Don't look now, but the dean is watching

Pressured by the double whammy of feds looking for terrorists and the music industry chasing file sharers, universities are keeping a close eye on student Internet use.

By Annalee Newitz

Pages 1 2

Nov 12, 2003 | Last March, a protest against arms manufacturer Raytheon at the University of New Hampshire was derailed by campus administrators who had been covertly monitoring the e-mail list of a student group called the Peace and Justice League. According to UNH undergraduate Rob Wolfe, the group was making plans to protest Raytheon's presence at a UNH job fair. Wolfe says that "there are no campus administrators on the [e-mail] list," but somehow the vice president of student affairs managed to get a copy of a private e-mail about the protest.

"Raytheon canceled their appearance literally at the last minute," he says. "It's unclear whether this was connected to the e-mail leak, but it's certainly atypical of Raytheon not to follow through on a campus appearance." A spokesperson for Raytheon refused to comment on whether the company had canceled its appearance because of the protest, but did acknowledge that the company skipped the job fair and instead met individually with students who had made appointments.

The idea that university administrators are reading private e-mail might seem distinctly Big Brotherian, but the practice is increasingly commonplace. When students access the Internet via university equipment, everything they do -- from sending e-mail and visiting Web sites, to sharing pictures and using certain kinds of software -- is being watched.

Historically, computer network administrators have monitored student activity online for purely legitimate, technical reasons. Increasingly, however, pressure from government and industry is forcing university administrators to become digital spies. Fears of terrorism, combined with concerns about copyright violations, are creating a climate of campus surveillance.

At the University of California at Berkeley, the everyday Web-surfing habits of students are regularly watched and recorded. Berkeley's Systems and Network Security group uses a program called BRO -- named after the infamous fascist icon from George Orwell's "1984" -- that keeps logs of every IP address students visit on the Internet from the campus network.

Cliff Frost, UC-Berkeley's director of communication and network services, says that "this practice is under review right now," because the campus community feels it interferes with academic freedom. He expects that the university will continue to keep logs but will discard them after a month or two. "I'd love to keep that data forever," he adds, "if there weren't the threats of subpoenas for vile purposes."

He is referring partly to recent actions by the Recording Industry Association of America, which has subpoenaed universities for the names of students allegedly engaging in music piracy. Techs must comb through saved logs for personal information to fulfill the subpoenas' demands. Some schools, including MIT, have refused to hand over the information by arguing that it is protected under the Family Educational Rights and Privacy Act. FERPA is designed to stop students' personal data from being handed over to third parties, and no one has yet challenged the use of FERPA in these copyright cases.

But there is a little-discussed section of the USA-PATRIOT Act that renders FERPA completely useless when federal officials subpoena personal student information for terrorism-related investigations. Not only do these federal subpoenas bypass FERPA, but the people served are not permitted to discuss them with anybody.

"You can't challenge [these subpoenas] because you can't tell anyone you've received them," says Lauren Gelman, an attorney with the Center for Internet and Society at Stanford. "At a university, one administrator can't even tell another administrator about these subpoenas, so there is no way to know how many have gone out." While university administrators want to comply with federal laws, many are wary of handing over private data in such a secretive manner.

And if the experiences of MIT computer network director Jeff Schiller are any indication, USA-PATRIOT Act subpoenas are being used on a regular basis to gather information about student online activity. "Things have definitely changed around here since 9/11," Schiller says. "Nobody has come around with a blanket subpoena looking for e-mails sent by Muslims [on campus]. But we'd never seen subpoenas for information related to national security before, and now we do." He couldn't reveal how many of these subpoenas he's received, but he did confirm that there has been a marked escalation in the electronic investigation of people at MIT "on terrorist grounds."

Recent Stories

Ask the pilot
Flying isn't much fun, but for now people keep doing it anyway. What can the airlines do to keep their customers happy?
Slick John McCain and the offshore oil ruse
The safety and economics of offshore drilling are distractions from the much larger challenges that humanity faces: Climate change and peak oil.
Ask the pilot
The smell of smoke in the cockpit, and it's back to Boston for a planeload of fixated Japanese tourists.
Ask the pilot
When a routine flight is plunged into weirdness after the crew smells smoke, how to deal with a possible emergency -- and a plane full of foreign tourists.
Ask the pilot
Has American stepped over the line with its baggage fee? Plus: What customers seem to value above all in choosing an airline.

Daily Newsletter

Get Salon in your mailbox!