Saturday, March 9, 2013

Email Privacy at Harvard


The Globe reports that Harvard read email sent via Harvard servers from 16 of its resident deans. I know nothing about what actually happened except what the Globe reporter told me; the story states that she has two independent sources, both of whom wished to remain anonymous to protect themselves. It appears that Harvard has confirmed the basic facts by informing the deans, some six months after the search of their email, that the search had in fact occurred.

Some background first of all.

Years ago I noticed Harvard's employee email policy. Here it is. It's in the employee manual, which for some reason is behind a login screen. I doubt that many Harvard employees have ever seen it or focused on it.
 Privacy/Management's Right to Access Information
Employees must have no expectation or right of privacy in anything they create, store, send, or receive on Harvard's computers, networks or telecommunications systems. Although many employees have individual computers or computer accounts, and while employees may make incidental personal use of University technology information systems, ultimately Harvard University has ownership over, and the right to obtain access to, the systems and contents. Incidental personal use is permitted so long as it does not interfere with job performance, consume significant time or resources, interfere with the activities of other employees or otherwise violate this policy, the rules of an employee’s local unit, or other University policies. Electronic files, e-mail, data files, images, software and voice mail may be accessed at any time by management or by other authorized personnel for any business purpose. Access may be requested and arranged through the system(s) user, however, this is not required.
This plainly gives Harvard complete access to the email of employees--"for any business purpose" cuts a very wide swath around the domain of permissible snooping. I understand that this is very much boilerplate for employee email accounts in corporations.

(Don't ask me why the fact that you have no email privacy as a Harvard employee is kept secure behind a login wall.)

In spite of this language, which permits Harvard to be quite intrusive, I have known only a few cases where Harvard probably read employee email. Every time there is an investigation of scientific fraud or embezzlement of university funds, I suspect the university would archive and inspect email. Be that as it may, this seems to apply to staff and administration, everyone from support staff (who are covered by collective bargaining agreements with the University) up to executive vice presidents.

The Student Handbook suggests that nobody is going to snoop student email, and that any student who reads the email of others is going to be in trouble.

Privacy of Information

Information stored on a computer system or sent electronically over a network is the property of the individual who created it. Examination, collection, or dissemination of that information without authorization from the owner is a violation of the owner’s rights to control his or her own property. Systems administrators, however, may gain access to users’ data or programs when it is necessary to maintain or prevent damage to systems or to ensure compliance with other University rules. 
Computer systems and networks provide mechanisms for the protection of private information from examination. These mechanisms are necessarily imperfect and any attempt to circumvent them or to gain unauthorized access to private information (including both stored computer files and messages transmitted over a network) will be treated as a violation of privacy and will be cause for disciplinary action. 
In general, information that the owner would reasonably regard as private must be treated as private by other users. Examples include the contents of electronic mail boxes, the private file storage areas of individual users, and information stored in other areas that are not public. That measures have not been taken to protect such information does not make it permissible for others to inspect it.
I wrote that. There is a little wiggle room there in the phrase "compliance with other University rules" but I don't remember it ever being used except when the force of law is behind the search. There may have been times when email was subpoenaed by law enforcement and the University complied. Under the PATRIOT act the University may have to turn over email without telling anyone about it, including the person whose email it is. There is absolutely no way to know whether that has ever happened.

When I looked at the employee policy about nine years ago, it seemed to me utterly dissonant with what faculty expected and assumed, and probably with the very spirit of free inquiry and exchange of controversial ideas that lies at the heart of academic culture. (I am sure it is also quite different from what most staff assume about their email, but I leave that aside.) With the help of several other members of the faculty, university attorneys, and administrators, I helped steer the development of a policy for faculty email. It reads as follows:

Harvard University Information Security


FAS Policy Regarding the Privacy of Faculty Electronic Materials


The Faculty of Arts and Sciences (FAS) provides the members of its faculty with computers, access to a computer network and computing services for business purposes, and it is expected that these resources will be used in an appropriate and professional manner. The FAS considers faculty email messages and other electronic documents stored on Harvard-owned computers to be confidential, and will not access them, except in the following circumstances.

