Last Thursday, news broke that following the multiple breaches in security at UC campuses – including a massive breach in the UCLA Health System which left as many as 4.5 million patients vulnerable – the University of California Office of the President ordered the installation of network monitoring devices in an attempt to avoid future cyberattacks.
According to Ethan Ligon, campus associate professor and member of UC Berkeley’s Academic Senate-Administration Joint Committee on Campus Information Technology, a piece of hardware installed at UC Berkeley allows all network traffic to be monitored and recorded for 30 days. This means that all websites students or faculty visit, all emails they receive and all data they receive on campus or from campus, are ripe for inspection.
The amount of information that is being monitored is a deep intrusion of security and the most infuriating aspect of the system’s deployment is the secrecy which surrounded it. To correct this, the UC needs to immediately release a more detailed report on what kind of information is being tracked, and further needs to involve the UC Academic Senate and the UC Student Association in the decision making process for how this program moves forward.
The Academic Senate is a group of professors that represents the faculty, and the UCSA is a group of students that represents students in the shared governance of the UC. Though neither of these organizations normally have authority on matters such as these, they are well positioned to argue on behalf of faculty and student concerns, including privacy.
As far as is evident, UC administrators that installed the monitoring system not only did nothing to inform faculty, they also actively sought to keep them out of the loop. The professors who were eventually informed were given tips from people who were not allowed to talk about the project, but felt it was necessary given the privacy concerns.
It is completely unethical that the UC went to such great lengths to keep students and faculty in the dark. But now that the truth is at least somewhat out in the open, there is a lot more the UC needs to do to win back trust.
Regardless of whether UC administrators are able to justify the practices using their interpretation of the UC Electronic Communications Policy, it does not make the policy any less divisive. Having faculty input through means of the Academic Senate and UCSA will ensure that both security and privacy concerns will help determine the final outcomes.
After all, the UC is home to a plethora of cybersecurity and digital privacy experts who will have a good perspective for how to improve the system to something more beneficial for everyone.
Until that happens, the UC will be continually ignoring the worries of its members while tarnishing its reputation as a public entity formed on the basis of shared governance.