University policy allows administrators to request searches of student and faculty email accounts for life and safety issues, legal affairs and court orders or urgent University business, but many students are unaware of this provision of the University’s email policy.
Who checks, and when?
“Brown email addresses belong to the University and, in the event of a legal proceeding, all email sent over these addresses is discoverable,” Dean of the Faculty Kevin McLauglin P’12 wrote in an email to the Herald.
But David Sherry, chief information security officer, said when administrators approach him asking to search a student’s or faculty member’s email, they must have “an urgent or business need” to do so.
Derek Shay ’16, who was previously unaware of the policy, expressed discontent and said he did not think many students were aware their emails could be searched. But Matt Ostrow ’16, who was also previously unaware of the policy, said he thought it was fair.
“We agreed to it when we signed up for our accounts,” he said.
In the case of a court order, subjects are not notified that their email account will be searched to prevent tampering with potential evidence. But in business matters, administrators must approve the access to University emails, Sherry said.
“The policy is absolutely in line,” said Lauren Clarke, faculty and student affairs manager. In general, email privacy should not be expected for any business email address, she added.
How it’s done
Three student email accounts have been searched in the five years that Sherry has worked at the University, he said. All three were cases regarding safety issues — two students did not return after spring break, and one went missing, he said. In these cases, student accounts were only checked for activity, and email correspondence was not read. “We don’t go on fishing expeditions,” he said.
Cecilia Cerrilla ’16 said she thought that in the case of a missing student, the policy was fair.
Administrative accounts are searched a few times each year, Sherry said. In the past, most of these cases have involved University business in which information was needed and the person with access to the information in the email account was unavailable to access it.
Professor of Sociology David Lindstrom said though he is very protective of his privacy, he does not see anything unfair about the policy as long as he is notified in advance. “I don’t write an email without thinking people will see it,” he said.
When investigating accounts, Sherry reads the subject lines of emails to know which apply to the demand of the person requesting the search. “I give it to the proper authority” after finding the information, Sherry said. “It’s not my responsibility anymore.”
“We operate on a need-to-know principle,” said Beverly Ledbetter, vice president and general counsel. Information from email is requested as part of a court order one or two times per year, and only in criminal cases or issues with national security, she added.
Sometimes the opposition in a court case asks for more information from an email account than the University is willing to provide. This may include other incriminating information that is unrelated to the current offense or extra correspondence lacking relevant material.
Ledbetter said that it is a “big, big headache” when this happens because she has to make a case as to why she is withholding the information.
“We don’t snoop, even when requested to do so,” Ledbetter added.
Brown among the Ivies
Harvard’s policies, which sometimes allow the investigation of emails to protect the university, recently received national attention following two scandals involving the leak of confidential information about student cheating, according to Harvard’s website.
Columbia has an email security policy that assures “officials will not read email unless necessary in the course of their duties,” and Princeton “reserves the right to access and copy files and documents (including e-mail and voicemail) residing on university-owned equipment,” according to the Columbia and Princeton websites, respectively.
Sherry said that while students should feel safe when they use their Brown emails, they should not expect 100 percent security.
“From a Brown perspective, we are not monitoring or scanning email,” he said. But “it is inherent in the Internet that email is unsafe,” he added.
“I’m always suspicious,” Clarke said of the safety of information sent through email. “But do I think that my Brown address is safer? Probably,” she added.
ADVERTISEMENT
