For some time now, I’ve been meaning to write something about the Harvard email controversy because I think it teaches us something important about how we think about academic labor. First, a brief recap:
Last summer…Harvard was hit with scandal: “College officials [said] around 125 students may have shared answers and plagiarized on a final exam.”
Word about the scandal got to the news media in part thanks to a leaked email.
Here is what Harvard said happened next:
Consequently… a very narrow, careful, and precise subject-line search was conducted by the University’s IT Department. It was limited to the Administrative accounts for the Resident Deans… The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded.
Later, the dean of Harvard College, Evelynn M. Hammonds stepped-down from that position after admitting “that she had ordered another search, without consulting Dr. Smith [dean of the Faculty of Arts and Sciences], that also looked for specific e-mail recipients.” (Thus going beyond the narrow search of subject-lines that Harvard had admitted to.)
The reason I find this story so fascinating is that most workers in the US have absolutely no expectation of privacy at work:
On pain of being fired, workers in most parts of the United States can be commanded to pee or forbidden to pee. They can be watched on camera by their boss while they pee. They can be forbidden to wear what they want, say what they want (and at what decibel), and associate with whom they want. They can be punished for doing or not doing any of these things—punished legally or illegally (as many as 1 in 17 workers who try to join a union is illegally fired or suspended). But what’s remarkable is just how many of these punishments are legal, and even when they’re illegal, how toothless the law can be.
And that’s just at work. Employees don’t have any more right to privacy at home:
In addition to abridging freedoms on the job, employers abridge their employees’ freedoms off the job. Employers invade employees’ privacy, demanding that they hand over passwords to their Facebook accounts, and fire them for resisting such invasions. Employers secretly film their employees at home. Workers are fired for supporting the wrong political candidates … carrying on extramarital affairs, participating in group sex at home, cross-dressing, and more. Workers are punished for smoking or drinking in the privacy of their own homes. (How many nanny states have tried that?) They can be fired for merely thinking about having an abortion, for reporting information that might have averted the Challenger disaster, for being raped by an estranged husband. Again, this is all legal in many states, and in the states where it is illegal, the laws are often weak.
The Harvard story is that it is only a controversy because it was “faculty” who were subject to these privacy violations. If it had just been “employees” it is likely there would never have been an apology and nobody would have had to step down. Harvard’s employee email policy “plainly gives Harvard complete access to the email of employees.” It even seems that “one faculty member pointed out that administrators should be considered staff” in order to justify the searches.
It seems to me that defending the unique privileges of faculty members to an expectation of privacy is exactly the wrong way to go about responding to such an intrusion. Instead of trying to carve out a unique set of privileges for an increasingly small portion of educational workers, we need to carve out more rights for all university workers.* Even administrators.
- Well, all workers, but you got to start somewhere…
Hear, hear!
Kerim: First, there is no evidence at the moment that Dean Hammonds “had to step down” and it appears that she may have made plans to take a long-overdue sabbatical and return to teaching, before this story became a scandal. I think we should wait and see on this issue.
Second, this incident is a good lesson for all of us: set up a private email account(s) through gmail, yahoo, or some other service, and have a personal computer at home with a private ISP that you use for anything that is potentially problematic…. If your employer lets you use a company car, you expect your use of that car to be monitored; if your employer lets you have a computer and an email account, expect that your use of both can be monitored as well.
This is such an important point for academics both for personal privacy and for protecting research data. I recently spent many years working in academic IT for a large public urban university in the US. All email (faculty, staff, student, etc.) was archived for several years to comply with institutional rules – and the very design of the email archives was set up to be able to do keyword searches. When I questioned the point of all this I was told by administrators that this was to be able to search for “union related emails” should they need to. They used this search ability while I was there, though it was not union related – instead it was to assist law enforcement in collecting evidence for cases against users who were being charged with crimes related to online activity. No matter the policy, or the institution – you should simply never use your institutional email for anything that you wouldn’t want to be become public – this includes research data which may fall under IRB protocols.
This also applies to any ‘shared drives’ provided by your institution, and may even include folders which appear to be locally based on your institutionally provided computer (like a “C” drive on your PC or your ~/user home folder on a Mac) – it’s likely that those folders are actually located on a server somewhere – especially if you log into your institutional computer using the same account that you use for your email. In the institution where I worked, even very low level IT employees could use their own accounts to access the personal data stored in users files without the users ever knowing. Usually this is all made clear in the internet/email/account policy of the institution which no one bothers to read.
That said, Gmail isn’t any more private and they will also turn over the information to law enforcement or others if requested. The same is true of your private ISP, they can and will report your online activity as required by law.
If you actually want to protect yourself you need to use encrypted email and browse the web through Tor, or something similar.
Even better would be real privacy protections for all technology users – protected at a legislative level and recognized as a human right.
My point was the last one – the need for better protections (for all workers, not just faculty). But if you want to leak something to the press, the best way to do so is probably via snail mail. See here:
http://www.wired.com/opinion/2013/05/listen-up-future-deep-throats-this-is-how-to-leak-to-the-press-today/
To add to Kerim’s point: When I was more deeply involved with Democrats Abroad than I am now, I was told that to get the attention of a member of Congress or the Senate, snail mail is far more effective than email. Even better is a phone call. Both show a level of concern far stronger than emails, which are easily ignored unless they arrive en masse.