11/13/2015: The Nation has the news that the University of Illinois has settled with Steven Salaita, here. 8/11/2015: Former university trustee asks tough questions about buyout payment Among those upset by the decision is former U. of I. board Chairman Christopher Kennedy, who approved Wise’s initial employment agreement. “I wouldn’t give…
Posts tagged as “Academic Freedom”
10/8/2015: This is from the trial transcripts, which I’m slowly getting through:
8/4/2015: UO administrator accessed employee email account without notice
Here’s the description of recent events, from an anonymous correspondent:
Administrators Are Permitted to Monitor Emails without Notice or Authorization
Consider the following scenario: Alice,* a staff member with a disability, has been ordered by her doctors to utilize her federally protected leave in order to recover from symptoms emerging from a potentially hostile work environment. Alice has been in contact with the Union, who are investigating the climate at her department for possible discrimination.
While Alice is away in recovery, Bob,* her supervisor and a department administrator, somehow acquires full access to all of Alice’s emails. Bob does not notify Alice that he intends to access her information, nor does he seek authorization from Information Security, General Counsel, or the Union. Rather, Bob simply unilaterally seizes full, unsupervised, and ongoing access to the entirety of Alice’s email account, including her correspondences with the Union.
Such an obvious conflict of interest and invasion of privacy would seem ludicrous if it wasn’t for the fact that it recently occurred at the University of Oregon.
As soon as this data breach came to light, the Union contacted UO’s Chief of Information Security Officer (CISO) to clarify what exactly the criteria were for an administrator gaining access to an employee’s email. The CISO responded that the UO does not offer “wholesale access to another employee’s email.” There would have to be a “specific request” driven by a “business need” and submitted through the proper channels. If such criteria are met, then Information Security will attempt to provide the specific information, and only that information, which was requested. The CISO continued, “The only time we would give over all email would be in the case of a subpoena or other legal request.”
Under such criteria, Bob had obviously violated university policy by accessing and monitoring all of Alice’s emails during her absence from the office. The Union reported the data breach immediately, in conformity with the newly minted executive policy on Data Security Incidence Response.
A few weeks later, the Union inquired with the Director of Employee & Labor Relations (DLR) at Human Resources to inquire after the progress of the investigation. What a difference a few weeks can make! The DLR responded that there had been no violation of policy, because UO in fact has no policy at all restricting administrator access to an employee’s email.
The Union reached out again to the CISO to clarify. The CISO responded that he believed that the situation was handled poorly, and that he did not believe that Bob was “philosophically” justified in accessing Alice’s data. Unfortunately, he admitted, there are no “specific policies” in place at UO at present to prevent, discourage, or reprimand an administrator who unilaterally decides that they have a “business need” to access and monitor an employee’s personal data without their prior knowledge or consent. Obviously, if the University were using software similar to a keylogger (pcTattletale explain what a keylogger is here if you are unfamiliar) then they would need a policy in place but as he has directly accessed the emails, there is less of a need for a policy, although there still is one.
The CISO seemed as disturbed by this state of affairs as the Union, noting that it “raises a need for a procedure to be put in place regarding access to an employee’s email account” and that he “intend(s) to write up a procedure for situations like this” which will “hopefully alleviate situations like this in the future by providing a standard process.”
The Union applauds the CISO’s pledge to put policies in place that will provide the necessary checks and balances to reign in administrators who feel justified in violating their employee’s privacy at will.
The response at HR has been less encouraging however. As of this writing, the DLR has chosen to fully back management in this matter. Amazingly, rather than stand up for the rights of one of the most vulnerable members of the UO community in a case of discrimination, harassment, and gross invasion of privacy, HR has chosen instead to escalate the harassment by pursuing disciplinary action against Alice on behalf of Bob.
And as of this writing, Bob still retains full access to Alice’s email.
So, until the new policies are in place, be careful what you write and who you write it to.
* All names have been changed.
It’s more than two years since I started the thread below, trying to find out UO’s policy for email monitoring and access. Page down for the entire history. Obviously there are situations when supervisors need access to an employee’s email, e.g. a public records request or a court order, an emergency illness or death, etc. On the other hand there are situations where that access would be very problematic, e.g. like that above, or when an employee has a complaint about the supervisor, or has used UO email to contact a doctor or counselor or lawyer, etc. So most universities have a sensible policy along the lines of UC’s, here:
An electronic communications holder’s consent shall be obtained by the
University prior to any access for the purpose of examination or disclosure of the
contents of University electronic communications records in the holder’s
possession, except as provided for below. …
1. Authorization. Except in emergency circumstances (as defined in Appendix
A, Definitions) in accordance with Section IV.B.2, Emergency
Circumstances, or except for subpoenas or search warrants in accordance with
Section IV.B.6, Search Warrants and Subpoenas, such actions must be
authorized in advance and in writing by the responsible campus Vice
Chancellor or, for the Office of the President, the Senior Vice President,
Business and Finance (see Section II.D, Responsibilities).1
This authority may not be further redelegated. Authorization shall be limited to the least perusal of contents and the least action necessary to resolve the situation. …
3. Notification. The responsible authority or designee shall at the earliest
opportunity that is lawful and consistent with other University policy notify
the affected individual of the action(s) taken and the reasons for the action(s)
taken.
