Harvard Searched Email Subject Lines Of Faculty To Sniff Out Leak
from the why-people-keep-private-emails dept
We've written a few times about employers snooping through the emails of employees, and for the most part, courts have found this to be legal. There are a few exceptions -- such as for attorney/client communications -- but for the most part, if you're using work provided email, they can spy on it. Of course, just because they can doesn't mean they should. As we've been pointing out for over a decade, doing so probably fosters an environment of paranoia, which may not be the most productive. Still, it's a bit surprising to see that Harvard University chose to snoop through the emails of staff members in trying to hunt down the source of a leak. Specifically, the university searched the emails of 16 deans, telling them about the search a few days later. Again, even though this is likely legal, it seems odd that a university like Harvard would do it, as it inevitably creates distrust with some of its most important staffers. Indeed, the news apparently has faculty and staff up in arms.Havard has defended the search by arguing it was very limited -- just to specific accounts and just to subject lines:
Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University's IT Department. It was limited to the Administrative accounts for the Resident Deans — in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one's emails were opened and the contents of no one's emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the 'metadata' — the name of the sender and the time the emails were sent — was returned.The issue, though, is the expectation of privacy and the level of trust built up between staffers and the university -- and actions like this, even when done narrowly and carefully, can break down that trust in significant ways.
"The Resident Dean whose account had been identified was asked about the incident and voluntarily reviewed his/her own sent items and confirmed that she/he had indeed forwarded the message to two students. Although the Resident Dean's actions violated the expectations of confidentiality surrounding the Administrative Board process, those involved in the review and the conversation with the individual were sufficiently convinced that it was an inadvertent error and not an intentional breach. The judgment was made not to take further action.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, harvard, privacy, searches, trust
Companies: harvard
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
No one made you read it.
I don't know why you think they should have the same privacy while using their employers email system.
Next time, before bitching, maybe read what I actually wrote. I merely pointed out the impact on morale. I didn't say they had to have the same privacy protections, but that it would impact how they felt about their employer.
Do you deny that?
Moreover if you work at Harvard, presumably you're not dumb enough to use your work email to leak shit that'd get you fired and you'd also know your work email wasn't secure.
No one got fired, so, um, what was your point again or do you always post whiny comments without knowing what you're talking about?
Please try to find something worthwhile to whine about.
You first.
[ link to this | view in chronology ]
Re: Re:
Then I laughed.
[ link to this | view in chronology ]
Re: anonymous coward
OH yeah, working at HARVARD there must be a prerequisite for not being dumb enough to use your work email to leak shit that could get you fired LMAO. Honey, there is no degree in common sense, even though people who work at Harvard do seem to have an affiliation with an egotistical arrogant sense of self-entitlement, which might actually have something to do with people being too smug to imagine they'd get caught.
[ link to this | view in chronology ]
That. I understand why companies choose to monitor their employees mailboxes but this will make the environment stressful. I tend to avoid companies with strict IT management.
[ link to this | view in chronology ]
Harvard violated there own IT policy
While it might be contractually legal, Harvard violated there own IT policy by not providing prior written notice.
http://news.slashdot.org/comments.pl?sid=3533395&cid=43132925
It's probably not actionable in the legal sense, but it tells the faculty and students what the university thinks of rules. With schools pulling these kind of stunts, is it surprising that many highly educated people treat laws and ethical rules as something to be ignored?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
No. Every place I've worked in the past two decades are upright and forthcoming about this. "You may think that's your email account, but it's not." It was his institution email address, not even his personal institution email address. He had no expectation of privacy in that situation. I'm glad it worked out for him/her. Those around them who are up in arms about this are wrong.
Yes, I think it was bungled overhandedly in this case, and I suspect that faculty member is going to want to leave now. Who wants to work for a-holes who treat their assets like this?
[ link to this | view in chronology ]
Not surprising
And snooping subject line is "less invasive" enough. They would have had ordered fulltext search of the mails. There are many tools out there offering to do fulltext search on mail server data files. IMO seeking for "subject" only is involves more work then otherwise.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
“comment” +/- unspecific scoring (Where n1, n2, n3 and n4 are unique to each individual.)
+n1 “a very narrow, careful, and precise subject-line search”
+n1 “,did not involve a review of email content, limited to a search of the subject line, the contents of no one's emails were searched,”
-n3 “Harvard violated there own IT policy by not providing prior written notice” (thanks Arther Moor)
-n4 “search was conducted”
etc.
This all adds up to some unspecific analysis different to everyone. n1 + n2 + n3 + n4 = subjective answer.
When an employee does not trust upper management it cuts off vital internal communication. I mean, its not like one to speak to anyone who is considered hostile or as unfairly taking advantage of you. No good can come from fragmented management or isolation of personnel.
A University might have a different level of expectation of privacy than say from a Utility company billing department's e-mails to delinquent customers. Whatevr the company policy is its how it is implementation on an individual basis that is most important.
Most feared is probably the immediate supervisor who may be looking for the usual advantage over other managers/employees and has no scruples (read as 'bully') about privacy or your career goals.
[ link to this | view in chronology ]
Harvard spying on its own deans does not surprise me!
Allowing private developers to use IMMINENT DOMAIN to force someone to sell their home and land for the purposes of building A MALL, because 'malls' are something people (the public) like and want and need. SO even though a Mall or a Nike factory isn't publicly owned or actually publicly used, except by consent of the owners, that's still good enough to steal your property at a crappy price so some rich guy can make money. Who cares if it's the family farm your family has owned and lived on for over 100 years, that shoe factory is MUCH more important.
Enforcing the national defense act, allowing the government to use warrantless wiretaps, detain individuals without right to trial or counsel INDEFINITELY, YEAH THAT'S all about freedoms & rights & stuff like that. Harvard sucks.
[ link to this | view in chronology ]