First, IT staff may need access to faculty electronic records in order to ensure proper functioning of our computer infrastructure. In performing these services, IT staff members are required to handle private information in a professional and appropriate manner, in accordance with the Harvard Personnel Manual for Administrative and Professional Staff.  The failure to do so constitutes grounds for disciplinary action.
Second, in extraordinary circumstances such as legal proceedings and internal Harvard investigations, faculty records may be accessed and copied by the administration.  Such review requires the approval of the Dean of the FAS and the Office of the General Counsel. The faculty member is entitled to prior written notice that his or her records will be reviewed, unless circumstances make prior notification impossible, in which case the faculty member will be notified at the earliest possible opportunity.
So that is the background. Basically, email privacy is as sacred as paper mail privacy. You just don't slit or steam open envelopes addressed to other people, with extremely rare exceptions such as search warrants and PATRIOT Act demands. Where I have had a hand in drafting university policies I have tried to incorporate that understanding into the language, while still providing the compliance exceptions the lawyers say are necessary. When you look at faculty email, you have to inform the faculty member, afterwards if not before.

But what about the staff policy? It reads to me like a typical Terms of Service Agreement--written by lawyers on the assumption that almost nobody will read it, and that those who might read it will be too powerless to object. It puts all the authority in the hands of the University so that, if some official of the University does something stupid or invasive out of ignorance or malice, it will be hard for an employee to claim that the official broke any rules. From the standpoint of the university and its legal counsel, it's a nice, safe policy to have on the books, and that is why many businesses have similar policies.

Now come the facts as reported by the Globe. Last August 16, the Secretary of the Ad Board sent an email to (it appears) the resident deans in the Houses, advising them about how to counsel students who had been accused in the infamous Gov 1310 "cheating scandal." This email wound up in the hands of the Crimson, which wrote a story mentioning and quoting from it. It seems like this email was a helpful attempt to clear up any confusion in the minds of the resident deans of the Houses. It certainly does not seem to have been the sort of thing that should have raised FERPA worries, reports to state authorities, and so on.

I haven't seen the email, only the parts of it quoted by the Crimson. But the Crimson's account suggests it wasn't meant to become public, but didn't actually contain any truly confidential information either--no students are named, no secret double probation is discussed. It just describes what good advisors should tell advisees.

For some reason, the College was alarmed enough about this email becoming public that it scanned the emails of the resident deans to find out which one of them was responsible for the leak. As I am quoted as asking, it is hard to know why someone did not simply ask the resident deans which of them did it, if necessary pointing out that the University had the power to find out if no one was willing to come forward voluntarily.

Or does it really have that authority, as claimed? 

This becomes a matter of some dispute. Harvard maintains that the staff policy applies to Resident Deans, in which case Harvard can snoop the deans' email and don't have to tell them that is being done. The fact that the deans hold the academic rank of Lecturer, apparently goes the argument, does not make them faculty from the perspective of the email privacy policy. I am speculating to some degree, but I think the argument must be that their administrative responsibilities trump their faculty privileges. They gave up the protections enjoyed by faculty when they accepted the deanship.

And yet their status as faculty is intrinsic to their role as members of the Ad Board-- that is, the Board to which the Faculty of Arts and Sciences has delegated responsibility for Administering its rules. The Board is a faculty committee--and one whose purpose is educational, as the College itself states,
The Administrative Board is the committee of the Faculty of Arts and Sciences (FAS) responsible for the application and enforcement of undergraduate academic regulations and standards of social conduct. Established in 1890, the Administrative Board is among the oldest of the Faculty’s committees and it follows well-established procedures and practices that are designed to further the educational mission of the College.
An ordinary lecturer is certainly a faculty member when she teaches a course--I am sure we include courses taught by Lecturers when we report to US News the number of courses taught by faculty. Could she really lose her faculty status by virtue of representing the faculty on the Board to which it has delegated authority to administer its rules? If so, that would also be true for faculty who become other kinds of deans: Can Harvard read all of Michael Mitzenmacher's email (he is area dean for CS at Harvard)? Or mine, when I resume my role as Director of Undergraduate Studies in Computer Science? And presumably the Masters of the Houses, who also assume significant administrative responsibilities when they become Masters. And directors of Centers, etc., etc. If I understand the logic, all these folks lost the protections of the faculty email privacy policy when they agreed to accept their positions.

