Harvard scrambles to explain why it secretly searched deans' emails
Search was done out of concern for sensitive information leaks
Computerworld - Harvard University officials on Monday scrambled to contain the fallout from a damaging report in The Boston Globe over the weekend disclosing how administrators secretly accessed email accounts belonging to 16 resident deans at the university.
In a statement issued on Monday, Harvard Deans Michael Smith and Evelynn Hammonds acknowledged that the search described in the Globe report had happened. However, they maintained the search was done in an extremely limited and thoughtful manner to identify an individual who shared a confidential email with an unauthorized person.
Though the specific email was inconsequential, the fact that it was forwarded word-for-word to someone else was concerning, the deans said in their statement. The disclosure prompted concerns that other information, especially sensitive student information, was at risk of similar disclosure.
"The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded," Smith and Hammonds noted. "To be clear: No one's emails were opened and the contents of no one's emails were searched by human or machine."
The statement appears to be an attempt by Harvard to put a lid on what's quickly turned out to be a major embarrassment for the prestigious university.
The Globe on Saturday reported that Harvard administrators had secretly accessed the email accounts of 16 resident deans at the university last fall. The university was looking for the source of a leak to the news media about a cheating scandal at the university, the Globe reported.
Resident deans serve on Harvard's Administrative Board, the university's disciplinary body, and are responsible for working with students to discuss such issues as academic requirements and personal concerns, according to a university description. Resident deans, who are basically non-tenure-track teachers, work with students in preparing academic petitions and in responding to disciplinary actions.
None of the resident deans whose emails were searched were informed about the access prior to the search and only one was told about it after the search was completed. The individual who was notified about the search was a resident dean who had forwarded to a student a confidential email pertaining to the cheating scandal. The contents of that email -- basically advice on how to counsel students accused of cheating -- later found its way to the Harvard Crimson student newspaper, and from there to the Globe.
According to the Globe, each of the deans had two Harvard email accounts, one for administrative duties and another for personal use. Only the administrative email account was accessed in each case, the newspaper noted.
The story prompted an immediate response from faculty members and the media. In a blog post, Harry Lewis, a former dean of Harvard College and a professor of computer science at the university, questioned whether administrators decided to access the emails because they thought that the privacy policies protecting faculty members from such snooping did not apply to resident deans.
According to Lewis, Harvard's faculty email privacy policies prohibit administrators from accessing faculty emails without notice except under a narrow set of circumstances. The university's policies for staff emails are less robust from a privacy perspective.
"Whichever policy is applicable, this way of handling the situation seems to me -- well, dishonorable," Lewis said in his blog, in response to the Globe story. "Why not tell people you are reading their email? Other than avoiding, perhaps, the embarrassment of acknowledging that you are doing something to which the targets would reasonably object if they knew it," he wrote.
Michael Mitzenmacher, a Harvard professor of computer science, disagreed that the incident represents a moral failing on the part of the university. However, the university should have informed resident deans of the search all the same, he said in a blog post on Monday.
Even though the search was targeted and only involved a search for subject lines and not email content, the fact remains that a search was conducted, Mitzenmacher said.
"I don't think this care offers an excuse for not following the policy of informing the Resident Deans of the search. I would still say a search on their email had been performed and, from my understanding of the policy, they should have been notified. This is something the faculty and administration can and should discuss further," Mitzenmacher said.
The New York Times reported that Harvard law professor Charles Ogletree expressed shock and dismay over the incident. "I hope that it means the faculty will now have something to say about the fact that these things like this can happen," Ogletree told the Times.
In Monday's statement, Smith and Hammonds acknowledged the university may have bungled the approach to the search. But they maintained that they remained silent to protect the privacy of the dean who had forwarded the email. The fact that no human had looked at the emails was another reason for remaining silent, they said.
"We understand that others may see the situation differently, and we apologize if any Resident Deans feel our communication at the conclusion of the investigation was insufficient," the university noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!