The letter from EDUCAUSE, addressed to the General Services Administration, provides comments on the Federal Acquisition Regulation (FAR) Case 2023–010, specifically regarding the prohibition on the use of ByteDance applications, such as TikTok, within federal contracts and federally funded research environments. EDUCAUSE, representing over 2,100 higher education institutions, expresses appreciation for the opportunity to contribute insights from the higher education cybersecurity community and underscores the unique challenges that colleges and universities face in complying with this regulation, given their complex and multifunctional IT environments.
EDUCAUSE requests greater clarity in several areas of the interim rule, including the definition of “covered application,” the intended scope and implementation details of compliance measures, and the delineation of “information technology” and “incidental” equipment. The association also emphasizes concerns about mandating technology-based controls over policy-based approaches, given the operational and financial complexity of higher education IT infrastructure. EDUCAUSE asks that the final rule clarify the application of exceptions for security research, better define what constitutes prohibited use—especially on personal devices—and provide explicit guidelines for differentiating between general purpose and covered network infrastructure. Finally, EDUCAUSE, with the support of COGR, offers to collaborate further with federal agencies to ensure that regulatory requirements address compliance objectives without unnecessarily hindering academic and research activities.
