I don't think blocking a specific set of IP addresses constitutes deep packet inspection. If they were reading the payload contents for strings matching the CourseTable site, that would qualify.
This looks like the block page you get from a Palo Alto firewall. The feature set includes traffic inspection, among many other things. We've got a couple where I work, they are pretty great firewalls actually.
The type of block they're describing could easily be implemented in simple stateless firewall, something like iptables. No deep packet inspection is needed to block based off of header info like src/dst ip, port, or protocol.
DPI specifically means examining the payload of the packet. This is not DPI.
You don't think they probably force their students through a HTTP Proxy (which will have a different address) than the one a ping ends up originating from?
I'm with the parent, I doubt they're doing DPI here.
I'm sure no Yale student has ever heard of tethering and that blocking the site on the Yale network will effectively prevent very smart students from reaching this website.
You would think that the Yale administrators would know better than this.
I bet you a significant portion of the traffic is now coming over the mobile phone. If 40% of the students preferred that site, I'd bet its enough of an improvement to warrant some small-screen browsing.
If anything, it's symbolic and indicative of future actions. The university has demonstrated 'defending itself' and now they have evidence of anti-authoritarian protest and dissent directed at the them, and the next logical step is legal action.
This public shaming will be received as insulting and provocative, and the deans will attempt to assert their dominance through the courts.
Preventing students from accessing the website is neither the goal nor is it a desired side-effect -- the goal is intimidation and generating evidence of wrong-doing. It's a game of poker for the administration and they showed their hand, and now they're waiting for the OP to call their bluff. This will not end well.
What's the purpose of Yale censoring certain websites? I find it hilarious that people spend so much money to go to Yale, and some of that money goes to inspecting what they're browsing.
Preventing malware outbreaks on the Yale internal network?
Many University networks are intentionally pretty open on the inside. Last I was at Uni, for example, CIFS was not blocked. CIFS is a common vector for malware to spread across a network.
So, blocking access to known malware hotspots works as a form of preventative maintenance. With a student body of 5,000 you are virtually guaranteed to have a cohort of that archetype of user that acquires new malware on a daily basis.
Edit: Obviously that isn't a good reason to block THIS website, just responding to the general question of filtering in the first place.
If it were only deep packet inspection, the solution would be simply to prefix https:// and be done with it. As other posters have remarked, I suspect the article means an IP based block.
It doesn't matter whether you control the user environment to covertly install the MITM certificate. You simple notify your network users this is happening with instructions on how to install the certificate.
Either the user installs it or not, it's their choice.
I am in no way advocating this abhorrent system of 'security'. Simply noting that it is obviously done in the workplaces and in many workplaces. That it can also be done here under 'security' pretences.
> It doesn't matter whether you control the user environment to covertly install the MITM certificate. You simple notify your network users this is happening with instructions on how to install the certificate.
Respectfully, I disagree. This is certainly possible, but from an operational perspective this would be a nightmare. Even setting aside the likely backlash that would follow in response to such a sweeping policy change, university networks largely consist of diverse, user-managed devices, and supporting a transition through such a change would have a non-trivial cost.
We are, of course, talking in only hypotheticals. Unfortunately, this is a trend that is becoming more popular in the private business sector on their networks. I cannot foresee a indicator that would prevent this trend crossing over to universities.
Individuals at their workplace do also have user managed devices, they also are 'outraged'.
For what it's worth, at my university, UNC Chapel Hill, there are two networks, one of which requires you to install a custom root certificate, and is the network that the university prefers you connect to. For devices on which this is not possible, there is another network which only requires that you register your device's MAC address to your university id for access.
Regardless of which option you choose, you are required to install another program (unless the OUI of your MAC indicates that it is a device other than a computer) which scans your computer for malware and any software which the university does not allow you to have, such as torrenting applications, and will not allow you to connect to the network until after your machine is cleared. This program must be running the entire time you are connected to the network or you will be disconnected.
As a student who works as tech support in the dorms, it certainly is a nightmare!
Oy. Students at your university certainly have my sympathy.
I've always been leery of the mitm cert, not only from the users' perspective, but also from that of the organization. If a rogue administrator used the cert to set up a "real" mitm for a local bank's site, I think the school would be on the hook for that. That's just one example; one could imagine other variations on that theme. Whereas, if the school simply acted as a normal ISP, that whole class of vulnerabilities simply doesn't apply.
I'd be really shocked if that's the case, they're essentially sabotaging their own security by exposing a single surface for attack for MITM attacks.