This was not anticipated in the drafting or adoption of the FAS faculty email privacy policy. And I doubt that very many of those who accepted these roles understood what they were giving up.

Whichever policy is applicable, this way of handling the situation seems to me--well, dishonorable, to mention a concept that has been in the air a lot this year because of allegations that Gov 1310 students (but not their professor) have behaved less than honorably. Why not tell people you are reading their email? Would it not be the honorable thing to do? What is to be gained by not doing that? Other than avoiding, perhaps, the embarrassment of acknowledging that you are doing something to which the targets would reasonably object if they knew it. Perhaps there are considerations I don't know; as I said I don't know any of the facts except those reported in the Globe. But it doesn't feel right to me, and it apparently didn't sit well with the resident dean quoted in the story.

This seems to me a sad incident which raises many questions. If an employee's boss wants to spy on her, who has to sign off on it and how does it get done? How many such searches have been done over the past five years? Is it always done without informing the target? Have the targets generally been people like these resident deans--people with both teaching and administrative appointments?

Probably what we are seeing here is the confluence of two forces. One, the authority of the faculty is in decline. Members of the Ad Board are being treated as staff, not faculty, because staff are more easily controlled than faculty, and the increasingly centralized power structure of the university values control very highly. And two, the thing that most needs to be controlled in the modern university is information itself. Our communications offices have grown while our library staff has shrunk. The faculty finds out about things by reading press releases and Gazette stories. In the information-control university, an email gone astray is grounds for a witch hunt.

Personally, I will probably, after four decades, respond by moving most of my personal and frivolous email to my gmail account, harryroylewis@gmail.com, and use my Harvard address strictly for business, checking it less often and batching my responses. I have long had a statement on my home page to use the address lewis@harvard.edu, which only I read. That will go now. I have always taken pride in being able to assure upset students and angry parents that no staff intermediary would process their message--it would go straight from their fingers to my eyes.  I used to favor Harvard email over gmail because I thought it protected me better. I figured, if someone issues a subpoena for my email, I would rather have Harvard's lawyers think about whether to comply than to know for certain that Google would comply. My assumption about the relative risks has now flipped. If something as innocuous as the leakage of the August 16 email justifies reading the email of a dozen faculty members, it is hard to know how low the threshold might be for invasion of our in- and out-boxes.

I am sure I and others will think of more questions in the coming weeks, but here is one that should be answered. We think that students are pretty well protected. But what about alumni? We urge seniors to acquire post.harvard addresses--mine is lewis@post.harvard.edu. Does Harvard retain the right to scan incoming email as it passes through the Harvard domain and gets redirected to the address to which the alum has bound the proxy address? Given the University's encompassing view of its rights to scan "employee" email, including faculty email when the faculty have administrative responsibilities, I would not assume that the university would feel constrained. I could not find any reassuring statement about the privacy of post.harvard email on the alumni web site. That is why I am not, yet at least, using lewis@post.harvard.edu as a convenient proxy address.

More generally, it seems to me that we have taken another step away from the old feeling that the university was a family, benevolently disposed towards its members and even lovingly indulgent. It has taken a step toward becoming instead a bristling corporation, with adversaries within who must be spied upon using all available tools, or perhaps an authoritarian government. (I have written about this before: see Campus Culture.) For most of my life Harvard has been both my work life and my personal life, inextricably entwined. But I too must now split them, and perhaps develop the thing a recent Crimson story credited me and Howard Gardner with lacking: a merely "transactional relationship" to the university.

