Napolitano Says She's Always Wanted To Talk About The Secret Surveillance She Hasn't Talked About Since Last August
from the it's-all-just-a-big,-opaque,-pitch-black,-secretive-misunderstanding! dept
A Techdirt reader has sent us a copy of former DHS head/current University of California President Janet Napolitano's official response to the outcry over the secret surveillance of UC staffers -- surveillance she personally approved.
Napolitiano's letter to UC-Berkeley employees immediately ties the secretive surveillance implementation to the UCLA Medical Center cyberattack, just in case anyone (and it's a lot of anyones) feels the effort was unwarranted.
A group of faculty members at the Berkeley campus has articulated concerns regarding some of the security measures we adopted in the wake of the UCLA cyberattack last year. The concerns focus on two primary issues: whether systemwide cyber threat detection is necessary and whether it complies with the University’s Electronic Communications Policy (ECP); and why University administrators failed to publicly share information about our response to the cyberattack.If your privacy is being compromised, the real villains here are the people behind the cyberattack. As for the secrecy surrounding it, Napolitano seems to indicate she'd like to discuss it, but immediately abandons that line of inquiry to blame disgruntled staffers and the media for misrepresenting her snooping initiative.
The Berkeley faculty members have shared their concerns with colleagues at other campuses and with various media outlets. Unfortunately, many have been left with the impression that a secret initiative to snoop on faculty activities is underway. Nothing could be further from the truth.Please explain.
I attach a letter from Executive Vice President and Chief Operating Officer Nava explaining the rationale for these security measures.Great, except that Nava's letter arrived five months after the program was implemented and two months after a university official said the program would be shut down -- a statement which itself preceded (by a month) the news that the program has actually been allowed to continue uninterrupted.
Napolitano claims there was no secrecy.
As you know, leadership at all levels, including The Regents, Academic Senate leadership, and campus leadership, has been kept apprised of these matters, including through the establishment and convening of the Cyber Risk Governance Committee (CRGC). The CRGC, comprises each campus’s Cyber Risk Responsible Executive (CRE), as well as a representative of the University’s faculty Senate, the General Counsel, and other individuals from this office with responsibility for systemwide cybersecurity initiatives.Yes, look at all the people who were informed! And were apparently informed they could not pass this information on to anyone else!
From our earlier post on the subject -- directly from some of those on Napolitano's "approved" list.
UCOP would like these facts to remain secret. However, the tenured faculty on the JCCIT are in agreement that continued silence on our part would make us complicit in what we view as a serious violation of shared governance and a serious threat to the academic freedoms that the Berkeley campus has long cherished.This assertion directly contradicts Napolitano's depiction of the events.
[...]
For many months UCOP required that our IT staff keep these facts secret from faculty and others on the Berkeley campus.
I have from the beginning directed my staff to make every effort to actively engage with all stakeholders and to minimize to the extent possible the amount of information that is not shared widely.This seems highly unlikely, considering no one began publicly talking about this secret surveillance until just recently. If the information had been widely disseminated (as Napolitano's claims she directed), the backlash would have begun months ago.
And, of course, Napolitano is all about that privacy.
Personal privacy and academic freedom are paramount in everything we do. But we cannot make good on our commitment to protect individual privacy without ensuring a sound cybersecurity infrastructure. While we have absolutely no interest in the content of any individual’s emails or browsing history, we must accept that active network monitoring is a critical element of a sound cybersecurity infrastructure and the interconnectedness of the University and all of its locations requires that such monitoring be coordinated centrally.School officials -- at least those allowed to see email content/web browsing history -- may claim they have "no interest" in seeing it, but that doesn't change the fact that any of them can access it without fear of repercussion. Not only that, but a third party has access to this same data -- a third party Napolitano won't identify.
She closes her official "this is all fully justified because cyber" letter with the same assertion so many officials make when secret goings-on are dragged out into the sunlight: "I've always wanted to have this discussion I'm now being forced to have!"
I invite further robust discussion and debate on this topic at upcoming meetings of the CRGC and COC.That's just disingenuous. Don't extend an invitation to a conversation you can no longer avoid.
