Harvard snoops through professors' email, teaches new lessons in privacy

(AP GraphicsBank)

Even some of the smartest people can be really dumb about technology. To wit, the recent hubbub at Harvard University over the scandalous, surreptitious searching of academia's finest's e-mails.

It all stemmed from another event that besmirched the reputation of the Ivy League school (isn't that always the way). Late last summer it came to light that almost half of a class on government at the university cheated on a final exam. While some may joke about the situation -- it was, after all, a class about how the Congress works -- the university didn't take it lightly. An e-mail was sent to resident deans from the administration suggesting how they should advise accused students. That e-mail was leaked to the press.

Words such as 'creepy' and 'dishonorable' have been used to describe the secret searches. Most employees in corporate America would probably have a different reaction: Duh!

Proving the rule that it's not the crime but the cover-up that always gets people in trouble, the administration decided to search the resident deans' e-mails to find out how the leak happened. They didn't reveal the search (except to one individual), until this fact came to light last week thanks to The Boston Globe.

In blogs and postings by current and former Harvard faculty, words such as "creepy" and "dishonorable" have been used to describe the secret searches. Most employees in corporate America would probably have a different reaction, however: Duh!

Not even in the days of CompuServe and 1,200-baud modems did most of us consider our business e-mails private. The IT department stored them -- often looked at them, many people have told me -- and the company paid for the service and the employees' computers. So it was no surprise that managers might check up on employees.

It turns out, however, that the degree of privacy afforded your e-mails -- even those from your company account -- varies, depending on what you signed as part of your terms of employment.

"It depends on what the policy is that governs the employer and employee relationship," says Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation. According to Fakhoury, most employees give consent to companies to look at their business e-mail when they sign an employment agreement. (It does not give them access to your personal Yahoo and Gmail accounts, however.)

One can think of many situations in which one might be sympathetic to employers who want to look at e-mail messages: What if corporate secrets are being given to the competition or if one employee is harassing another? However, without consent being given, the only exception for searching e-mails is when the provider (your employer's IT department) needs to access e-mails for technical reasons, such as checking a spam filter or to maintain server capacity.

In the Harvard case, the administration is claiming it did not look at the contents of any e-mails, only the subject lines. Furthermore, they claim they were actually trying to protect student privacy since one leaked message recounted confidential discussions about the cheating scandal. But humans being human, it strains the limits of credulity to think that once one has opened the e-mail Pandora's box that no one is ever going to look inside.

Were the faculty at Harvard technologically naive? No question. Was the administration also naive? Yup. Thanks to that pesky "forward" button, the scarlet e-mail was passed along and that's how it eventually became public.

The moral of the story: You need to be more circumspect when using the company e-mail account, whether you're at Harvard or at Hewlett-Packard.

"And you need to know what your employment policy is," reminds the EFF's Fakhoury. "If you have the luxury and freedom, you may even want to negotiate" how e-mail is handled before you accept a job.

Unfortunately, in this job market, few of us enjoy such luxury.

Follow John R. Quain on Twitter @jqontech or find more tech coverage at J-Q.com.