Updated 11pm 3/10.
The NYT had a piece this morning that did not add much to the Globe story. A followup story has just been posted and is more interesting: http://nyti.ms/ZsAZdg
Michael Mitzenmacher posted an excellent piece this morning on his blog: Harvard Spies on E-mails
Richard Bradley also blogged: At Harvard, Secrets and Lies

34 comments:

  1. Holy c***! Harvard can read my e-mail now that I'm Area Dean! Thank goodness I only have the title a few months longer. Though I suppose, retroactively, they can go back through my e-mail and see how often I've been swearing about the administration to my colleagues while in this position.

    More seriously, thanks for the long post. This is an issue that should get attention, and should not die out quickly. Perhaps it should be a focal point for looking at the faculty/administration balance of power, or more positively for considering your university as a family theme.

    As is often the case these days, we're blogging in parallel. My initial post is at http://mybiasedcoin.blogspot.com/2013/03/harvard-spies-on-e-mails.html ; I expect, though, there may be more on this topic before it's through.

    ReplyDelete
  2. OMG. As usual, thank you for your clear thinking and moral compass, Harry.

    Can we pass a faculty resolution that a committee chosen by the faculty be given access to the president's, provost's and dean's email accounts to find out who ordered the snooping in the resident deans accounts? Since these people are all "employees" and not "faculty" you would think that they would have to conclude that turnabout is fair play.

    ReplyDelete
    Replies
    1. That's a good idea, but should they be notified? The issue here is not simply whether the email could/should be read, but whether and when the owner should be notified.

      Notifying the president, provost, and dean that their email is about to be trawled "in the interests of fairness" would be to treat them better. Still, mercy is a virtue.

      Delete
  3. Harry -
    One thing I think neither of us raised as a major point is that Resident Deans are one of the primary contact points between Harvard and the students. (Much more so, I think, than almost all Professors.) As such, one might presume that their e-mail should in fact have a greater presumption of privacy, as students are often conversing with Resident Deans on matters the students certainly would want to be treated as confidential (and I would assume a good amount of this conversing is by e-mail). The administration's actions potentially damages the Resident Dean-student relationship, making it harder for Resident Deans to support the student body effectively.

    ReplyDelete
    Replies
    1. Michael makes a good point - but as a student it only makes me less comfortable in an abstract way. I feel like Harvard has much bigger fish to fry when they crack open the RDs' email than whatever small drama I'm discussing.

      Delete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Thank you for fighting the good fight, Harry -- and for highlighting the real issue, which is the inexcusable failure to follow clear (and sound) policy simply because the ABRD's have no clout.

    I can attest that in the bad old days the school moved a long way toward transactionality in its relations with the ABST's, even as the ABST him/herself continued to be the primary champion of other values -- especially, COMMUNICATION on behalf of the Faculty -- in every student interaction.

    Would that leadership could have been found to undo the damage done by that first Deputy Dean of Org-Charts.



    (Hmph, didn't know Google would register me as SE. Oh well.)

    ReplyDelete
  6. Harry,

    That was a great great post. Covered everything we know so far.

    Such irony. A cheating scandal (a failure to follow rules), now involves a scandal by senior administrators for deliberately violating policy and failure to follow rules. Will they be dismissed?

    Who authorized this? Hammonds? Smith? Someone else? Who gave them the authority to do so? Bob Iuliano? Did The President know about this? Why the extended coverup?

    Ethics? Moral values? Clearly something is lacking here.

    Is this going to be swept under the rug? If Larry were still there, most everyone would be calling for his head right now.

    Sam Spektor

    ReplyDelete
  7. Harry--I wrote a long comment which seems to have just vanished somehow, but the gist of it was a) great post and b) who is to say that Harvard doesn't or won't monitor email coming/going to media outlets? Surely it wouldn't be difficult to create an alert for email addressed to @bostonglobe.com, @nytimes.com, @richardbradley.net, etc?

