THE PROLIFERATION of computers in modern society is a double-edged sword. Quick, convenient access to outside information also means that anyone can quickly and easily get into your own personal data. This proves especially true when connecting to a network such as the one here at the University, where administrators have the ability to access your hard-drive, for instance in first-year dorm rooms, other on-Grounds housing or at libraries. At the University, as is often the case, electronic privacy policies tend to be vague and give considerable powers to the administration that conflict with emerging court rulings. These policies must be reviewed by the University's administration, and whenever in doubt, the University should err on the side of student privacy.
Last Thursday, the Ninth Circuit U.S. Court of Appeals handed an important victory to students at the University and across the country, albeit a somewhat limited one, in restricting the rights of universities to access personal data on computers that are connected to their networks. In United States v. Heckenkamp, the government acting on behalf of the University of Wisconsin at Madison argued that by connecting to the University's network Heckenkamp gave up all rights to privacy and thus the administration accessing his computer was legal. The Ninth Circuit Court disagreed, however, ruling "that the act of attaching [Heckenkamp's] computer to the network did not extinguish his legitimate, objectively reasonable privacy expectations."
This is certainly a step in the right direction, but as Inside Higher Ed's web site quoted from an interview with Tracy Mitrano, Director of the Computing Policy and Law Program at Cornell University, the ruling sets up "a balancing test." In other words, it sets a precedent while still leaving open multiple other paths with questionable legal and moral grounding. One such example is when a warrant is not needed to access a person's computer. In U.S. v. Heckenkamp this applied to Heckenkamp's illegal hacking of Wisconsin at Madison's servers, and the administration's attempt to preserve the integrity and security of their network. While this specific instance is reasonable, an unclear definition of the limits of these "special cases" is dangerous.
More importantly, and a bit closer to home, the ruling notes that because "there was no announced monitoring policy on the network" such a right cannot be assumed. The University of Wisconsin at Madison's policy is very similar to the University of Virginia's, although ours is a bit more vauge. According to the Responsible Computing Handbook for Students, the University "does not routinely examine or monitor" personal electronic information. However, in the exact same paragraph the University makes it very clear that it assumes the right if it so chooses. In addition to preserving e-mails and any attached files, even after you delete them, "in specific circumstances" the University may be actively monitoring your account -- specifically which circumstances it fails to report.
In addition, the Handbook notes that "officials overseeing the University's disciplinary processes may rule that electronic communications and files are evidence that may be reviewed as part of investigations." This information, including, the Handbook implies, anything gained from access to a computer attached to the University network, can then be turned over to the Honor Committee, UJC, Sexual Assault Board, and any faculty or staff member in general. Ironically, the guidelines for how this information can be obtained offer little reasoning as to why it can or cannot be obtained except that approval must be given by the vice president for student affairs.
Current University policy is overly vague and contradicts the U.S. v. Heckenkamp ruling that students have a right to privacy, especially in the case of our University where active monitoring does not usually occur. The University's Handbook, while mentioning this idea in principle, also makes it very clear that the administration can access e-mail or other files connected to the University network if it so chooses.
The idea of limited governmentimplies that just because the government or an administration can do something, this does not mean it should. Electronic privacy law is still developing, though the trend seems to be moving away from oversight towards personal freedom. Ultimately, the University needs to revise and clarify its policies, and limiting its own power before a court forces it to do so will reaffirm its status as an institution of higher learning.
Allan Cruickshanks' column appears on Wednesdays in The Cavalier Daily. He can be reached at acruickshanks@cavalierdaily.com.
Read More
PATEL: Personal development courses support students beyond the gradebook
By Heer Patel | 4 days agoThe University must rethink its approach to education beyond traditional major-specific requirements and mandate personal development courses.
EDITORIAL: Commercialization threatens U.Va.’s educational mission
By Editorial Board | 4 days agoAfter all, measuring the University’s worth in terms of accrued capital, operational efficiency and numerical rankings molds this space into just another cookie-cutter institution.
YOUNIS: Why every U.Va. student should say yes to English
By Ayat Younis | January 9, 2025Every student at the University, regardless of their primary field of study, can professionally and academically benefit from engaging with the English department.
