×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Harvard Secretly Searched Deans' Email

timothy posted about a year ago | from the scream-like-howard-dean dept.

Education 113

theodp writes "Taking a page from HP's playbook, Harvard University administrators secretly searched the emails of 16 deans last fall, looking for a leak to reporters about a case of cheating. The deans were not warned about the email access and only one was told of the search afterward. Dean and CS prof Michael Smith said in an email Sunday that Harvard will not comment on personnel matters or provide additional information about the board cases that were concluded during the fall term. Smith's office and the Harvard general counsel's office authorized the search, according to a Boston Globe report. Smith's Harvard bio notes that his entrepreneurial experience included co-founding and selling Liquid Machines, where Smith coincidentally invented a software technique designed to keep unauthorized people from reading electronic documents."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

113 comments

Who is Dean? (0)

Anonymous Coward | about a year ago | (#43132645)

Dean who?

Re:Who is Dean? (0)

Anonymous Coward | about a year ago | (#43133599)

It's a last name, not first. It was Jeremy Dean and he ended up killing himself.

Re:Who is Dean? (3, Funny)

paiute (550198) | about a year ago | (#43133861)

It's a last name, not first. It was Jeremy Dean and he ended up killing himself.

You never sausage a horrible thing.

Re:Who is Dean? (1)

FatdogHaiku (978357) | about a year ago | (#43134051)

"The eggs come from real chickens, the cheese comes from real cows, and the sausage comes from Jimmy Dean."
The Hannibal Lecter diet...

All places I worked (5, Insightful)

gagol (583737) | about a year ago | (#43132655)

It was always made clear to me that my work email could be monitored for any reason. Dean or janitor, you are an employee.

Re:All places I worked (5, Interesting)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43132759)

Apparently, according to TFA this was made explicit contractually for Harvard faculty that they enjoyed greater freedom from intrusion than this,(and more generally, in the traditions of academia) Faculty, tenured ones doubly so, are treated as a very special flavor of employee, one whose independence, so much as it can be preserved while still getting them to show up for scheduled classes and not perv out on undergrads, is considered to be one of their major valuable features.

It's one of the curious tensions of academic structures: the students are 'customers'; but part of the 'product' can consist of giving them what they don't want(shitty grades, failing them for academic misconduct); faculty are 'employees'; but part of the value of a really good and prestigious faculty is the appearance(and ideally the reality) that, while the university signs paychecks and schedules classes and other administrative work, the faculty are free to pursue their research and teaching, and new faculty are 'peer reviewed' through the tenure process, rather than being hirelings beholden to HR.

Re:All places I worked (1)

mabhatter654 (561290) | about a year ago | (#43132893)

Come on Harvard, they should know your boss can revoke his word any time he feels like... Their Business school and Law school wrote the BOOK quite literally on allowing this kind of thing.

Ultimately, it was Harvard-owned email boxes, Harvard is their boss. The matter was involving academic cheating, that's a crime worse than murder. and if professors were aware of it DIRECTLY affects the credibility of the entire institution.

So yes, it was a completely justified response when expelling 60 students to review the professors as well.

A judicious approach (0)

Anonymous Coward | about a year ago | (#43132953)

First I was like, "yeah, he speaks sense"

The matter was involving academic cheating, that's a crime worse than murder.

...then I was like, "Poe's Law."

That is, of course, unless you're talking about murdering a clown. *That's* a community service worthy of a medal. Creepy John Wayne Gacy motherfuckers.

Re:All places I worked (2)

Nutria (679911) | about a year ago | (#43133165)

The matter was involving academic cheating ,... and if professors were aware of it DIRECTLY affects the credibility of the entire institution.

RTFA. The Deans weren't accused of cheating. Harvard was embarrassed at the scandal and hunted down the leaker, in the guise of "personnel matters".

Re:All places I worked (1)

Aighearach (97333) | about a year ago | (#43135251)

There is no "guise," unauthorized leaking in violation of company policy is always a personnel matter.

Re:All places I worked (1)

jkflying (2190798) | about a year ago | (#43135617)

Except that it's not a private company. Harvard is taxpayer subsidised. Just as the shareholders of a company would expect to be informed of an internal company scandal that involved over 100 employees being severely disciplined/fired, so can the general public expect to be informed of the goings-on within a publicly funded university.

Re:All places I worked (1)

i kan reed (749298) | about a year ago | (#43137271)

Harvard is a private university with a huge endowment. So large, I've heard, that they only charge tuition to preserve their exclusivity. What's your source on them being subsidized?