Each campus will issue in a manner consistent with law an annual report
summarizing instances of authorized or emergency nonconsensual access
pursuant to the provisions of this Section IV.B, Access Without Consent,
without revealing personally identifiable data.
UO’s policy is here. It’s not as cogent, but it also seems to ban the sort of blanket access that is described above. And UO IT also passes on the following helpful advice, here:
- Never share your password with anyone. This includes your supervisor, co-workers, and IT staff.
- There may be some destinations (such as China, Russia, and other areas overseas) where it may be difficult or impossible to prevent your computer from being attacked and electronically compromised.
China and Russia indeed.
8/2/2013: UO has no policies limiting which administrators can read your email or monitor your web use, or why. From Dave Hubin’s PRO:
The gist: … However, the Faculty Senate does not endorse offering “trigger warnings” or otherwise labeling controversial material in such a way that students construe it as an option to “opt out” of engaging with texts or concepts, or otherwise not participating in intellectual inquiries. … In issuing this statement, the Faculty…
The Foundation for Individual Rights in Education advocates for free speech for students and faculty. Starting last summer they decided to ramp up their game, with a legal fund set up to hire local law firms to sue universities that violated free speech rights. They’ve had a good year: One year ago…
From his Washington Post law blog, here:
One of the latest things in universities, including at University of California (where I teach) is condemning “microaggressions,” supposed “brief, subtle verbal or non-verbal exchanges that send denigrating messages to the recipient because of his or her group membership (such as race, gender, age or socio-economic status).” Such microaggressions, the argument goes, can lead to a “hostile learning environment,” which UC — and the federal government — views as legally actionable. This is stuff you could get disciplined or fired for, especially if you aren’t a tenured faculty member.
Colleen Flaherty has the story in InsideHigherEd, here: In a statement submitted to the AAUP, Salaita (who was not at the meeting), said, “One can disagree with my viewpoints and still see that [the] administration made a grave mistake it refuses to redress, based on outside interference and a host…
I’ve always thought “civil speech” meant honest and effective talk about how to resolve matters of importance to civil society, but for many people, including many university administrators, it seems to mean polite niceties that do not offend. Historian Joan Scott has a fascinating piece in The Nation on the rather ugly history of “civility”, and its current…
Colleen Flaherty has the story in InsideHigherEd, here. A snippet: There’s been no shortage of criticism, both formal and informal, of how the University of Illinois at Urbana-Champaign handled the withdrawn faculty appointment of Steven Salaita last summer. (The university has a substantial number of supporters who say it was…
I’m no lawyer, but my understanding is that the normal immunity of state officials for official acts does not hold in cases involving violations of civil rights: AMES, Iowa, January 7, 2015—Yesterday, an Iowa federal judge denied Iowa State University’s (ISU’s) motion to dismiss a First Amendment lawsuit filed by students.…
11/7/2014: The ACLU has the good news here: Washington State University is paying former journalism professor David Demers $120,000 to drop his five-year-old federal free-speech lawsuit against four WSU administrators. “I am extremely pleased with the settlement,” Demers said. “It sends a strong message to university administrators that those who…
10/28/2014: The Foundation for Individual Rights in Education has the news, here: NEW YORK, Oct. 28, 2014—In a victory for free speech, New Jersey’s Bergen Community College (BCC) has rescinded its punishment of an art professor it placed on leave and forced to undergo a psychiatric evaluation for posting a…
Rumor has it that some Johnson Hall administrators – and perhaps a few members of our new Board of Trustees – still dream that the civility restrictions on academic free speech that Mike Gottfredson tried to enshrine in the faculty union contract will someday come to pass. Meanwhile The Daily…
The UO faculty union and the Senate fought hard with President Gottfredson over academic freedom. Gottfredson and his negotiators Tim Gleason, Doug Blandy, Randy Geller and Sharon Rudnick wanted the union contract to include rules requiring civility and proper respect, and they didn’t want the university to give explicit protection for…
8/9/2014: One of the big worries about UO Independence was that the Board of Trustees would end up dominated by athletics boosters, as has happened with the UO Foundation, now run by Steve Holwerda, whose life dream is to become Duck Athletic Director. So far, it’s been quite the opposite…
This is good news, just in time to celebrate the 4th of July: The Foundation for Individual Rights in Education, a.k.a. theFIRE.org, has just announced a major new legal initiative. In the past FIRE has worked as an advocacy group, and co-ordinated free speech lawsuits on behalf of students and…