Berkeley Monitors Professors and Students for Digital Traffic: Preventing Security Breaches and Privacy

The University of California at Berkeley finds itself in a bit of a tough spot. Berkeley is known for its positions on freedom of speech and is also a key training center for the Internet companies of Silicon Valley. However, the chancellor for the University of California system, Janet Napolitano, was once the Secretary of the Department of Homeland Security, a job that found her concerned about security breaches in the University’s computer system. Because of that concern, Ms. Napolitano and other administrators started a program through installed hardware and software that allows it to collect data on digital traffic. Through the program, the University of California system (which includes 10 schools) can monitor things such as which websites faculty and students are visiting as a means for catching any holes in the system’s cyber security.

However, when faculty became aware of the monitoring system, there were objections. One computer science professor referred to the new system as a result of “good intent,” but without “a good reason.” Steve Lohr, “A New Digital Privacy Protest,” New York Times, February 2, 2016, p. B1. The objections are that the devices used allow the system to capture over 30 days of information from e-mails, websites visited, and all the data received from on and off campus.

The Berkeley IT people responded by noting that faculty cannot have privacy without security and that the monitoring program is not interested in collect content. The purpose is exploring how others are able to enter the system. UCLA had a breach in 2015, a breach at its medical center that compromised the records of thousands of patients, employees, and faculty. .

The faculty protests have resulted because the monitoring was put into place without consulting the faculty or informing them of the change in advance. Faculty see the monitoring as a restriction on speech.

Under current law, employers (with notice provided as a term and condition of employment) have access to employee e-mails if they are placed on the company server. The e-mails written on your company e-mail system are simply not private. However, the Berkeley program raises an additional question of employer monitoring of other computer activity – sites being visited, and e-mail coming into the server. In all likelihood, the courts would permit employer monitoring. Berkeley represents a unique situation because faculty are hired with explicit protection of no restrictions on their freedom of speech. Berkeley’s contract terms represent a unique protection that employees in other organizations and companies might not have. Without that, employer wins in terms of monitoring, particularly when the monitoring was set up for the purposes of preventing a security breach.

Some issues that Berkeley could address (or perhaps should have addressed prior to beginning the monitoring) are: how long the data collected will be maintained, who will have access to the data, and, of course, what forms of data will be collected.

DISCUSSION STARTERS

Explain the rights of employees when employers monitor employee computer use.

Why is Berkeley a bit different?