Court Says College Can Snoop On Students' Email

from the no-privacy-violation dept

Mon, Aug 15th 2011 5:12am — Mike Masnick

There have been plenty of cases where courts have said that it's okay for an employer to snoop on (employer-provided) employee email accounts. And now there's a case saying basically the same thing for colleges and universities. As long as they provided the email system, there's apparently no violation of anti-snooping or data privacy laws. I definitely understand the reasoning here, though one might argue that the relationship between a student and a university is quite different than an employee and employer. And I could see how students might have a much higher expectation of privacy. Still, do students really use university email addresses any more, or do they have their own primary email accounts that they had before heading off to school?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: college, email, privacy, snooping, universities

45 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

abc gum, 15 Aug 2011 @ 5:21am

I assume that the student is charged an appropriate fee for use of said email system and therefore it is not the same as employer provided email. What's next ... ISPs are allowed to snoop on the email system they charge for?
[ link to this | view in chronology ]
- Jesse (profile), 15 Aug 2011 @ 7:33am
  
  Re:
  Why can't ISPs snoop? Why can't Google or Microsoft? (and yes I know they do with bots)
  
  Why can't Fedex open your mail they deliver? Why is electronic mail different?
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Aug 2011 @ 8:21am
    
    Re: Re:
    Why can't ISPs snoop?
    
    HTTPS. � SSL. � TOR. � PGP/GPG. � S/MIME. � AES. �.�.�.
    [ link to this | view in chronology ]
  - Bengie, 15 Aug 2011 @ 8:27am
    
    Re: Re:
    SPAM filters already "open" you email. Also, your email must be "opened" even to route. Yes, they are different.
    
    Shipping with FedEx/etc is more akin to sending an encrypted email.
    [ link to this | view in chronology ]
    - Anonymous Coward, 15 Aug 2011 @ 5:42pm
      
      Re: Re: Re:
      Exactly. It's going to be something resembling impossible to properly troubleshoot email routing without indecently seeing some parts of normal email. It's very unrealistic to expect that the administrator of the system you are using never to see the contents of your email if you don't encrypt it.
      [ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 5:33am

still use mine
I use my uni email addresses. They are required for school use such as communicating with instructors and sharing calendars. Also an .edu address is required for many services, such as Amazon Student.
[ link to this | view in chronology ]
- WysiWyg (profile), 15 Aug 2011 @ 5:35am
  
  Re: still use mine
  But do you use it for private mail?
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Aug 2011 @ 5:52am
    
    Re: Re: still use mine
    I use mine for private email. It's just easier because all school related emails go there. I have about 5 email accounts all together. I have a spam account, and a generic private email, though that one's become cluttered with enough spam from accounts Ive signed up for that I didn't want to bother clearing it out. It was just easier when I got my school email to just start over with that one.
    [ link to this | view in chronology ]
  - Anonymous Coward, 15 Aug 2011 @ 6:38am
    
    Re: Re: still use mine
    Just Amazon and one bank account. My entire purchase history is in there along with several bank account notifications. It wouldn't tell any snoopers who I am having sex with, where my dope is stashed, or what I really think of my profs, but It does show that I got a really sweet deal on light bulbs in may and where I transferred my financial aide money.
    [ link to this | view in chronology ]
- GonzoBobH (profile), 15 Aug 2011 @ 10:30am
  
  Re: still use mine
  Ditto.
  
  The Arizona state schools are all gmail based, and required for official communication from the school. Heck, even the local community college here also requires it.
  
  GBH
  [ link to this | view in chronology ]
  - David (profile), 16 Aug 2011 @ 6:22am
    
    Re: Re: still use mine
    The school I go to is also GMail based. I set it up to forward to my personal e-mail. I don't think I have logged into the account itself in months.
    [ link to this | view in chronology ]
Chris ODonnell (profile), 15 Aug 2011 @ 5:37am

I believe just about every school still provides an email address for each student. I suspect since the schools are sending important info, class schedules, etc via email now, they gain some cover against claims of not receiving it if they control the entire email infrastructure. If the kid is forwarding his campus email off to Gmail and didn't get the notice that a test time changed, it's not the schools problem since they did deliver the notice to his campus email address.
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 5:49am

Is it OK for Google to snoop on Gmail users' account, since they provide the system ?

