The Academic Senate Administration Joint Committee on Campus Information Technology revealed on Jan. 28 that the UC Office of the President covertly deployed computer hardware capable of monitoring emails throughout the UC system beginning August 2015.
According to an email sent by the JCCIT to Berkeley faculty, the device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has enough local storage to save over 30 days of data. JCCIT stated that this can include “your email, all the websites you visit and all the data you receive and send off campus.”
In the same email sent out to faculty, UCOP asked members to keep the monitoring a secret because of “attorney-client privileges.” UCOP later revised the letter to omit the reasoning, but admitted to the extensive monitoring being performed.
Kate Moser, media specialist at UCOP, explained to the UCSD Guardian that the device was installed to prevent cyberattacks like the one that hit UCLA last July.
“[University of California] has taken steps to protect sensitive data that is entrusted to our campuses and other locations,” Moser said. “The system identifies malware so that we can be prepared and guard the sensitive data of our UC community — from faculty to staff to students to patients and beyond — from cyber threats.”
Director of the Berkeley Center for New Media and Associate Professor of Practice of Art at UC Berkeley Greg Niemeyer indicated that the problem is not the monitoring itself but that the faculty were not informed of the decision.
“The issue here is the lack of transparency and the lack of shared governance,” Niemeyer told the New York Times. “If you were working in a company … you wouldn’t have a right to say [whether or not you wish to be under surveillance ] … but a university is a very different organism and it serves society in a very different way.”
Associate Professor at UC Berkeley and JCCIT member Ethan Ligon told the Guardian that surveillance is causing the campus to feel more unwelcoming.
“What I’ve been doing, and what some other faculty and students tell me they’ve been doing is spending more time off campus,” Ligon said. “This is the simplest way to avoid surveillance on the campus network but at the cost of interaction with other faculty and students.”
Ligon also noted that he hopes UCOP will be more mindful to in the future to include people within the UC system when responding to cyber attacks.
“One thing I hope that comes out of this snafu is an awareness on the part of UCOP that the UC system is actually home to a bunch of really smart people, and in this case some of those people could really help when tragedies like the UCLA Medical Center breach occur,” Ligon said. “UCOP should treat us like allies, not adversaries.”
Moser said that UCOP is taking steps to protect the UC system from cyber attacks while leaving privacy uncompromised.
“We try our best not to broadcast sensitive security and legal matters — it’s good common sense, and we want to avoid giving a road map for potential attacks on our network,” Moser said. “But we are committed to balancing that with our culture of shared governance and shared values as a community. We are trying to strike that balance as best as we can and faithfully following privacy protections even as we work to strengthen our ability to detect and respond to cyber threats.”