Most corporate environments typically do not "proxy" SSL, I know this from experience administrating networks and later abusing this with an SSH tunnel on port 443 allowing me unfettered access.
I'd be very interested in technical details on how that's implemented if it is.
Actually most SSL based browsers will transmit the domain cleartext as part of SSL handshaking. This was added so virtual hosting webservers can all have independent certs on the same IP
See the following link for the specifics ... but needless to say its easy to block SSL access with a transparent proxy or layer 7 firewall. (which based on the error page looks like a Palo Alto device which definitely can do this...)
I thought my school was bad but reading this makes the administration at my school look like angels. When I launched a similar service at UNC Chapel Hill, the IT dept blocked requests from my server to theirs for scraping latest data.
They claimed I was creating excess load, which is silly because if they really did the math, given how many people were using my service I was probably saving them resources.
To me it feels like people protecting their little kingdoms within a large organisation.
There is no market in which you have to compete against the new (superior) competitor so the only tool you are left with are fallacies like referring to regulations and proper protocol.
Semi-unrelated but, plenty of corporations see these fallacies as the best (and sometimes only) tools. In large markets money, political connections, and entrenched position are king.
Having worked in a large profit center IT dept at an Ivy League, I know first hand how many bad apps are developed and how many hundreds of millions are frittered away (or in some cases tantamount to stolen). I think working with students to open source and support apps is a way to go. The university concerns are: looking bad, students using an esoteric language, messy programming style or move on. If universities had more open APIs and data like the city of San Franciso, more apps could be developed to make use of the data in novel ways, as opposed to permission-based "culture of 'No.'"
Also this incident makes Yale look really bad... This could end some careers.
From my experience working several times with a large state university, this is absolutely true. The managers and administrators in the university IT division tend to be lifetime employees, who have absolutely zero perspective on IT except what they've experienced internally. Nepotism is rampant, incompetence the norm, and the whole environment is incestuous, corrupt, and highly political.
Some students at my university created a website to turn your timetable into a file that could be imported into a calendar app by screen scraping the timetabling website. The University actually helped out with hosting it and providing access to their SSO system. Win win.
I've done the same at my university, and they've mostly turned a blind eye to it. The timetabling department expressed concerns about students relying on timetables that are outside the university's direct control but have thankfully not taken any action.
I was just thinking, "they wouldn't have done this at Carolina" but I guess I was wrong. When I was there you could run a torrent server out of Old West and no one cared.
UNC invested in what was initially planned to be the most expensive academic ERP system ever, and which then went way over budget and schedule.
The result? An even older version of PeopleSoft (which apparently is Oracle's second-tier offering) than what was being sold to other universities in prior years.
It's barely useable at all. It's utter shit-ware. The prior in-house system, which was early-90s HTML presumably layered over 1980s mainframe software, was MUCH better.
Personally, I am convinced that this was a MASSIVE kickback scheme. Tens of millions, possibly hundreds of millions, have been stolen from the State of North Carolina, and people need to go to jail for it.
IIRC the project actually did get a special appropriation from the NC legislature, but don't quote me on that.
This isn't just incompetence, I think it is actually a cover for massive fraud. I know, always blame things on stupidity if you can... but from what I know, no, you can't in this case.
I wish some enterprising journalist would hurry up and investigate this... could net them a Pulitzer or something. That is why I am posting this comment.
zaidf, if you didn't realize this already (and you probably did), when you made your alternative portal, you were fucking with some very powerful people.
Meanhwhile, UNC has also been uncovered as using the Afro Studies department to hand out free grades to athletes for decades. There were hundreds of courses and grades listed that literally did not happen. Fraud is absolutely rampant at UNC. Maybe that's why our new Chancellor left after like a year? The state of NC needs to completely clean house.
Haha you nailed it. I met with their main tech boss who was an older gentleman who basically kept telling me that the new system they have planned to roll out(from Oracle) will have the features that my site had. My site basically texted students soon as a class opened up. It got crazy traction.
I'm also well aware of the grading scandal as I still run a grade distribution site called blinkness.com which is heavily used on campis(even though I left unc years ago). We have a feature on the site called "Top A classes" and the professor in question always ranked very highly :)
I worked at a .edu for ~8 years. While I never had to experience it firsthand (thank $deity), I can't begin to count the number of horror stories I've heard from my peers at other organizations with regard to PeopleSoft. I don't believe I've ever heard of an implementation even going "okay".