As the TD reader who sent this over explains, they're not exactly thrilled the former DHS head is using a privacy breach to further undermine UC staffers' privacy.
This sort of thing, by the way, is exactly the reason that everyone had the "say what?" reaction when Napolitano was appointed. This is why people were concerned.
P.S. I'm one of the people whose information was compromised in the UCLA Med Center hack, and don't appreciate their screw-up then being used as an excuse to screw us over now.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cyber attacks, cybersecurity, dhs, janet napolitano, surveillance, transparency
Companies: university of california
Reader Comments
Subscribe: RSS
View by: Time | Thread
'To better protect your privacy, we will be violating it as much as we can.'
In other news an unnamed university official was heard saying that to better protect the dignity of those on campus, mandatory strip-searches will be implemented, and to better protect the diversity and ecology of the flora and fauna of the surrounding area, all plants and animals would be lit on fire and killed respectively.
[ link to this | view in chronology ]
Paramount.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Distance Learning
Could it be that Berkeley has a reputation of being a bit more radical (at least in some peoples point of view) and got included because of that? What about the rest of the UC system. Were they included or excluded? Should they be upset because they were included or because they were excluded? Or, should their ire be because of the enormous entitlement of any administrator who had the hutzpa to implement such a shameful act of intrusion?
[ link to this | view in chronology ]
Re: Distance Learning
Geography is not network topology.
[ link to this | view in chronology ]
Re: Re: Distance Learning
2½ milliseconds x 1½ = 3¾ milliseconds. Round to 4 milliseconds in fiber, give or take.
Geography is still not network topology.
[ link to this | view in chronology ]
Re: Re: Distance Learning
Do you think the firewalls for the UCLA medical clinic are in Berkeley, or in LA? Which would be a cheaper implementation, a firewall in Berkeley and an uninterrupted fiber line to LA or Internet in-between with firewalls in both locations using VPN's for interconnection? Even the UC system has monetary restraints. The cost of dedicated lines over that kind of distance is significant.
I once had the chief architect for a large bank explain how they put together their fail-over system between data centers in Minnesota, Arizona, and California and how it worked. Two dedicated fiber lines on each leg of the triangle with two ISP's at each location. Not cheap, it took a long time to complete, and a bank is not a university.
Think also about HIPPA compliance issues.
[ link to this | view in chronology ]
Re: Distance Learning
So it could affect (using 2013 stats, rounded):
240,000 students
195,000 faculty and staff (inc. medical centers)
+ Unknown # of external researchers, general public, and med ctr patients
[ link to this | view in chronology ]
Re: Re: Distance Learning
[ link to this | view in chronology ]
Re: Re: Distance Learning
[ link to this | view in chronology ]
Re: Distance Learning
[ link to this | view in chronology ]
Re: Distance Learning
[ link to this | view in chronology ]
Napolitano
[ link to this | view in chronology ]
Also read as, I told the people in power because the rest of you don't matter. I told them all of the wondrous things it would do for us and never mentioned an downsides. Total surveillance on our serfs is the proper response, so that we can make sure they don't do anything wrong as defined by our whims.
You're doing a heck of a job Big Sis...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
With this she comes off looking like a lobbyist trying to force her secret companys snakeoil on a university!
[ link to this | view in chronology ]
cyber cyber cyber
[ link to this | view in chronology ]
Re: cyber cyber cyber
https://www.youtube.com/watch?v=WY6KkRsS26M
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ahem...
Bullshit. All of it: bullshit.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Don't worry, we disclosed it to our secret Committee
A single, unnamed faculty member from one of the ten campuses was let in on the secret. That is how Napolitano keeps the faculty "apprised."
She appoints her pet committee to be the venue within which she invites "robust discussion and debate". Of course everyone on the committee works for her, except the lone faculty representative.
I suppose the Med Center incident simply gave the Napolitano administration a plausible excuse to cover something they were preparing to do anyway.
[ link to this | view in chronology ]
Who hired her?
What a mess.
[ link to this | view in chronology ]
Unless of course she is still treated as exempt from the laws the little people have to follow.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This seems very likely. Considering it from her being my boss and who she is, I am the stakeholder who could very quickly become a non-steak holder
[ link to this | view in chronology ]