Ah, sorry... they already do the automatic thing...
[ link to this | view in chronology ]
- dfed (profile), 15 Aug 2011 @ 6:23am
  
  Re:
  I'll up that ante:
  
  At many universities Google is providing the apps/email system. For example, UofMinnesota runs it's own google-powered nodes.
  
  Can google and the Uni both snoop that? Inquiring minds want to know.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Aug 2011 @ 7:25am
    
    Re: Re:
    My college also uses gmail. Any email to my edu account also shows up in my gmail inbox. It is like two addresses for the same mailbox.
    [ link to this | view in chronology ]
    - dfed (profile), 15 Aug 2011 @ 7:38am
      
      Re: Re: Re:
      I think it's a great idea from a management perspective. Outsourced to someone that does email/apps very well and it's probably very cost effective.
      [ link to this | view in chronology ]
- DannyB (profile), 15 Aug 2011 @ 6:34am
  
  The logical conclusion
  Taken to its logical conclusion, the only way people can protect themselves from this excuse for email snooping is for every person on the planet to run their own personal mail server.
  [ link to this | view in chronology ]
  - Gabriel Tane (profile), 15 Aug 2011 @ 6:41am
    
    Re: The logical conclusion
    Nah... if we get that 'open', they'll just introduce new regulations we would have to comply with that would include oversight into what gets sent. If you want to avoid snooping, you may as well drive over to the recipient's house and have a quiet conversation inside with a white-noise generator going and cover your lips while you talk.
    
    Or learn Navajo... did they ever break that language yet?
    [ link to this | view in chronology ]
    - MrWilson, 15 Aug 2011 @ 8:37am
      
      Re: Re: The logical conclusion
      It was a code based on Navajo, so even Navajo speakers who hadn't learned the code would be of little help in cracking it.
      [ link to this | view in chronology ]
  - Anonymous Coward, 15 Aug 2011 @ 7:07am
    
    Re: The logical conclusion
    ... the only way people can protect themselves from this excuse for email snooping...
    
    Encrypt your mail.
    
    Sheesh. People fought the �crypto wars� so that you'd have rights. Use them.
    [ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 6:14am

Email Encryption using Google Gmail and FireGPG and Gpg4win

For e-mail accounts management one could use Evolution or Thunderbird. Those allow people to handle dozens(or hundreds) of email accounts easily, well once you registered all of them that is.

Encryption should be second nature for people in todays world, where judges instead of erring on the side of privacy err on the side of others that want to violate that privacy.
[ link to this | view in chronology ]
Concerned citizen, 15 Aug 2011 @ 6:18am

Being a student is not the same
Employers pay people to be there and provide email as part of the paid job.
Students are not employees and pay to be there, email is part of the paid for service and should thusly have a client /provider privilege of privacy.
[ link to this | view in chronology ]
Gabriel Tane (profile), 15 Aug 2011 @ 6:21am

Same relationship?
I don't agree that Uni/Student is the same as Employer/Employee.

First, and obviously, I paid the Uni to go there... I wish it had been the other way.

Second, would the Uni be responsible for my actions? I know that Employers bear some responsibility for the actions of employees while in the course of business. But if I use my Uni-provided account to break the law (infringing, defamation, etc.), would the Uni be held responsible? And I mean actually held responsible, not just accused and included on a lawsuit only to be dismissed later.

While the fact that the Uni is providing that email service means they may have some standing of "well, it's our service, we're just letting you use it" to justify snooping, I don't think it's the same area as the Employer/Employee fight.
[ link to this | view in chronology ]
- Gabriel Tane (profile), 15 Aug 2011 @ 6:37am
  
  Re: Same relationship?
  I just re-read the post again and realized that it was NOT,in fact, trying to make a case of a similar relationship between Uni/Student and Employer/Employee.
  
