College
by Andy Moore on March 13, 2013

“If reading the deans’ email is really OK by the book, why didn’t they just ask the deans who leaked the memo, threatening to read their email if no one came forward?” said Harry Lewis, a computer scientist and former dean of the college who helped draft its current email privacy policy for faculty. “Why not tell them what was being done if it was really an OK thing to do?”

The problem stemmed with the search seeming to violate Harvard's privacy policy, which stated that only in “in extraordinary circumstances such as legal proceedings and internal Harvard investigations” could the school search its employees' email records. A dean leaking info about cheating students really isn't a circumstance that could “bring down” our nation's richest university, the faculty argued. So it wasn't worth the school breaking its privacy policy. The Globe had caught Harvard trying to find out what dean had put the school in an embarrassing situation. They'd caught it with its hands in the cookie jar. (Actually this is Cambridge we're talking about here—they probably only have fucking biscotti jars, or something.)

But here's the thing: In most employee-employer situations, the employer can legally go through his employees' company email for just about any reason. “When employers don’t have explicit policies about email searches, employees don’t have a reasonable expectation of privacy when using work email accounts or work computers. The only case in which an employee might have a reasonable expectation of privacy would be if the employer explicitly stated that employees should have such an expectation.” A situation where the employer lays out, up-front, that you have an expectation of privacy is a situation that almost never happens. Harvard didn't have that agreement with its faculty. It probably can't be legally punished.

This got me thinking. Does this lack of protection also apply to your college email account? Surely not, right? After all, employers provide company email for their employees, they pay said employees, AND they have legal precedent on their side. But the college student-university relationship is totally different, right? You're paying colleges to use their WiFi and their .edu address. Apples and oranges.

Nope. Colleges can warrantlessly go through your university emails, too. Seriously. According to Staff Attorney of the Electronic Frontier Foundation Hanni Fakhoury, who I emailed today: 

“College students are also susceptible to having unwarranted email investigations on their university emails. The law generally prohibits the provider of an electronic communications service to disclose the contents of an email to another person or the government. There are a few exceptions, and one of the big ones is consent, meaning the user may agree to the release of their emails. Ultimately, when a person signs up for their university email (i.e., student@harvard.edu) that long, dense terms of service filled with lots of legal language may indicate circumstances where the university could review emails. So it's important for students to know what these policies or terms say.”

What does this mean? It means that any shady business you talk about or joke about with your buddies—cough, cough: underage drinking, drug use, pledging—really shouldn't be mentioned over your university email system and with your .edu email address. If your college thinks it has a decent reason, it can search your records. And you've probably signed away any privacy rights because, odds are, you didn't read that long terms of service agreement when you got your school email address as a high school senior. 

So be careful out there. And sign up for a Gmail account already.

Post-Sad appears every week. 

[IT Professional with Server image via Shutterstock]

Andy Moore

About Andy Moore...

Post a Comment

Your email is kept private. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>