Re:All places I worked (1)

nebosuke (1012041) | about a year ago | (#43138849)

No, they do not charge to preserve exclusivity--they practice need-blind admission and provide need-based financial aid (up to and including essentially waiving tution for lower-income students). The exclusivity comes from the rigorous selection process.

Re:All places I worked (1)

Anonymous Coward | about a year ago | (#43135745)

Ultimately, it was Harvard-owned email boxes, Harvard is their boss.

Yes, and hence Harvard should also be allowed to send emails from any and all of their email-boxes. I mean, you are just an employee.

Re:All places I worked (3, Insightful)

nospam007 (722110) | about a year ago | (#43132919)

"Faculty, tenured ones doubly so, are treated as a very special flavor of employee, one whose independence, so much as it can be preserved while still getting them to show up for scheduled classes and not perv out on undergrads, is considered to be one of their major valuable features."

But nonetheless they think that these people are dumb enough to use their work email to leak stuff from work?

Re:All places I worked (1)

Aighearach (97333) | about a year ago | (#43135261)

I disagree entirely. I think you're misapplying the freedoms that professors are expected to have to deans. Why does a dean need protections? Is that a position where unpopular positions are advantageous to the process of education? I think an unpopular dean is more likely a problem manager than anything.

Re:All places I worked (1)

dkf (304284) | about a year ago | (#43136277)

I think you're misapplying the freedoms that professors are expected to have to deans.

Deans are professors. The senior ones with lots of management/budget responsibility. Dean is what you try for after you have tenure, assuming you're interested. Lots of professors aren't though, because it's a lot of work. (My old boss described it like this: it's assumed you put in 50% of your time doing teaching, 50% doing research, and 50% doing administration...)

Re:All places I worked (3, Informative)

93 Escort Wagon (326346) | about a year ago | (#43132835)

It was always made clear to me that my work email could be monitored for any reason. Dean or janitor, you are an employee.

I work at a state university, and we are reminded of this at least once a year. Pretty much everything related to our jobs is available to the public, if the public cares enough to pursue the information.

Harvard's private, but onerous contract language seems to be the norm these days just about everywhere. The deans probably don't have any significant legal recourse. Being faculty, though, I doubt it ever occurred to them anyone would actually dare do this.

Re:All places I worked (0)

Anonymous Coward | about a year ago | (#43132993)

No, but they could (and should) quit their jobs at Harvard and move to an institution that gives a damn about academic independence.

Re:All places I worked (1)

Cederic (9623) | about a year ago | (#43133375)

How the fuck does an employer scanning emails relate remotely to academic independence?

Your employer reads your emails. Expect it, accept it, don't use their email system for anything you don't want them to know.

It's been the simple truth for two fucking decades.

Re:All places I worked (4, Insightful)

Culture20 (968837) | about a year ago | (#43133713)

Everything relates to academic independence. It's the diplomatic immunity of the academic world.

Re:All places I worked (2)

MechanicJay (1206650) | about a year ago | (#43137647)

Oh for a Mod point. This is exactly it.

Among the employees of a University, Faculty are the 1st class citizens. Us staff folks are not. We are subject to all the normal stuff that you would expect of any employer. Faculty just have a different relationship with their employer. Not making a judgment call on this, I'm just stating the reality of the situation.

As faculty, I would expect that my email would not be ready without my knowledge and that there would be some sort of committee to determine if HR had the right or reasonable cause to search my email before it happened.

As staff, every bit I generate is subject to search and inspection...including these made on "company time".

Re:All places I worked (0)

Anonymous Coward | about a year ago | (#43139617)

It was always made clear to me that my work email could be monitored for any reason. Dean or janitor, you are an employee.

I work at a state university, and we are reminded of this at least once a year. Pretty much everything related to our jobs is available to the public, if the public cares enough to pursue the information.

Harvard's private, but onerous contract language seems to be the norm these days just about everywhere. The deans probably don't have any significant legal recourse. Being faculty, though, I doubt it ever occurred to them anyone would actually dare do this.

I work at a private pharmaceutical company and we are notified every day when we logon that email and our internet use is not private (and they know I'm posting at Slashdot!!!!). If I was leaking something, it certainly wouldn't be from work...duh! SDPatricia

Re:All places I worked (-1)

Anonymous Coward | about a year ago | (#43132847)

Fuckin Slave! It was always made clear to me rules vs tcpip were from dictatorship of authoritarians. Sadly this flys over your small head. How many neurons you think you have?