    A dean who has shown the willingness to use the power of technology simply because he can—and to do so in a secretive and non-transparent way—can't be trusted not to take it further. If he hasn't already. Dean Smith now has a credibility problem that, I think, has caused a breach of trust that may be irreparable.

    ReplyDelete
  8. Professor, as a member of the general public, if I choose to email a Harvard staff member, do I automatically lose any expectation to privacy and confidentiality with respect to the content of my email?

    This may not be a wild exaggeration as similar reasoning is being used by the US government to justify to the reading of any email between a US citizen and a non-citizen.

    Any thoughts?

    ReplyDelete
  9. Excellent post Harry. This is a sorry pass we've come to. There's not too much to add to what you have written, though it is my hope that Faculty Council will have some discussion this week.

    As has been pointed out two of the eighteen members of that FACULTY Council are resident deans, though it will doubtless be pointed out that they are only faculty when in the classroom or on faculty council.

    I indeed wish the steps you (and Sharon Howell in the Globe) suggest had been taken, but the absolute secrecy in all of this, presumably coming out of the General Council's office, is all too familiar these days.

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. Shocking. This is something you would expect from the People's Liberation Army. I wonder if there should be a legal injunction as well as a class action lawsuit for violation of faculty and student rights? the issue should can universities waive your rights to academic freedom? I would say there is a reasonable expectation of privacy in advising students. I'm sure students would agree despite the waiver that no one has really read :) If you can't get a lawyer, I would think the local ACLU would be very interested in this high impact case of national scale. Good luck professors. Let us know in the outside world, if you want to collect funds for such a class action move.

    ReplyDelete
  13. I'm surprised that the immediate reaction of a computer science faculty member to a breach of trust by an e-mail provider is to switch to gmail (another e-mail provider), instead of making the secure choice: run your own SMTP server. I've been doing it for a decade, and I can assure you, once it has been delivered, nobody reads my e-mail without talking to me first.

    ReplyDelete
  14. This is an extremely helpful and informative post. Thanks, Harry, for untangling a lot of knots.

    The whole story is somewhat confusing.

    A theme that emerges in some of the reportage and some of the comments is the sense of an overreaching administrative structure at Harvard. Professor Waters is quoted in this morning's New York Times story saying that "I think what the administration did was creepy," and Professor Ogletree expresses the hope that "it means the faculty will not have something to say about the fact that things like this can happen."

    But wait a second. Isn't it a better-than-even chance that the administrators who directed this search, or at least expressed the expectation that the "leaker" should be identified, were themselves members of the faculty? Who will rid me of this turbulent leaker? Is it really the knights to blame for the subsequent crime?

    It does seem more damaging to Harvard's reputation when light shines on our somewhat desperate fear of having the possibility of fallibility revealed than it ever would be if we simply acknowledged our mistakes (and our capacity for error).

    But does this always and everywhere come from overly ambitious staff? Or is it perhaps in part a product of the disjointed way authority and responsibility are parceled out -- often in pretty mismatched ways -- in our organization?

    It seems as though the predictable outcome of this will be to hold responsible the administrators who carried out this action in some way, and it is possible that careers will be deflected, damaged, or ended. That will be seen as cutting back the kudzu of staff and their authority, at least for now.

    But those who held authority in this choice and who are also tenured will not likely lose their leadership roles or the authority of their administrative posts. That is to say, it's a culture tailor-made for blame-shifting. And being on the staff side of that balance, sometimes it feels as though a major reason for the growth of administrative staff is simply to assure a sufficiently large pool of people designed to take the blame for bad decisions made by those who, under the terms of our culture, cannot make bad decisions.

    ReplyDelete
  15. It is important to make some distinctions that this story does not quite touch on, but that bear on it directly.

    1) Public vs private universities.

    The emails and all other correspondence of public institutions and any other institutions covered by either state or federal Freedom of Information Act (FOIA) laws are subject to inspection at all times for a variety of legal reasons. In some states this right accrues to private institutions. I presume Harvard is not covered by this, but major public institutions definitely are.

