Harvard to review privacy policies in wake of email search scandal
Lack of standard policies 'highly inadequate,' university president says
Computerworld - Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.
Speaking at a meeting with Harvard's Faculty of Arts and Sciences (FAS) on Tuesday, Faust expressed concern over the university's "highly inadequate" institutional policies and processes for protecting email privacy.
"We have multiple policies across the university that vary across schools, with some faculties lacking any explicit policies at all," Faust said in remarks posted verbatim by Harvard Magazine.
Calling the lack of email policies an "institutional failure," Faust said she would create a task force to develop recommendations on university-wide policies and guidelines for email. Those recommendations will be made available for community discussion and university consideration by the end of the fall term.
Faust's remarks come a few weeks after the Boston Globe detailed how university administrators had secretly searched the email accounts of 16 resident deans at Harvard. The university was looking for the source of a leak about a cheating scandal, the Globe reported.
Harvard acknowledged the search, but maintained it was done in an extremely limited manner and only to identify an individual who shared a confidential email with an unauthorized person. The email, which contained advice on how to counsel students accused of cheating, was shared with the Harvard Crimson student newspaper and later picked up by the Globe. Harvard administrators said they decided to conduct a search out of concerns for the privacy of students involved in the cheating scandal.
Harvard officials admitted they made a mistake in not informing the deans about the search, either before or after it took place. The university, however, insisted that it had not actually opened any emails or searched their contents. Instead, IT administrators only conducted an automated subject line search of each dean's administrative email accounts to see if they could identify the source of the leak. The university also stressed that the subject-line search only involved administrative email accounts, not a separate Harvard email account that each dean maintains for personal use.
At Tuesday's meeting, Harvard Dean Evelyn Hammond noted that two additional searches had taken place that were not previously disclosed. After the initial search identified the resident dean responsible for forwarding the email, Hammond said she authorized another search to look specifically for correspondence between that individual and two student reporters from the Crimson.
In addition, Hammond said she also authorized a search of the same dean's personal email account for correspondence with the reporters. In both cases, the search involved only the subject lines and not the actual content of the emails, she said in comments posted on Harvard Magazine. She apologized for not informing her peers or the deans about the searches, but insisted that her actions were driven purely by concerns over student privacy.
The incident has proved to be embarrassing for Harvard. Several faculty members have faulted the university for not informing deans about the searches and said they fear the incident could erode trust between administrators, faculty members and staff.
Acknowledging those concerns, Faust said Tuesday that she has also asked a leading Boston lawyer from outside Harvard to conduct a full investigation into how the searches were conducted and to verify that the information provided so far is a full and accurate description of what actually happened.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!