  -1 for reading-comprehension fail today. :|
  [ link to this | view in chronology ]
senshikaze (profile), 15 Aug 2011 @ 6:24am

the community college I go to (yes, community college) *requires* use of a student email system (based on outlook online, I think. Doesn't work with Chrome on Linux, is all I know). Frankly, I have gmail hooked into it to pull messages and to send as that email address because the school requires all school related communication must be from your college supplied email address.

I do not, under an circumstances have that email account send anything even barely personal. It is for school and only for school.
[ link to this | view in chronology ]
c.meyer (profile), 15 Aug 2011 @ 6:35am

colleges and email
I worked for my college's info systems tech desk...the school had the students pay a technology fee, which covered their use of the entire network, as well as basic troubleshooting. part of that technology fee was the email system. Students were not mandated to pay the fee, but without it, they would miss out on the vast majority of teacher-sent emails and college sponsored emails.

most colleges that I know of will not send emails out to a private address unless required to do so by law or some other special circumstance.
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 6:35am

I would not be shocked in the long run to find that the owner of a domain can pretty much check whatever goes through their property. This isn't the US mail, there isn't any expectation of privacy. You give it to someone to give it to someone else.
[ link to this | view in chronology ]
Amy DeLouise, 15 Aug 2011 @ 6:45am

alumni use college email too
I know lots of folks who use--encouraged by the alumni office--their uni email addresses as alumns. That truly expands the universe for university email snooping. And honestly, how do they have the time?
[ link to this | view in chronology ]
Adam, 15 Aug 2011 @ 6:47am

Universities (I was a university administrator) provide students with email addresses (at no direct charge, usually) so they can communicate with the student body. The Registrar, Department Heads and Deans published schedules and announcements that way.

Students, however, do harass each other and send inappropriate messages to each other, so the university receives complaints about these and resolves them by "spying". What they do on private external accounts is their business. What they do on the university system can put at risk the reputation of the university.
[ link to this | view in chronology ]
- Gabriel Tane (profile), 15 Aug 2011 @ 7:05am
  
  Re:
  "What they do on the university system can put at risk the reputation of the university."
  See... this is where I have a problem with the whole thing. First, let me say I understand the need for a good reputation for universities (DUKE SUCKS!). A lot of their ability to attract attendance (and thus money) comes from that reputation. I get that.
  
  With that said... who the hell cares about what students say to each other? It's email. This is a few students talking to each other in a way that's not polite in society's view. And?
  
  You know what would garner more respect from me? A university that looks at a harassing string of email calling a student a Jew (derisively) and tells that student "stop opening the emails" and moves on to more important things, like the quality of education and rising costs of tuition and/or the Great Book Racket.
  
  And if there are a bunch of emails flying around 'hurting people's feelings'... did I miss the part where college students weren�t freakin adults? Do they need hand-holding and a widdle hug to tell them everything is going to be ok every time someone makes fun of them? Seriously? So instead of preparing young adults for the world that awaits, it�s now part of the university�s job to further shelter them so that nothing ever hurts them?
  
  If universities start taking that job of life-preparation seriously again, maybe people outside the university-sphere (like me) will care about university reputation.
  
  Sorry� rant over.
  [ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 6:47am

As long as they provided the email system, there's apparently no violation of anti-snooping or data privacy laws.

The fact that the school provided the system was only relevant to the SCA claim. The privacy claims were dismissed for other reasons. Perhaps you should actually read the case and understand the law before blogging about it. I know, I know. That's not going to happen.

I definitely understand the reasoning here, though one might argue that the relationship between a student and a university is quite different than an employee and employer. And I could see how students might have a much higher expectation of privacy.

How is "expectation of privacy" relevant here?
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 7:06am

Schools / Universities are not all the same.

There are at least four classes of such.

1. There are public (US concept of public) schools where the student pays to attend. The e-mail system at these schools is owned by government just as the school is.

2. There are private (US concept of private) schools where the student pays to attend. The e-mail system at these schools is not owned by government or the students.

3. There are public schools where the student is paid to attend (West Point being one such). The e-mail system at these schools is owned by government just as the school is and the students are government employees.

4 There are private schools where the student is paid to attend. This is especially true of company owned and managed training schools. The e-mail system at these schools is not owned by government or the students.

It is ludicrous to think that the law in each of the above situations is the same or that the students have the same rights and privileges.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Aug 2011 @ 7:22am
  
  Re:
  Ludicrous is dividing privacy into sections until nobody can know what it means.
  [ link to this | view in chronology ]
mike allen (profile), 15 Aug 2011 @ 7:36am

Most students now use their own email accounts mainly hotmail and only use he uni account for uni business talking to tutors etc. figures taken by talking to students at our uni 2 years ago.
[ link to this | view in chronology ]
Bengie, 15 Aug 2011 @ 7:43am

My take on things
Based on the link provided, the student in question was displaying threatening behavior through the email.

This seems less like a University being able to snoop in their student as much as an email provider being able in investigate threats against its own employees.

Normally, when an employee is threatened, the company in question would find all technical data involving the threat, then see about getting a court order from the email provider from which the email originated.

In this case, the company had full access to all relevant data and was able to skip over forcing another company, via court order, to hand over data.

There wasn't a whole lot of data provided and it really depends on the level of threat.
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 7:58am

Required
I had to have, and use the university supplied e-mail for a number of their services, but what it did allow me to do is set a rule to auto-forward all incoming e-mails to a pre-determined alternate that I controlled. If I received something important I would get it, and I would reply from my alternate e-mail. From that reply all of my teachers or other students would then e-mail me directly. All told I only logged in using that e-mail address maybe 4 times unless you count the grading system or online class portal.
[ link to this | view in chronology ]
ITWARZ, 15 Aug 2011 @ 8:02am

Fools!...
Looking for privacy online? Talk about a fool on a fool's errand! - ITWARZ
[ link to this | view in chronology ]
Jay (profile), 15 Aug 2011 @ 8:36am

That sound...
... You just heard, is the moving of half the student body's emails to more private accounts. Leave a message after the ---
[ link to this | view in chronology ]
CP, 15 Aug 2011 @ 9:01am

Nobody Uses University Provided Email
Nobody uses their university's provided email system anymore. The only reason they get used is when they have to verify they are a student with a .edu email address (Amazon's one free year of Prime for students). All the universities that I'm familiar with, including the one I attend, have email forwarding set up. All my .edu emails get forwarded to my GMail account. While I can see why this would cause an issues, I don't think it's as big as it would have been 10 years ago.
[ link to this | view in chronology ]
Drak, 15 Aug 2011 @ 10:08am

encryption
problem solved, snoop away.

http://www.mozilla.org/en-US/thunderbird/

http://enigmail.mozdev.org/home/index.php.html

http://www.gnupg.org/

Not universally usable but between two people it works well.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Aug 2011 @ 10:28am
  
  Re: encryption
  Not universally usable...
  
  Neither is internet email, anymore. Spam killed the early, hoped-for promise of universal email connectivity. Now the only �universal� is that some spam will get through the filters�and some desired email will be lost in the spam filters.
  
  I understand the younger kids look at email as old-folks' tech, anyhow.
  [ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 11:30am

More reason to use Lavabit

They can't check it even if they wanted to. All they can check is the headers.
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 1:53pm

Some people have to use college email systems. My community college not only gives you an email address but will only send things to that email address and will only respond to students if they send it from that email address.
[ link to this | view in chronology ]
Anonymous Coward, 15 Aug 2011 @ 4:48pm

I just graduated here in the UK, and while plenty of very important email was sent through the official university email service, I don't think anyone used that trashy website for anything else.

On topic of Employee-Employer vs Student-University relationships, its something I've never really understood and just accepted. As a student I was paying quite large fees for education, and the university was monitoring my internet usage and claiming the rights to all of my intellectual property (like an employer). Surely we are the employers, or at least just customers, whom have rights to privacy and self enterprise?
[ link to this | view in chronology ]
Ianto, 15 Aug 2011 @ 6:39pm

Um...
Sorry. Last I checked, my $40,000 a year that I'm paying for tuition helps keep the school afloat, and therefore, entitles me to have a snoop-free, university e-mail account. For them to think otherwise is as ridiculous as American seniors thinking they are entitled to Social Security and Medicare. Oh... wait...
[ link to this | view in chronology ]