Universities are an attractive target for hackers because they contain many access points in their networks, and the networks contain financial and personal data as well as intellectual property. Last summer, hackers breached the computer network at the UCLA medical center. In response, the University’s president, Janet Napolitano, covertly ordered a new security system to monitor and store Internet traffic on all of the University of California campuses. Napolitano stated that the purpose of the system is not to monitor individual emails or browsing history, but to monitor cybersecurity.
Students and faculty who learned about the system do not see it that way. Faculty members have expressed concern that the security system impedes on their right to share in shaping policies at the university. Graduate students have also expressed concern that their research data is compromised because their human subjects were promised confidentiality and now their information is stored and can be subpoenaed. They also expressed concerns that this system calls into question their right to academic freedom, freedom of inquiry, and privacy.
Last week, the Graduate Assembly passed a resolution opposing this “Coordinated Monitoring.” The resolution cites the University of California’s Electronic Communications Policy which states that, except under some limited circumstances, “The University does not examine or disclose electronic communications records without the holder’s consent” and that “any such examination or disclosure of data is subject to the ‘least perusal’ standard.” Furthermore, “the University is required to notify any affected individual of the examination or disclosure of their data, along with the reason(s) for such actions.” The resolution calls for a cessation of the “Coordinated Monitoring” among other things.
Universities are faced with unique challenges to prevent cyber-attacks. Unlike a company that can control how employees access its network, universities don’t have that option. In the face of other breaches, some universities have chosen less extreme measures by consolidating business systems with sensitive data and placing controls on how that data is used. Ultimately, universities are looking to balance protecting the security of its data without compromising the privacy of its students and faculty or them from doing their work.