Side note: those of you building apps aimed at specific industries, consider education (both K-12 and higher ed). As I said, I was at a .edu for ~8 years and, in my current role, I deal with a lot of K-12 schools. Both will spend outrageous amounts of money for decent software applications.
I also created something somewhat similar[0] for my school (Penn), and the only reason we didn't get shut down was because we don't make it easy to know how professor stack up against one another.
Having FIRE's[1] RSS feed[2] in my daily reading has dissuaded me from that belief. "Unlearning Liberty" by Greg Lukianoff (FIRE's President) has a chapter of Yale.
There are valid objections to that claim, no question. But students asserting this in their defense nevertheless has a great deal of power, because universities still want to be bastions of free speech. It is close to the core of the self-image of university and college faculty members (and an awful lot of the administrators, too), even when the reality falls short of that ideal. So these words make a very strong moral argument in context, and might succeed in building on-campus support where other arguments wouldn't.
I expect the official explanation to be something like "we cannot endorse an unofficial service that might give misleading information to our students."
Every censor does it from an honest desire to keep this terribly misleading information away from the unknowing masses.
I don't think Yale is blocking the service in a conspiratorial effort to stymie students, but from a not well thought out desire to babysit.
There is no way that a valid copyright claim can be made over the underlying data because it is a statement of fact. Such a work is not eligible for copyright protection.
Does this apply even when the "copyright holder" has meaningfully manipulated the information in order for it to be in a useful form? Have they imparted some IP that is now protected in some way?
IE, could I mirror deep-level sports statistics without attribution? One would think the agency I "took" it from had applied meaningful resources to extrapolating this data, which may be in fact be statement of fact.
My understanding (as a non-lawyer) is that it depends on your jurisdiction. In the US, copyright normally only applies to works of creative expression, and not to facts or ideas. However, you can argue that the selection of facts that are compiled into a database involves creativity; in that case, the database as a whole may be protected, even though the individual facts aren't.
IANAL, but since the database is just (presumably) all of the classes at Yale, it's hard to see how their selection could be copyrightable. I haven't used the app, but it's quite possible they have course descriptions in there too, though, which are copyrightable.
But then there's the separate question of why Yale wants to do any of this.
> But then there's the separate question of why Yale wants to do any of this.
I suspect that providing easy/effective access to course and professor ratings trampled on some feet. Somebody's course enrollment is hurting and making somebody look bad.
But what are these people thinking? Do they really think Yale students are so lame they can't get around censorship easily to get the data they want? If the students are that lame they need to select better students, it seems to me.
In the US, yes, the selection and arrangement of facts _can_ be protected by copyright.
It needs to be an arrangement or presentation that involves a significant degree of creative choice, not an arrangement that is obviously inherent in or determined by the facts themselves. (For instance, an alphabetic arrangement of terms would obviously not be copyrightable either, but the order of a list of buildings ranked by prettiest might be).
The individual sports statistics are definitey not protected by copyright -- nobody can require me to get permission to tell you that Joe Blow has an RBI of X. But if you copy the entire database of sports statistics from someone, and present them in the same order/categories, those elements (selection and arrangement) _might_ be copyrightable -- it depends on the specifics and how well the lawyers make their case that the particular selection and arrangement involved were creative choices, not just obvious in the data itself.
In the U.S. , that you "applied meaningful resources to extrapolating" is completely irrelevant to copyright -- that it took lots of resources to assemble purely factual information still does not make them copyrightable. This is known as the 'sweat of the brow doctrine', and the courts in the U.S. decided that it did _not_ apply to copyright here. http://en.wikipedia.org/wiki/Sweat_of_the_brow#US_copyright_...
"Armed robbery at the corner of Ellis and Leavenworth St." "Not news."
"Your kid flunked his math exam." "Not news."
Just because somebody chooses to use Nazi Germany as an example, does not mean that they do not have a point. It certainly does not make them automatically wrong.
Something like this happened at the university in the city I live in. There was an apparently awful service for signing up for classes called BearTracks [1] and someone made a scraped version of it that was better called BearScat [2]. Eventually the university basically incorporated the better version into theirs (to, I understand, mixed results).
tl;dr -- the crux of the issue (right or wrong) is making the evaluation information too public. From the news story:
> "[Administrators' primary concern was] making YC [Yale College] course evaluation available to many who are not authorized to view this information,”
> "[Administrators also asked] how they [the site operators] obtained the information, who gave them permission to use it and where the information is hosted."
