We all know that the NSA controversially claims the right to search private emails, but few would have guessed that Yale University also claims to have that power. As reported last month in the Yale Daily News, the university’s Information Technology Acceptable Use Policy grants the university the authority toaccess all aspects of Yale IT Systems (including devices not owned by Yale but connected to Yale IT Systems) without the consent of the User, in the following circumstances:
1. When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the IT Systems; or
2. When required by federal, state, or local law or administrative rules; or
3. When such access to IT Systems is required to carry out essential business functions of the University; or
4. When required to preserve public health and safety; or
5. When there are reasonable grounds to believe that a violation of law or a significant breach of University policy may have taken place and access and inspection or monitoring may produce evidence related to the misconduct; or
6. For Users who were members of the Yale faculty or staff: When the User’s employment at Yale has ended and there is a legitimate business reason to access the User’s IT Systems.
With this language, Yale is asserting breathtakingly broad power. Under this policy, Yale may not only search student emails that use Yale’s IT system but also access “all aspects” of the device they were written on—even if that device is privately owned. The policy allows the university to do this without consent or a warrant. Instead, it merely requires “reasonable grounds to believe” that university policy has been violated.
The policy also includes various express commitments to protect the free speech rights and privacy interests of system users. For example, it states, “Users of IT Systems may exercise rights of free inquiry and expression consistent with the principles of the 1975 Report of the Committee on Freedom of Expression at Yale and the limits of the law.” It also states, “University policies that govern freedom of expression and related matters in other contexts also govern electronic expression. This Policy addresses circumstances that are particular to the IT arena and is intended to augment but not to supersede other relevant University policies.” It goes on to pay lip service to users’ privacy rights when it states, “The University places a high value on privacy and recognizes its critical importance in an academic setting.”
It is hard to see how these statements can be squared with the fact that the university is nevertheless granting itself broad power to engage in warrantless searches of users’ communications, even in absence of exigent circumstances.
Compounding things further, Yale has done little to make students and faculty aware of this Orwellian policy. According to the Yale Daily News, “Only three students of 73 interviewed were aware of the specifics of Yale’s policy, with one adding that he learned about the University’s regulations through a class.”
Of course, Yale is not the only university to claim such sweeping powers. A growing number of institutions, including Harvard University, are also claiming the authority to search student and faculty emails and monitor private social media accounts. Harvard University was caught red-handed searching faculty email communications, while Yale administrators disturbingly refuse to acknowledge whether they have ever used their policy on students. The Yale Daily News reports:
Yale College Dean Mary Miller, who is responsible for approval requests for access to the accounts of any undergraduates, declined to comment on the number of instances in which she has approved non-consensual access to an account. Miller also declined to say whether she has ever denied a request for monitoring. Miller said she did not know who ultimately reviewed the contents of any accounts accessed.
University Vice President for Human Resources and Administration Michael Peel said that the University rarely accesses emails without consent, adding that during five years in his position it has been done only six times for staff.
Policies like Yale’s Information Technology Acceptable Use Policy violate student, faculty, and staff expectations of privacy, and they chill speech in the process. Universities must stop acting like Big Brother and abandon these policies. At the very least, the university must be forthright about how it has used this policy.
Image: Yale campus – FX Evolve
Get your copy of Alexis de Tocquevilles’ classic Democracy in America
Joseph Cohn is FIRE’s Legislative and Policy Director.
Used with the permission of the Foundation for Individual Rights in Education.