Last week, 16 Harvard deans learned that school administrators secretly searched their email accounts, looking for a leak sent to the media about the school's ongoing cheating case. The deans only discovered the hack when the Boston Globe reported on it—odds are good that, otherwise, they'd never have found out their private information had been tampered with. This left the faculty members pissed. Shockingly.
But here's the thing: In most employee-employer situations, the employer can legally go through his employees' company email for just about any reason. "When employers don’t have explicit policies about email searches, employees don’t have a reasonable expectation of privacy when using work email accounts or work computers. The only case in which an employee might have a reasonable expectation of privacy would be if the employer explicitly stated that employees should have such an expectation." A situation where the employer lays out, up-front, that you have an expectation of privacy is a situation that almost never happens. Harvard didn't have that agreement with its faculty. It probably can't be legally punished.
This got me thinking. Does this lack of protection also apply to your college email account? Surely not, right? After all, employers provide company email for their employees, they pay said employees, AND they have legal precedent on their side. But the college student-university relationship is totally different, right? You're paying colleges to use their WiFi and their .edu address. Apples and oranges.
Nope. Colleges can warrantlessly go through your university emails, too. Seriously. According to Staff Attorney of the Electronic Frontier Foundation Hanni Fakhoury, who I emailed today:
"College students are also susceptible to having unwarranted email investigations on their university emails. The law generally prohibits the provider of an electronic communications service to disclose the contents of an email to another person or the government. There are a few exceptions, and one of the big ones is consent, meaning the user may agree to the release of their emails. Ultimately, when a person signs up for their university email (i.e., firstname.lastname@example.org) that long, dense terms of service filled with lots of legal language may indicate circumstances where the university could review emails. So it's important for students to know what these policies or terms say."
What does this mean? It means that any shady business you talk about or joke about with your buddies—cough, cough: underage drinking, drug use, pledging—really shouldn't be mentioned over your university email system and with your .edu email address. If your college thinks it has a decent reason, it can search your records. And you've probably signed away any privacy rights because, odds are, you didn't read that long terms of service agreement when you got your school email address as a high school senior.
So be careful out there. And sign up for a Gmail account already.
Post-Sad appears every week.
[IT Professional with Server image via Shutterstock]