Edit: Agreed, I don't buy these are the real reasons.
They claim that's the crux of the issue. But consider: if they're concerned about outside access, why are they blocking access to the site for precisely the set of people who actually are authorised to view the information?
One of the principal issues raised here - and not squarely addressed in the post or the article to which it links - is the extent to which average subjective ratings of courses and professors should be permitted to dominate the decision-making processes of students.
Note that Yale's complaint included concerns over "the prominence of class and professor ratings", and the student developers' response was to remove "the option of sorting classes by ratings". Subjective five-point ratings can be useful in many contexts, but in the context of education they can also give rise to genuine pedagogical concerns about the way in which students choose their courses.
Looking at the screenshot in the post, it is not difficult to see that the pattern of enrolments might very quickly become skewed towards those classes with higher average evaluation ratings (whatever such ratings might mean). If that happens, it suggests that some students may be making decisions about the courses in which they enrol based principally on factors other than their interests, abilities and future career paths, or without critical thought. Whilst other factors are relevant, including those for which an average of subjective evaluation ratings might be a plausible heuristic, that does not mean those factors should be the primary or predominant factors.
Without seeking to defend or condone Yale's response, there is more to the story than the tale of student censorship presented in the post.
Yale has the same student feedback/rating data available in their official online coursebook. From what I understand, ybbplus/coursetable was simply aggregating it in a way that made it easier for students to use. If there is something fundamentally wrong with subjective ratings, it seems strange that Yale would provide it in one context and censor it in another.
Maintaining data integrity is probably fairly important to them. By allowing a separate service which is used by a significant portion of the students, the system is open to serious exploitation. Professors can get black-balled by disgruntled system administrators or hackers, just by screwing with the numbers.
Yale owning both the data and the interface is understandably important to them, though this might be an opportunity for the creators to work with the administration to reform the current system.
Blackmail is illegal, and intentionally screwing with ratings is almost certainly libel. Both of those hypothetical can be dealt with by the law already; I don' think there is much sense in warping copyright law to protect you from the possibility of those things happening.
While there's potentially a debate to have over that topic (I'm sure the creators and some users of this site disagree with those concerns), the University's decision to censor the site strikes me as far less defensible than the existence of the site itself. So respectfully the fact that there's "more to the story" on that basis alone isn't terribly salient.
How are the students interests, abilities, and future career paths served by taking bad courses from professors with no interest in teaching, because they're too busy giving interviews / doing research? Perhaps Yale should let the students balance all factors, including what their peers thought of the class. It's not as if the website casts a spell on their feeble brains and removes any consideration of critical thought. Is it Yale's duty to protect its customers from truths they "cannot handle"? Would you say Yale should ban Amazon book rankings, in case the student doesn't know how to handle a one-star ranking and decides to burn the book?
Many rankings are indeed subjective (books.. classes.. movies) - in fact that's rather the point: to render ones opinion.
Yes, but CAS is a single sign-on system likely used throughout their internal network, so they're probably not able to disable it without disrupting authentication to a large number of other unrelated systems.
Harvard did this in 2003. It even went so far as to accuse me of using the word "The" improperly, in a copyright line where I properly attributed credit to "The President and Fellows of Harvard College," when http://www.harvard.edu at the time said the exact same thing (and apparently still does). I left Harvard early (with a degree), and then I wrote a book about it.
134 comments
[ 3.2 ms ] story [ 60.0 ms ] threadStill, this is a stupid move by Yale.
... not that that constitutes DPI either.
DPI specifically means examining the payload of the packet. This is not DPI.
I'm with the parent, I doubt they're doing DPI here.
There's a million other reasons to use https as well.
The way to get around transparent proxies is to use HTTPS btw.
You would think that the Yale administrators would know better than this.
This public shaming will be received as insulting and provocative, and the deans will attempt to assert their dominance through the courts.
Preventing students from accessing the website is neither the goal nor is it a desired side-effect -- the goal is intimidation and generating evidence of wrong-doing. It's a game of poker for the administration and they showed their hand, and now they're waiting for the OP to call their bluff. This will not end well.
Some things just make sense to do at national scale, even if there are a small minority who don't appreciate the benefits.
Many University networks are intentionally pretty open on the inside. Last I was at Uni, for example, CIFS was not blocked. CIFS is a common vector for malware to spread across a network.
