Legal implications of a university cataloging all student email?
May 21, 2006 11:53 AM   Subscribe

What are the legal implications of a university monitoring, storing, and cataloging all incoming and outgoing email into a searchable database? What if I have first hand knowledge of a university doing this?

Through my job I've become aware of a local private university that not only monitors, but stores and catalogs all incoming and outgoing email in a searchable database accessible to the university's faculty. This is purportedly done under the guise of catching plagerism. The university has done this for at least the past academic year, and has done so without explicitly disclosing this monitoring to their students. Their network use policy states that not only are they free to monitor all traffic at will, but that they *own* all content stored or transmitted through their system.

Since finding this out, I took the time to speak to a few system admins at other institutions and found that this is not, as far as they knew a common practice for a variety of reasons, both technical and legal. Common themes among the admins I spoke with included wiretapping concerns and a potential duty to report nefarious activity that's disclosed in the archvied email.

What I'd like to know are the potential legal implications of this university's storing and cataloging of all email traffic. Additionally, do I just let this go, or is it worth pursuing, and if so how?
posted by anonymous to Computers & Internet (15 answers total)
What you describe is complete and utter crap. I can't even imagine how it would be better for the purpose of catching plagerism than simply requiring that students submit papers in electronic form, and cross checking them against other papers and online works.

I don't know what country you are in, but I'd try contacting the Electronic Frontier Foundation as a starting point.
posted by Good Brain at 12:14 PM on May 21, 2006

IANAL so I can't say if this is legal or not, but it seems unethical at least.

My workplace does this, more or less (I don't think it's kept in a searchable database), and that's acceptable to me because they are paying me to be there, and it's their equipment, and it's disclosed when you are hired and mentioned in every FAQ about their system.

If a company I was paying for a service (such as education) were doing this, I'd be seriously annoyed and use a competitor instead. Doing it without my knowledge would make me absolutely livid.

I think it's worth pursuing. It sounds like a fourth amendment issue.
posted by joannemerriam at 12:17 PM on May 21, 2006

If it's the University-provided email accounts, hosted on university servers, then it's probably within their rights to do whatever they want.

If they're monitoring *all* email, including private accounts that are not supplied by the University, then they're probably overstepping their bounds.
posted by CrayDrygu at 12:23 PM on May 21, 2006

It may be nice and legal, but even if it is, I don't think its right and I think its the sort of thing that the universities students should have the opportunity to reach their own conclusions about.
posted by Good Brain at 12:27 PM on May 21, 2006

It's definitely unethical.

If you feel like you want to put a stop to it, why not send an anonymous letter to local media, or better yet to the campus media? At the very least the students would become informed.
posted by BackwardsCity at 1:01 PM on May 21, 2006

This is, unfortunately, not really illegal. The Electronic Communications Privacy Act of 1986 is the baseline federal law here, and it allows the owner of the computer system to generally monitor stored communications on that system. Recently an ISP was caught copying the mail of a particular user of that ISP for commercial gain, and they won their case.

However, the American Association of University Professors ( has a number of statements on student and faculty rights, and they would oppose this. Most or all of the meta- school associations would also be opposed to this. And of course the student body wouldn't be pleased.

So what you might consider is getting the word out in some fashion, and seeing what happens. The student newspaper would like to know, as well as any associations the school belongs to. Perhaps there is a school academic freedom committee of some sort. Etc.
posted by jellicle at 1:13 PM on May 21, 2006

I work at a University. Mail is not kept or scanned, except scanning for spam and viruses. The faculty, staff and students have strong feelings about privacy and freedom, as does the IT Dept. This would cause a shitstorm of protest. It might be legal, since they own the servers, but it's really unethical. If there is someone on campus that you trust, and who would be willing to make it an issue, ask them for help. If they're sleazy enough to snoop email, your job might be quite at risk.
posted by theora55 at 1:33 PM on May 21, 2006

It's probably legal, but very unusual and obnoxious.
posted by delmoi at 3:58 PM on May 21, 2006

Is the university in the United States?

If they are, then by exerting that degree of control over the contents of their servers, they are potentially becoming liable for material posted/transmitted by students under the DMCA. The law makes ISPs immume from liability for content posted/transmitted by users, but only if the ISP is, to a certain extent, passive w/r/t the users' content. So in that sense, they could be opening themselves up to massive liability.

I don't know how they could claim ownership in a copyright sense: they could argue that the terms of use establish a contract transferring the copyright rights to the university, but I think such terms might be unenforceable here. And in any event, they would have no contractual authority over, say, the contents of email *sent* to students, or to anything not authored by a user at the university. So if they did anything that actually relied on their claim of ownership, they would lose.

On the whole, though, I doubt they're breaking any laws. But they are opening themselves to liability (in the US at least), and a smart lawyer at the university should tell them to knock it off before they get themselves into trouble.

(I am a lawyer, but I am probably not licensed in your jurisdiction, and I do not represent you. This is not legal advice. Consult competent counsel.)
posted by raf at 4:27 PM on May 21, 2006

You should consider anonymously leaking this information to their student newspaper, assuming it is independent (or perhaps even a local community newspaper might be interested). I'd think the monitoring is legal, but if they haven't clearly informed the students, it's definitely unethical, and I think you'd be doing the right thing by making this public.
posted by kickingtheground at 5:51 PM on May 21, 2006

This is definitely not cool.

I second kickingtheground. Take it to the student press, and let them go nuts with it.
posted by Drunken_munky at 7:03 PM on May 21, 2006

Run a search on the editor of the school paper. Mail him all his old emails.
posted by ryanrs at 7:05 PM on May 21, 2006

Through my job I've become aware

If you decide to leak the information, you should probably have a backup job plan ready.
posted by mediareport at 1:56 AM on May 22, 2006

ryanars has the solution, if you have access.

The privacy issue extends beyond the students, falculty and staff, to anyone corrsponding with same, who have no relationship with the institution.

Of course, 9-11 changed everything, and only people up to evil would even care about this. Terms and condtions may apply, ask your lawyer for details. Void where prohibited or taxed.
posted by Goofyy at 5:09 AM on May 22, 2006

The critical point is that the faculty have access to the searchable database. THAT is extremely uncommon and extremely unethical, and (IMHO) it must be stopped.

I agree with the suggestion about going to the Electronic Frontier Foundation. They will be interested and they will be able to offer advice about successfully (anonymously) being a whistleblower, and they will have all the appropriate contacts & advice re. going to the media.

ryanars definitely has the dramatic solution... useful if you can confirm ahead of time that legally you will not be charged with illegally accessing the data or with harassing the editor. If you email the editor, your cover letter should (of course) make it clear to her exactly where you got her emails and why you're doing this.
posted by allterrainbrain at 6:11 AM on May 22, 2006

« Older Enjoying NW Europe on the cheap?   |   How to organize piles upon piles of paper. Newer »
This thread is closed to new comments.