt Library
(to "Bicyclists vs. Pedestrians")
University does have a Bicycle Policy that has been in effect since
1994. The Penn Police actively enforces the policy. A section of
the policy reads as follows:
addition to University policy, the Pennsylvania Vehicle Code and
the Philadelphia Code prohibits any person above the age of twelve
from riding a bicycle on any sidewalk or pedestrian pathway in a
business district. The Penn campus area meets the definition of
a business district. University Police are authorized to enforce
both the Pennsylvania Vehicle Code and City of Philadelphia Ordinances.
Consequently, those found in violation of the Pennsylvania Vehicle
Code would qualify for issuance of a Traffic Citation.
Police officers on foot and on bicycles are aware of and share the
safety concerns that pedestrians have relative to unsafe operation
of bicycles on campus walkways. Officers are detailed to campus
walkways every day to enforce appropriate ordinances. Through visible,
proactive patrol, our officers will make the walkways of our campus
safer for all members of our community.
a member of the community should observe a bicycle operating in
a manner inconsistent with University policy, I encourage you to
bring the situation to the attention of the Penn Police by reporting
this activity to the department. Walk to the nearest Blue Light
emergency phone and report the activity to our Communications Center.
An officer will be dispatched and the situation will be managed
appropriate to the offense.
A. Rambo, Chief of Police
recently received e-mail notification of the new "U@Penn"
system whereby faculty/staff payroll information will be web-accessible.
I am writing to express my deep concern at the implementation of
the this system. I do not see any compelling rationale for putting
payroll/benefits information on the web, and the security exposure
take considerable effort to avoid putting personal information,
such as home address, home telephone number, social security number,
credit card numbers, etc., on any computer where they could be accessed
from the outside even in principle. This system will make it possible
for a malicious hacker to obtain even more sensitive information
am aware that ISC has gone to some lengths to ensure that the system
is as secure as possible. However, the security relies entirely
on the integrity of my PennNet password. This password has been
stolen at least once in the past, probably by a sniffer program,
and I have to anticipate that it will be stolen in the future. Even
without the password vulnerability, however, history has shown that
systems believed to be totally secure can have hidden weaknesses
that come to light only when there is a major breach of security.
is of course a tradeoff between convenience and security. For example,
student records are also on the web via the PENN InIouch and other
systems. That is a case where I would agree that the convenience
of students and designated faculty and staff accessing the information
outweighs the putative risk of its becoming public. Salary information
is, I believe, in a different category. I have never needed to know
my benefits status at 10 p.m. on a weekend--waiting until working
hours to contact my business administrator or the Benefits Office
has been perfectly acceptable up to now.
hope that Penn will rethink the implementation of the U@Penn
A. Heiney, Professor of Physics
(to "Convenience vs. Confidentiality")
are in complete agreement with Professor Heiney that the need to
maintain the confidentiality of personal information is extremely
important. We can assure him that we have given the matter careful
attention with regard to U@Penn.
This is a responsibility that we all take very seriously. We also
recognize that the innovative use of technology may entail some
risks, which must be balanced against opportunities to enhance service
delivery and improve administrative efficiencies. We believe that,
in this case, the appropriate safeguards have been taken to mitigate
the risks while achieving some significant benefits.
ability to control data and content presented, along with the current
state of access controls, will provide increased convenience to
the Penn community through a fast, secure and easy to access web
application. In an environment where administrative efficiency is
a desired goal, U@Penn
will reduce calls on business administrators' time as well as reduce
the number of "back office" inquiries permitting focus
on the more complex service needs of the faculty and staff. Due
diligence has been performed to protect and secure the information
in accordance with University security policy and best practices.
information is not actually stored within the web application; it
is only when an individual selects information on the U@Penn
site that the information is retrieved from the personnel/payroll
system and displayed. If the application is not accessed, the data
remains secured in the existing payroll/personnel system. There
is no "identifying information" presented on screens with
the actual personal data. In addition, a time-out factor is employed
so that if an individual fails to log out and/or respond within
a predetermined period, the session is automatically logged off.
The application verifies that an individual has a valid record on
the personnel/payroll system and all activity to U@Penn
the last several years, increasingly more stringent requirements
for passwords have been in place making it more difficult to "guess"
passwords. The web security software in use does not permit the
transmission of clear text passwords and encrypts them. The servers
on which the applications operate are not general purpose machines,
e.g. do not run e-mail, are located in a secure facility and operate
behind "firewalls", which further reduce the risk of unauthorized
believe that U@Penn
will provide faculty and staff with a convenient means of accessing
their information, but we also recognize that individuals may choose
not to use this convenience. For the Penn community in general,
will be a fast, secure and flexible means of obtaining information
that would otherwise require significant verbal or written communications.
Robin H. Beck, Vice President for Information Systems and Computing
-- Kenneth B. Campbell, Comptroller
John J. Heuer, Vice President for Human Resources
HERE for more information on the new U@Penn web-based service.
Out welcomes reader contributions. Short, timely letters on University
issues will be accepted by Thursday at noon for the following Tuesday's
issue, subject to right-of-reply guidelines. Advance notice of intention
to submit is appreciated. --Eds
Almanac, Vol. 48, No. 33, May 7, 2002