So, blocking access to known malware hotspots works as a form of preventative maintenance. With a student body of 5,000 you are virtually guaranteed to have a cohort of that archetype of user that acquires new malware on a daily basis.
Edit: Obviously that isn't a good reason to block THIS website, just responding to the general question of filtering in the first place.
Either the user installs it or not, it's their choice.
I am in no way advocating this abhorrent system of 'security'. Simply noting that it is obviously done in the workplaces and in many workplaces. That it can also be done here under 'security' pretences.
Respectfully, I disagree. This is certainly possible, but from an operational perspective this would be a nightmare. Even setting aside the likely backlash that would follow in response to such a sweeping policy change, university networks largely consist of diverse, user-managed devices, and supporting a transition through such a change would have a non-trivial cost.
Individuals at their workplace do also have user managed devices, they also are 'outraged'.
Regardless of which option you choose, you are required to install another program (unless the OUI of your MAC indicates that it is a device other than a computer) which scans your computer for malware and any software which the university does not allow you to have, such as torrenting applications, and will not allow you to connect to the network until after your machine is cleared. This program must be running the entire time you are connected to the network or you will be disconnected.
As a student who works as tech support in the dorms, it certainly is a nightmare!
I've always been leery of the mitm cert, not only from the users' perspective, but also from that of the organization. If a rogue administrator used the cert to set up a "real" mitm for a local bank's site, I think the school would be on the hook for that. That's just one example; one could imagine other variations on that theme. Whereas, if the school simply acted as a normal ISP, that whole class of vulnerabilities simply doesn't apply.
It's not a technical limitation but a moral one.
Most corporate environments typically do not "proxy" SSL, I know this from experience administrating networks and later abusing this with an SSH tunnel on port 443 allowing me unfettered access.
I'd be very interested in technical details on how that's implemented if it is.
See the following link for the specifics ... but needless to say its easy to block SSL access with a transparent proxy or layer 7 firewall. (which based on the error page looks like a Palo Alto device which definitely can do this...)
https://idea.popcount.org/2012-06-16-dissecting-ssl-handshak...
http://github.com/ngokevin/senioritis
They claimed I was creating excess load, which is silly because if they really did the math, given how many people were using my service I was probably saving them resources.
There is no market in which you have to compete against the new (superior) competitor so the only tool you are left with are fallacies like referring to regulations and proper protocol.
See http://en.wikipedia.org/wiki/Crony_capitalism for details on political abuses, and http://en.wikipedia.org/wiki/Barriers_to_entry for examples of these fallacies.
There's no such thing as open market as long as there is also government and regulation (not that government or regulation are bad or anything).
But you're right, they're not the only tools. They're just (unfortunately) the strongest ones for those than can wield them.
Also this incident makes Yale look really bad... This could end some careers.
The result? An even older version of PeopleSoft (which apparently is Oracle's second-tier offering) than what was being sold to other universities in prior years.
It's barely useable at all. It's utter shit-ware. The prior in-house system, which was early-90s HTML presumably layered over 1980s mainframe software, was MUCH better.
Personally, I am convinced that this was a MASSIVE kickback scheme. Tens of millions, possibly hundreds of millions, have been stolen from the State of North Carolina, and people need to go to jail for it.
IIRC the project actually did get a special appropriation from the NC legislature, but don't quote me on that.
This isn't just incompetence, I think it is actually a cover for massive fraud. I know, always blame things on stupidity if you can... but from what I know, no, you can't in this case.
I wish some enterprising journalist would hurry up and investigate this... could net them a Pulitzer or something. That is why I am posting this comment.
zaidf, if you didn't realize this already (and you probably did), when you made your alternative portal, you were fucking with some very powerful people.
Meanhwhile, UNC has also been uncovered as using the Afro Studies department to hand out free grades to athletes for decades. There were hundreds of courses and grades listed that literally did not happen. Fraud is absolutely rampant at UNC. Maybe that's why our new Chancellor left after like a year? The state of NC needs to completely clean house.
I'm also well aware of the grading scandal as I still run a grade distribution site called blinkness.com which is heavily used on campis(even though I left unc years ago). We have a feature on the site called "Top A classes" and the professor in question always ranked very highly :)
Side note: those of you building apps aimed at specific industries, consider education (both K-12 and higher ed). As I said, I was at a .edu for ~8 years and, in my current role, I deal with a lot of K-12 schools. Both will spend outrageous amounts of money for decent software applications.