    2) Privacy in general vs privacy from administration.

    Internal rules (like those at Harvard) may provide parts of the population with protection from searching by the administration, as in this case. That does not necessarily entail the communications are absolutely private, especially where the institution is covered by FOIA. For example, an employee is entitled to the entirety of their personnel file, which may include a variety of emails, and can obtain these at any time through a FOIA request. Such requests are typically not made known to the persons whose files have been searched.

    3) Corporate privacy.

    Some commentators above appear shocked to learn that emails to employed individuals may not be private. They are not private. Everything that goes in and out of any corporate email address is routinely searched and scanned and even acted upon by internal staff and software, to detect anything from corporate malfeasance/espionage to criminal activity. The legal basis for searching my (private) email to a (corporate) email account (for example, don@ibm.com) is not clear to me, but I believe it's well-established in case law, as far as the corporation's own use for its own legal purposes related to its business conduct (ie, were I to email and ask for insider trading information or for trade secrets to which I'm not entitled, I'd expect legal action against me)--I am not sure that information discovered that way could be used to act against me for purposes not related to the corporation's business. I would presume that many Universities also use this software at least with regard to staff, although I would also expect that both students and faculty would typically not be considered appropriate targets for scanning--today.

    ReplyDelete
  16. What I find rather disconcerting about this whole fuss is that no one seems too concerned about what the e-mail actually said, i.e. that the deans "might suggest to students accused of cheating who were varsity athletes that they withdraw voluntarily, rather than face being forced out and losing a year of athletic eligibility." [quoted from today's New York Times]

    I am ignorant of the legal rights of Harvard students, but if I were a non-varsity athlete forced to withdraw, I would be consulting a lawyer.

    ReplyDelete
    Replies
    1. Having made this comment, I have read the text of the e-mail on the Crimson website. While it appears more innocuous than what was reported in the Times, I find it even more damning.

      The gall is in the apparent assumption that the students who took the LOA are guilty (more effective than waterboarding in ferreting out the evildoers, one might suggest)

      ". . . The only folks that may want to really consider an LOA are those students who know that they cheated."

      "Fall term athletes may also want to consider taking an LOA before their first game. The reason this matters for athletes is that once they compete one time their season counts and they would lose eligibility if they had to take a year off and return. . ."

      Delete
    2. Interesting. My take is that the text of the email (in the greater context of Harvard academic culture, perhaps) is more or less entirely innocuous. I read the advice on LOA as practical, "this is how it's going to happen" frankness.

      To be honest, my concern about "what the email actually said" is precisely that it seems so harmless -- how can we expect the university to react when there's a truly damning leak? (And given the royal mess we've seen in recent months, we might almost expect that there's something waiting to see sunlight...)

      Delete
  17. The backstory is a bit more complicated. Official Harvard policy bans the university from looking at mail written by faculty members going through the Harvard domain, except in extraordinary circumstances. But the university apparently regarded the resident deans not as faculty but as administrators, even though they teach courses - college privacy.

    ReplyDelete
  18. This comment has been removed by a blog administrator.

    ReplyDelete
  19. This comment has been removed by a blog administrator.

    ReplyDelete
  20. This comment has been removed by a blog administrator.

    ReplyDelete
  21. This comment has been removed by a blog administrator.

    ReplyDelete
  22. This comment has been removed by a blog administrator.

    ReplyDelete
  23. This comment has been removed by a blog administrator.

    ReplyDelete
  24. This comment has been removed by a blog administrator.

    ReplyDelete
  25. This comment has been removed by a blog administrator.

    ReplyDelete
  26. This comment has been removed by a blog administrator.

    ReplyDelete
  27. This comment has been removed by a blog administrator.

    ReplyDelete
  28. This comment has been removed by a blog administrator.

    ReplyDelete
  29. This comment has been removed by a blog administrator.

    ReplyDelete
  30. This comment has been removed by a blog administrator.

    ReplyDelete