CourtRules for Student Web Privacy

    A U.S. Court of Appeals ruling settled a seven-year battle over student privacy rights on university computer networks, granting privacy rights to students but guaranteeing administrators rights to emergency action.

    The case, decided on April 5, when an administrator at San Diego’s Qualcomm Corporation discovered that someone had been hacking into the company’s computer network. After tracing the hacker to a computer on a network at the University of Wisconsin, Madison, the college’s network investigator, Jeffrey Savoy, agreed to look into the issue.

    Savoy quickly discovered that the computer in question had not only hacked into the Qualcomm system ­- the hacker had accessed the university system and its e-mail provider as well.

    Concerned, Savoy traced the hacking to a dormitory computer belonging to Jerome T. Heckenkamp, a graduate student who had been fired two years earlier from his job at the university computer help desk for unauthorized activity on the network.

    “”[Heckenkamp],”” Savoy said in court, “”had the technical expertise to damage [the university’s] system.””

    In order to protect the system, Savoy electronically blocked the unauthorized computer’s connection to the university’s e-mail provider.

    Without waiting for a warrant, he and two university police officers headed to the dormitories. Finding the door ajar and the room empty, Savoy entered and disconnected the computer from the university network.

    “”The machine needed to get offline immediately or as soon as possible, [due to] a university security need,”” Savoy later explained.

    The officers with Savoy quickly located Heckenkamp, who agreed to fully cooperate. Savoy accessed the computer in question and made a copy of its hard drive for later analysis. A search warrant granted soon after turned up additional evidence against Heckenkamp.

    In his initial court hearing, Heckenkamp was charged with “”recklessly causing damage by intentionally accessing a protected computer without authorization.””

    However, Heckenkamp appealed the decision, stating Savoy’s search of his computer had been illegal under the Fourth Amendment’s guarantee that a person has “”reasonable expectation of privacy in the place searched.””

    In the appeal, the big question was whether Heckenkamp’s expectation for privacy was destroyed upon connecting his computer to the university network.

    The court ruled that using a university network should not compromise privacy expectations.

    However, the university’s computer policy clearly states that “”electronic files should be free from access by any but the authorized users of those files.

    Exceptions to this basic principle shall be kept to a minimum and made only where essential to … protect the integrity of the university.””

    Savoy’s search, the court ruled, was therefore justified under the “”exceptions”” stated in the computer policy.

    Heckenkamp’s case, however, raises concerns over student privacy rights and university policy assurances nationwide, forcing some university officials to rethink their policies should a security concern arise.

    At UCSD, the computer policy states, “”The university does not examine or disclose electronic communications records without the holder’s consent. … In emergency circumstances … the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorization.””

    UCSD Director of Academic Computing Services Tony Wood said in an e-mail that ACS’s typical reaction against students who abuse university network privileges involves sending “”mail to the user [as a warning].””

    Only if the issue is more serious – on the scale of Heckenkamp, for example – does ACS “”impose access restrictions until the matter is resolved”” and “”refer the case to Student Policies and Judicial Affairs,”” according to Wood.

    However, Wood also said invasive instances of electronic privacy are not prevalent at UCSD.

    “”The vast majority of our violations are related to copyright violations and those are reported to us by the copyright owner,”” he said in an e-mail. “”We don’t go looking.””

    More to Discover
    Donate to The UCSD Guardian
    Our Goal

    Your donation will support the student journalists at University of California, San Diego. Your contribution will allow us to purchase equipment, keep printing our papers, and cover our annual website hosting costs.

    Donate to The UCSD Guardian
    Our Goal