[0] coursegrapher.org
1) http://thefire.org
2) http://thefire.org/feeds/news/
Every censor does it from an honest desire to keep this terribly misleading information away from the unknowing masses.
I don't think Yale is blocking the service in a conspiratorial effort to stymie students, but from a not well thought out desire to babysit.
So it seems you've met a few Yalies? b^)
IE, could I mirror deep-level sports statistics without attribution? One would think the agency I "took" it from had applied meaningful resources to extrapolating this data, which may be in fact be statement of fact.
I'm purely playing devil's advocate.
See: http://en.wikipedia.org/wiki/Copyright_law_of_the_United_Sta...
But then there's the separate question of why Yale wants to do any of this.
I suspect that providing easy/effective access to course and professor ratings trampled on some feet. Somebody's course enrollment is hurting and making somebody look bad.
It needs to be an arrangement or presentation that involves a significant degree of creative choice, not an arrangement that is obviously inherent in or determined by the facts themselves. (For instance, an alphabetic arrangement of terms would obviously not be copyrightable either, but the order of a list of buildings ranked by prettiest might be).
The individual sports statistics are definitey not protected by copyright -- nobody can require me to get permission to tell you that Joe Blow has an RBI of X. But if you copy the entire database of sports statistics from someone, and present them in the same order/categories, those elements (selection and arrangement) _might_ be copyrightable -- it depends on the specifics and how well the lawyers make their case that the particular selection and arrangement involved were creative choices, not just obvious in the data itself.
In the U.S. , that you "applied meaningful resources to extrapolating" is completely irrelevant to copyright -- that it took lots of resources to assemble purely factual information still does not make them copyrightable. This is known as the 'sweat of the brow doctrine', and the courts in the U.S. decided that it did _not_ apply to copyright here. http://en.wikipedia.org/wiki/Sweat_of_the_brow#US_copyright_...
D&B and Lexis-Nexis have aggressively defended the copyright status of various aspects of their respective databases of facts, for example.
Say you had an public online store selling products.
Could somebody take those prices, aggregate them and let people see?
My understanding was that you can sue over that and that sites like Kayak or CamelCamelCamel used APIs.
Can anybody comment on whether this is
If you're numb to it, then it's imperative that it is news.
Imagine when the headlines read "Millions killed in Nazi camps" and people said "This is not news."
the most shocking realisation for me about the Snowden leaks was how apathetic people were toward their own civil liberties.
"Israel/Palestine peace talks halt." "Not news."
"Millions die of malaria." "Not news."
"Armed robbery at the corner of Ellis and Leavenworth St." "Not news."
"Your kid flunked his math exam." "Not news."
Just because somebody chooses to use Nazi Germany as an example, does not mean that they do not have a point. It certainly does not make them automatically wrong.
Let me use one of the examples provided by Crito below.
[1] https://www.beartracks.ualberta.ca/ [2] http://www.bearscat.ca/
> "[Administrators' primary concern was] making YC [Yale College] course evaluation available to many who are not authorized to view this information,”
> "[Administrators also asked] how they [the site operators] obtained the information, who gave them permission to use it and where the information is hosted."
Edit: Agreed, I don't buy these are the real reasons.
So pretentious, did a teenager write this?
if my university implemented a scheme like this, i'd feel exactly the same way.
Note that Yale's complaint included concerns over "the prominence of class and professor ratings", and the student developers' response was to remove "the option of sorting classes by ratings". Subjective five-point ratings can be useful in many contexts, but in the context of education they can also give rise to genuine pedagogical concerns about the way in which students choose their courses.
Looking at the screenshot in the post, it is not difficult to see that the pattern of enrolments might very quickly become skewed towards those classes with higher average evaluation ratings (whatever such ratings might mean). If that happens, it suggests that some students may be making decisions about the courses in which they enrol based principally on factors other than their interests, abilities and future career paths, or without critical thought. Whilst other factors are relevant, including those for which an average of subjective evaluation ratings might be a plausible heuristic, that does not mean those factors should be the primary or predominant factors.
Without seeking to defend or condone Yale's response, there is more to the story than the tale of student censorship presented in the post.
Yale owning both the data and the interface is understandably important to them, though this might be an opportunity for the creators to work with the administration to reform the current system.
Many rankings are indeed subjective (books.. classes.. movies) - in fact that's rather the point: to render ones opinion.
I hope I don't give the administration any good ideas here, but I would seem that they have a much more efficient way to disable the site.
http://www.aarongreenspan.com/authoritas.html
Some things never change.