Harvard Searched Email Subject Lines Of Faculty To Sniff Out Leak

from the why-people-keep-private-emails dept

We've written a few times about employers snooping through the emails of employees, and for the most part, courts have found this to be legal. There are a few exceptions -- such as for attorney/client communications -- but for the most part, if you're using work provided email, they can spy on it. Of course, just because they can doesn't mean they should. As we've been pointing out for over a decade, doing so probably fosters an environment of paranoia, which may not be the most productive. Still, it's a bit surprising to see that Harvard University chose to snoop through the emails of staff members in trying to hunt down the source of a leak. Specifically, the university searched the emails of 16 deans, telling them about the search a few days later. Again, even though this is likely legal, it seems odd that a university like Harvard would do it, as it inevitably creates distrust with some of its most important staffers. Indeed, the news apparently has faculty and staff up in arms.

Havard has defended the search by arguing it was very limited -- just to specific accounts and just to subject lines:
Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University's IT Department. It was limited to the Administrative accounts for the Resident Deans — in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one's emails were opened and the contents of no one's emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the 'metadata' — the name of the sender and the time the emails were sent — was returned.

"The Resident Dean whose account had been identified was asked about the incident and voluntarily reviewed his/her own sent items and confirmed that she/he had indeed forwarded the message to two students. Although the Resident Dean's actions violated the expectations of confidentiality surrounding the Administrative Board process, those involved in the review and the conversation with the individual were sufficiently convinced that it was an inadvertent error and not an intentional breach. The judgment was made not to take further action.
The issue, though, is the expectation of privacy and the level of trust built up between staffers and the university -- and actions like this, even when done narrowly and carefully, can break down that trust in significant ways.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, harvard, privacy, searches, trust
Companies: harvard


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 11 Mar 2013 @ 4:39pm

    There is a problem in mixing work and private business in the same accounts, in that the employer has reasonable right of access to communications about the official business. Use web mail for private communications if employers policy allows.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 11 Mar 2013 @ 4:47pm

    Another big yawner. I don't know why you think they should have the same privacy while using their employers email system. Moreover if you work at Harvard, presumably you're not dumb enough to use your work email to leak shit that'd get you fired and you'd also know your work email wasn't secure. Please try to find something worthwhile to whine about.

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 11 Mar 2013 @ 6:27pm

      Re:

      Another big yawner.

      No one made you read it.

      I don't know why you think they should have the same privacy while using their employers email system.

      Next time, before bitching, maybe read what I actually wrote. I merely pointed out the impact on morale. I didn't say they had to have the same privacy protections, but that it would impact how they felt about their employer.

      Do you deny that?

      Moreover if you work at Harvard, presumably you're not dumb enough to use your work email to leak shit that'd get you fired and you'd also know your work email wasn't secure.

      No one got fired, so, um, what was your point again or do you always post whiny comments without knowing what you're talking about?

      Please try to find something worthwhile to whine about.

      You first.

      link to this | view in chronology ]

    • identicon
      rebecca olesen, 17 Mar 2013 @ 2:13pm

      Re: anonymous coward

      yes, says the guy who won't even put a fake name on his comment.

      OH yeah, working at HARVARD there must be a prerequisite for not being dumb enough to use your work email to leak shit that could get you fired LMAO. Honey, there is no degree in common sense, even though people who work at Harvard do seem to have an affiliation with an egotistical arrogant sense of self-entitlement, which might actually have something to do with people being too smug to imagine they'd get caught.

      link to this | view in chronology ]

  • icon
    Ninja (profile), 11 Mar 2013 @ 5:14pm

    As we've been pointing out for over a decade, doing so probably fosters an environment of paranoia, which may not be the most productive.

