Harvard to review privacy policies in wake of email search scandal
Lack of standard policies 'highly inadequate,' university president says
Computerworld - Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.
Speaking at a meeting with Harvard's Faculty of Arts and Sciences (FAS) on Tuesday, Faust expressed concern over the university's "highly inadequate" institutional policies and processes for protecting email privacy.
"We have multiple policies across the university that vary across schools, with some faculties lacking any explicit policies at all," Faust said in remarks posted verbatim by Harvard Magazine.
Calling the lack of email policies an "institutional failure," Faust said she would create a task force to develop recommendations on university-wide policies and guidelines for email. Those recommendations will be made available for community discussion and university consideration by the end of the fall term.
Faust's remarks come a few weeks after the Boston Globe detailed how university administrators had secretly searched the email accounts of 16 resident deans at Harvard. The university was looking for the source of a leak about a cheating scandal, the Globe reported.
Harvard acknowledged the search, but maintained it was done in an extremely limited manner and only to identify an individual who shared a confidential email with an unauthorized person. The email, which contained advice on how to counsel students accused of cheating, was shared with the Harvard Crimson student newspaper and later picked up by the Globe. Harvard administrators said they decided to conduct a search out of concerns for the privacy of students involved in the cheating scandal.
Harvard officials admitted they made a mistake in not informing the deans about the search, either before or after it took place. The university, however, insisted that it had not actually opened any emails or searched their contents. Instead, IT administrators only conducted an automated subject line search of each dean's administrative email accounts to see if they could identify the source of the leak. The university also stressed that the subject-line search only involved administrative email accounts, not a separate Harvard email account that each dean maintains for personal use.
At Tuesday's meeting, Harvard Dean Evelyn Hammond noted that two additional searches had taken place that were not previously disclosed. After the initial search identified the resident dean responsible for forwarding the email, Hammond said she authorized another search to look specifically for correspondence between that individual and two student reporters from the Crimson.
In addition, Hammond said she also authorized a search of the same dean's personal email account for correspondence with the reporters. In both cases, the search involved only the subject lines and not the actual content of the emails, she said in comments posted on Harvard Magazine. She apologized for not informing her peers or the deans about the searches, but insisted that her actions were driven purely by concerns over student privacy.
The incident has proved to be embarrassing for Harvard. Several faculty members have faulted the university for not informing deans about the searches and said they fear the incident could erode trust between administrators, faculty members and staff.
Acknowledging those concerns, Faust said Tuesday that she has also asked a leading Boston lawyer from outside Harvard to conduct a full investigation into how the searches were conducted and to verify that the information provided so far is a full and accurate description of what actually happened.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts