After a data breach at the UCLA medical center during the summer of 2015, the University knew it had to take stronger measures to protect both patient and student data.
Janet Napolitano, President of the University of California system and former Secretary of Homeland Security, moved to silently enact a program that monitored patterns of digital traffic to help better identify hacking attacks and their sources. Although most of the University of California system was reasonably satisfied with the logic behind this move, one group of professors at Berkeley was not.
An Expectation Of Privacy
The professors at Berkeley argue that the new security monitoring is creating a harsh environment for learning and exploring academic subjects.
There’s an expectation, they say, that universities should offer their students and teachers a great deal of privacy, in case they’re researching something highly controversial that might land them on a watchlist somewhere. Researchers working on topics like cult behavior or terrorism tactics for purely academic reasons, for example, need privacy in order to feel safe as they do their work. Valuable information has been gleaned from these kinds of academics that has ultimately helped aid law enforcement and military operations.
With the new software and hardware watching their every move, the group at Berkeley isn’t sure what would happen if the government were to ask the university system for a list of users who have visited particular sites. In the past, before the University of California stored that sort of data, the answer would have simply been, “We don’t have that data.” Now, it has become a lot trickier and more worrisome, especially since Napolitano’s office refuses to release details on what information is being collected.
A Lack Of Transparency
“The issue here is the lack of transparency and the lack of shared governance,” Greg Niemeyer, director of the Berkeley Center for New Media told the New York Times.
The group met with the president in December to request the program be halted, but the university head responded with a five-page letter declining to do so without explaining enough about the monitoring to settle the dispute. Cyber-Security was cited repeatedly, but personal privacy was not addressed.
Tom Andriola, Chief Information Officer for the University of California system, has indicated that the university system’s staff would be much more involved in privacy and security matters moving forward, but as to date, their input has been minimal. The president’s office set up a Cyber-Risk Governance Committee to oversee programs like data monitoring, but the only Berkeley member on the committee is a non-tenured employee.