Harvard University figured prominently this week in the news, as the fact that Harvard had been secretly snooping on faculty email came to light. The incident that some consider an invasion of privacy, and others consider ‘business as usual’, was precipitated by a leak to the media regarding another scandal – students caught cheating – that developed several months ago.
Here’s how it unfolded: Several months ago there was a scandal that involved students cheating at Harvard. There was a leak to the media from someone on the Harvard faculty, regarding the student cheating scandal. Administrators at Harvard were aware that the leak had come from one of the resident deans and, they say, believed that the leak was inadvertent, which is why, they say, that they didn’t tell anyone about the search – to spare the dean who had accidentally leaked the information. Regardless of their reasoning, administrators searched the email of sixteen resident deans. Without telling anyone.
Now, you may think that this is egregious. Or you may think that this is a tempest in a teapot. It all depends on several things.
It’s important to remember that generally speaking, employers may have a right to access any messages that are sent or received on employer-provided equipment. Put another way, employees have no real right to an expectation of privacy for work email.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
But that is of course subject to guidelines that are put forth in the workplace, by the employer. And in the case of Harvard, this is not so clear cut. To start, Harvard has promulgated rules that generally say, for some class of employees, that Harvard can access employee email if they have a good reason to. But, that does not apply to all faculty. And the resident deans, while not professors, are lecturers, and so conduct classes. So, are they faculty, or aren’t they?
Some say that the are faculty under the college of Arts and Sciences, and there is a specific policy in place for Faculty of Arts and Sciences. That policy includes that Harvard administrators can access the email of members of the Faculty of Arts and Sciences under “extraordinary circumstances such as legal proceedings and internal Harvard investigations.”
But that same policy goes on to say that they must notify the faculty member – in writing – in advance; or, if “circumstances make prior notification impossible,” then they must be “notified at the earliest possible opportunity.”
And it is this last that didn’t happen. The resident deans only found out by sheer chance that their email had been searched.
Here is Harvard’s statement on the matter:
Dean’s CommunicationsSTATEMENT FROM DEANS MICHAEL D. SMITH AND EVELYNN M. HAMMONDS
With the responsibility of helping students work through disciplinary and academic issues, the Administrative Board serves one of the most important and sensitive functions in the Faculty of Arts of Sciences (FAS). Its overarching responsibility to our students means that the Board operates with stringent but necessary expectations of confidentiality – in the information provided by students, in the observations made by other members of the Board when considering cases, and in the other communications that permit the Board to meet its obligations to students and the Faculty effectively.
In the early days of the Administrative Board case that became public at the end of last summer, a confidential email sent to Resident Deans, important members of the Administrative Board and the frontline administrators in dealing with every sort of student issue, was forwarded beyond the group, and eventually made its way to news outlets. The forwarded email was quite concerning and warranted a better understanding of what had occurred, since it threatened the privacy and due process afforded students before the Board. The situation was shared with the entire Board, including with all Resident Deans. It was made clear at that time that absent clarification of what happened, an investigation would be required. No one came forward. A short time later, confidential data from an Administrative Board meeting was shared with the Crimson, heightening the need to determine whether a member of the Administrative Board had compromised the confidentiality of case information. Members of the Board were again queried but no explanation emerged. The Senior Resident Dean was asked to reach out individually to each Resident Dean to seek to learn what happened, but that also yielded no insights.
While the specific document made public may be deemed by some as not particularly consequential, the disclosure of the document and nearly word-for-word disclosure of a confidential board conversation led to concerns that other information – especially student information we have a duty to protect as private – was at risk.
Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University’s IT Department. It was limited to the Administrative accounts for the Resident Deans – in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one’s emails were opened and the contents of no one’s emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the “metadata” – the name of the sender and the time the emails were sent – was returned.
The Resident Dean whose account had been identified was asked about the incident and voluntarily reviewed his/her own sent items and confirmed that she/he had indeed forwarded the message to two students. Although the Resident Dean’s actions violated the expectations of confidentiality surrounding the Administrative Board process, those involved in the review and the conversation with the individual were sufficiently convinced that it was an inadvertent error and not an intentional breach. The judgment was made not to take further action. The Senior Resident Dean was immediately informed of the search, and its outcome, and the Administrative Board case moved forward.
Some have asked why, at the conclusion of that review, the entire group of Resident Deans was not briefed on the review that was conducted, and the outcome. The question is a fair one. Operating without any clear precedent for the conflicting privacy concerns and knowing that no human had looked at any emails during or after the investigation, we made a decision that protected the privacy of the Resident Dean who had made an inadvertent error and allowed the student cases being handled by this Resident Dean to move forward expeditiously. We understand that others may see the situation differently, and we apologize if any Resident Deans feel our communication at the conclusion of the investigation was insufficient.
Again, in every instance the actions and decisions in this case were motivated by the goals of protecting the integrity of our faculty-legislated processes and the privacy of our students. We hope the fuller account of the actions in this instance make abundantly clear how high a bar we have, and will always have, for any review of email (or, in this case, even email metadata) and how carefully we construct searches when the need in situations such as this does arise, which is extremely rare.
So, what do you think of this? Big deal? Little deal? No deal at all?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
