Harvard scrambles to explain why it secretly searched deans' emails
Computerworld - Harvard University officials on Monday scrambled to contain the fallout from a damaging report in The Boston Globe over the weekend disclosing how administrators secretly accessed email accounts belonging to 16 resident deans at the university.
In a statement issued on Monday, Harvard Deans Michael Smith and Evelynn Hammonds acknowledged that the search described in the Globe report had happened. However, they maintained the search was done in an extremely limited and thoughtful manner to identify an individual who shared a confidential email with an unauthorized person.
Though the specific email was inconsequential, the fact that it was forwarded word-for-word to someone else was concerning, the deans said in their statement. The disclosure prompted concerns that other information, especially sensitive student information, was at risk of similar disclosure.
"The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded," Smith and Hammonds noted. "To be clear: No one's emails were opened and the contents of no one's emails were searched by human or machine."
The statement appears to be an attempt by Harvard to put a lid on what's quickly turned out to be a major embarrassment for the prestigious university.
The Globe on Saturday reported that Harvard administrators had secretly accessed the email accounts of 16 resident deans at the university last fall. The university was looking for the source of a leak to the news media about a cheating scandal at the university, the Globe reported.
Resident deans serve on Harvard's Administrative Board, the university's disciplinary body, and are responsible for working with students to discuss such issues as academic requirements and personal concerns, according to a university description. Resident deans, who are basically non-tenure-track teachers, work with students in preparing academic petitions and in responding to disciplinary actions.
None of the resident deans whose emails were searched were informed about the access prior to the search and only one was told about it after the search was completed. The individual who was notified about the search was a resident dean who had forwarded to a student a confidential email pertaining to the cheating scandal. The contents of that email -- basically advice on how to counsel students accused of cheating -- later found its way to the Harvard Crimson student newspaper, and from there to the Globe.
According to the Globe, each of the deans had two Harvard email accounts, one for administrative duties and another for personal use. Only the administrative email account was accessed in each case, the newspaper noted.
The story prompted an immediate response from faculty members and the media. In a blog post, Harry Lewis, a former dean of Harvard College and a professor of computer science at the university, questioned whether administrators decided to access the emails because they thought that the privacy policies protecting faculty members from such snooping did not apply to resident deans.
According to Lewis, Harvard's faculty email privacy policies prohibit administrators from accessing faculty emails without notice except under a narrow set of circumstances. The university's policies for staff emails are less robust from a privacy perspective.
"Whichever policy is applicable, this way of handling the situation seems to me -- well, dishonorable," Lewis said in his blog, in response to the Globe story. "Why not tell people you are reading their email? Other than avoiding, perhaps, the embarrassment of acknowledging that you are doing something to which the targets would reasonably object if they knew it," he wrote.
Michael Mitzenmacher, a Harvard professor of computer science, disagreed that the incident represents a moral failing on the part of the university. However, the university should have informed resident deans of the search all the same, he said in a blog post on Monday.
Even though the search was targeted and only involved a search for subject lines and not email content, the fact remains that a search was conducted, Mitzenmacher said.
"I don't think this care offers an excuse for not following the policy of informing the Resident Deans of the search. I would still say a search on their email had been performed and, from my understanding of the policy, they should have been notified. This is something the faculty and administration can and should discuss further," Mitzenmacher said.
The New York Times reported that Harvard law professor Charles Ogletree expressed shock and dismay over the incident. "I hope that it means the faculty will now have something to say about the fact that these things like this can happen," Ogletree told the Times.
In Monday's statement, Smith and Hammonds acknowledged the university may have bungled the approach to the search. But they maintained that they remained silent to protect the privacy of the dean who had forwarded the email. The fact that no human had looked at the emails was another reason for remaining silent, they said.
"We understand that others may see the situation differently, and we apologize if any Resident Deans feel our communication at the conclusion of the investigation was insufficient," the university noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts