UC cybersecurity issue met with mixed responses from faculty

Several University of California professors expressed varied viewpoints about the lack of transparency surrounding the data monitoring hardware the UC Office of the President installed across UC campuses last summer.

Some professors protested the installation of the hardware, which UCOP implemented without the knowledge of most University professors.

According to Ethan Ligon, an associate professor of agricultural and resource economics at UC Berkeley, the hardware devices can capture and analyze network traffic, including emails.

The monitoring capabilities may be different within each UC campus, said Ligon, who is also a member of the Academic Senate-Administration Joint Committee on Campus Information Technology.

Greg Niemeyer, an associate professor of new media at UC Berkeley organized a forum Tuesday to discuss the implications of the hardware. Niemeyer said UCOP refused to give him access to data retrieved by the new hardware, which he thinks displays a lack of trust between the faculty and the University.

John Villasenor, a professor of electrical engineering and public policy at UCLA who researches technology and information exchange, said he thinks faculty members’ concerns are justified if the monitoring system records the actual content of traffic in the UC network.

Some professors do not think the installation of the hardware in the network is a cause for concern.

Eliezer Gafni, a computer science professor at UCLA who researches data networks and computer science theory, said he thinks UC faculty members should accept the risk of the UC monitoring their content and personal emails in its network. He added he thinks email monitoring would only be a concern if it interferes with free speech.

UCOP did not respond to requests about details of the hardware and its ability to collect data.

Peter Reiher, an adjunct professor of computer science at UCLA who researches network security and operating systems, said he thinks the lack of details about the hardware’s technical reach make it harder to analyze possible legal ramifications.

He added he thinks such hardware does have potential to improve security mechanisms against future cyber attacks, but its implementation may violate privacy regulations.

Reiher said he thinks educating users about university computers and avoiding malicious content is a less intrusive way to prevent cyber attacks. He added he thinks the cyber attack on UCLA Health occurred after an employee opened malicious content on a university computer.

Such hardware also gathers a lot of useful, potentially sensitive data in one place, which can be risky, said Reiher.

“Compromising (that information) could have substantial impact,” he said.

Niemeyer said he and other faculty members will draft a letter to UCOP by the end of February, which will outline demands that aim to address their concerns.