    That. I understand why companies choose to monitor their employees mailboxes but this will make the environment stressful. I tend to avoid companies with strict IT management.

    link to this | view in chronology ]

  • icon
    Arthur Moore (profile), 11 Mar 2013 @ 6:24pm

    Harvard violated there own IT policy

    To paraphrase what was said on slashdot:

    While it might be contractually legal, Harvard violated there own IT policy by not providing prior written notice.

    http://news.slashdot.org/comments.pl?sid=3533395&cid=43132925

    It's probably not actionable in the legal sense, but it tells the faculty and students what the university thinks of rules. With schools pulling these kind of stunts, is it surprising that many highly educated people treat laws and ethical rules as something to be ignored?

    link to this | view in chronology ]

  • icon
    Jesse (profile), 11 Mar 2013 @ 8:45pm

    Who is using weak email for important leaks? Tormail, Tormail, Tormail!!!

    link to this | view in chronology ]

  • icon
    tqk (profile), 11 Mar 2013 @ 8:54pm

    The issue, though, is the expectation of privacy and the level of trust built up between staffers and the university -- and actions like this, even when done narrowly and carefully, can break down that trust in significant ways.

    No. Every place I've worked in the past two decades are upright and forthcoming about this. "You may think that's your email account, but it's not." It was his institution email address, not even his personal institution email address. He had no expectation of privacy in that situation. I'm glad it worked out for him/her. Those around them who are up in arms about this are wrong.

    Yes, I think it was bungled overhandedly in this case, and I suspect that faculty member is going to want to leave now. Who wants to work for a-holes who treat their assets like this?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Mar 2013 @ 9:17pm

    Not surprising

    When there's a leak and the higher power wants to know where is the leak, they'll order to find it out by all means, sometimes even less legal ones.

    And snooping subject line is "less invasive" enough. They would have had ordered fulltext search of the mails. There are many tools out there offering to do fulltext search on mail server data files. IMO seeking for "subject" only is involves more work then otherwise.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Mar 2013 @ 9:44pm

    They should have just searched the email of everyone then key staff could not bitch about being singled out.

    link to this | view in chronology ]

  • icon
    special-interesting (profile), 12 Mar 2013 @ 7:17am

    Everyone has some internal clicker or checklist on whether to trust anyone or organization and its common for many not to trust their own boss or firm.


    “comment” +/- unspecific scoring (Where n1, n2, n3 and n4 are unique to each individual.)

    +n1 “a very narrow, careful, and precise subject-line search”

    +n1 “,did not involve a review of email content, limited to a search of the subject line, the contents of no one's emails were searched,”

    -n3 “Harvard violated there own IT policy by not providing prior written notice” (thanks Arther Moor)

    -n4 “search was conducted”

    etc.

    This all adds up to some unspecific analysis different to everyone. n1 + n2 + n3 + n4 = subjective answer.


    When an employee does not trust upper management it cuts off vital internal communication. I mean, its not like one to speak to anyone who is considered hostile or as unfairly taking advantage of you. No good can come from fragmented management or isolation of personnel.

    A University might have a different level of expectation of privacy than say from a Utility company billing department's e-mails to delinquent customers. Whatevr the company policy is its how it is implementation on an individual basis that is most important.

    Most feared is probably the immediate supervisor who may be looking for the usual advantage over other managers/employees and has no scruples (read as 'bully') about privacy or your career goals.

    link to this | view in chronology ]

  • identicon
    Rebecca Olesen, 17 Mar 2013 @ 2:10pm

    Harvard spying on its own deans does not surprise me!

    Harvard is nothing but a factory turning out fascism disguised as 'liberal' doctrine. It doesn't surprise me at all. Look at what some of the Harvard graduates are doing around the government and the supreme court.

    Allowing private developers to use IMMINENT DOMAIN to force someone to sell their home and land for the purposes of building A MALL, because 'malls' are something people (the public) like and want and need. SO even though a Mall or a Nike factory isn't publicly owned or actually publicly used, except by consent of the owners, that's still good enough to steal your property at a crappy price so some rich guy can make money. Who cares if it's the family farm your family has owned and lived on for over 100 years, that shoe factory is MUCH more important.

    Enforcing the national defense act, allowing the government to use warrantless wiretaps, detain individuals without right to trial or counsel INDEFINITELY, YEAH THAT'S all about freedoms & rights & stuff like that. Harvard sucks.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.