A task force has recommended that Harvard University be required to notify most people when their e-mails, text messages, or voice mails are searched by administrators — suggestions developed after 14,000 Harvard e-mail accounts were secretly accessed by the administration in 2012.
The proposal, made public on Wednesday, would for the first time create a single policy for accessing electronic records that are kept on university systems and would require the university to keep records of such searches.
Harvard’s president, Drew Faust, in March asked a group of professors and administrators to make recommendations after thousands of e-mails were covertly searched to determine how information about a massive student cheating scandal was leaked to a Boston Globe reporter.
Though revelations of the secret searches caused a rift between faculty and the administration, a July report prepared by an outside attorney hired by Harvard found that those searches of university-issued e-mail accounts “were undertaken in good faith.”
Since Faust formed the task force, the public debate about privacy has intensified in the wake of revelations about the National Security Agency’s data collection programs.
David Barron, chairman of the task force and a professor at Harvard Law School, said that the committee kept that background in mind when drafting the policy for conducting searches.
“There’s a lot of sensitivity in this area,” Barron said.
In developing the recommendations, the committee found that there has been no clear policy for conducting searches of electronic records, Barron said.
“The absence of a single, visible, and comprehensive policy has led to confusion and uncertainty,” the task force wrote in its 29-page report.
“Most troubling, it has led some to distrust [of] the process for deciding how and when access to information transmitted over, or stored on, University systems, networks, and devices may be undertaken.”
The proposed policy emphasizes that there must be a “legitimate” and “important” purpose for a search, and that a person’s standing as a tenured professor, student, or employee would have no bearing on a request to search their records.
However, there are some instances outlined in the proposal in which the university would not be required to notify a user of a records search.
Those scenarios include emergencies and times when the university is legally barred from notifying someone. Other exceptions are in place to enable searches to be conducted for the purpose of keeping business moving — such as allowing an assistant to access a supervisor’s records when that person is unavailable and permitting access to IT staff to keep the university’s systems working.
The proposal also identifies people who would be responsible for authorizing searches. For example, a dean would have to give the OK for a search of a student’s e-mail.
When searches are conducted, the policy would require them to be as narrow as possible.
Members of the Harvard community have two weeks to offer feedback on the proposal. The committee will then make its final recommendations to Faust, Barron said.
A university spokesman did not respond to an e-mail seeking comment, but Faust released a statement on the proposal, calling it an “exceptionally thoughtful report.”
“While many of the changes we face are complex and have yet to emerge fully, I believe that we now have a much clearer understanding of how we might navigate the road ahead,” the statement reads.