Re:All places I worked (1)

stephanruby (542433) | about a year ago | (#43133401)

Besides, this is nothing like the HP case, unless this involved their personal email accounts, or their personal cell phone records.

With work email, there is absolutely no expectation of privacy whatsoever.

Re:All places I worked (0)

Anonymous Coward | about a year ago | (#43137737)

At the university where I work, the faculty are explicitly not to be referred to as "employees." Janitors are staff, faculty are faculty. Complete with different employment policies that apply to each group.

There was no unauthorized access. (4, Informative)

girlinatrainingbra (2738457) | about a year ago | (#43132661)

re: "...Smith coincidentally invented a software technique designed to keep unauthorized people from reading electronic documents." [emphasis mine]
.
Since the Deans and Faculty members are technically employees of the Harvard Corporation / Harvard University, then there was no unauthorized access, since I am sure that Harvard reserves the right to peruse and otherwise scrounge through the work product of its employees. Whether it can do that to its students, though, may be another matter.
.
Anyone here have direct access to a Harvard Faculty / Administration Employment Manual or Employee Agreement or Contract? That's the only way to be sure: look at the actual contract.

Re:There was no unauthorized access. (5, Insightful)

Kupfernigk (1190345) | about a year ago | (#43132723)

The point is whether, given the supposedly Enlightenment ideals of the Western idea of a university, they should have done. If they are just a corporation that educates people for money, that is one thing. If they are a university set up to stand for the possibility of a better society, that is another. Personally I prefer universities when they fight corporatism, not when they support it.

Re:There was no unauthorized access. (3, Insightful)

khallow (566160) | about a year ago | (#43132863)

Personally I prefer universities when they fight corporatism

You do realize that almost all universities (including Harvard [harvard.edu]) are corporations? Corporatism is hard to fight when it is the default organizational style for everything beyond the size of a few people.

Re:There was no unauthorized access. (4, Insightful)

Kupfernigk (1190345) | about a year ago | (#43132961)

I note I was down-nodded for an honest statement of opinion. It looks like a lot of people on /. approve of Big Brother. But you miss the point. Corporatism is giving rights to corporations that supersede what we in Europe call human rights. The existence of corporations does not imply corporatism if individual rights are protected.

As an example, the Netherlands has an army but is not militaristic. North Korea has an army, and it is.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133113)

I'm not aware of any rights a corporation has that the people who make up the corporation don't also have. That is the sole argument for corporations having rights: You can't take away rights from people just because they are in a group.

The problem is with the responsibilities. Corporations absolve individuals of responsibility. That's where it becomes a problem. But this is all wildly off topic.

Re:There was no unauthorized access. (2)

sjames (1099) | about a year ago | (#43134111)

Individual makes a conscious decision that kills 1000 people, gets put under the jail. Corporation does the same thing, pays a fine amounting to less than 1% of their income, basically a speeding ticket.

Argue semantics if you will, but in the colloquial sense, the corporation's rights supersede the individual's.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133311)

No, you were modded down because your opinion is invalid. Universities do not and never did "fight corporatism," whatever that means.

Re:There was no unauthorized access. (1)

Kupfernigk (1190345) | about a year ago | (#43133393)

I don't think you understand how the moderation system is supposed to work. There is no 'disagree' moderation. And your opinion, Anonymous Coward, is no better than mine. (however, I would submit, having seen collegiality in action fighting an attempt to corporatise an academic institution, that you are wrong.)

Re:There was no unauthorized access. (1)

khallow (566160) | about a year ago | (#43133867)

Corporatism is giving rights to corporations that supersede what we in Europe call human rights.

It's worth noting that the start [wikipedia.org] of the "corporate personhood" legal fiction in the US was an attempted grab of Dartmouth College by the legislature of New Hampshire. So the start in the US of what is currently called "corporatism" was the defense of a college.

Re:There was no unauthorized access. (1)

Jah-Wren Ryel (80510) | about a year ago | (#43134027)

I note I was down-nodded for an honest statement of opinion. It looks like a lot of people on /. approve of Big Brother.

I don't think they necessarily approve of big brother, but rather they have a mechanistic view of the universe and have picked a certain set of nerd-attractive rules to define their view of the universe. Those rules tend to have big brother as an end-game.

I say that because I used to have that sort of viewpoint myself, but the end result convinced me that maybe I should re-evaluate my opinion of the universe. Took me 15+ years to get to that conclusion, so I am not surprised that many of my fellow slashdotters have not (yet) made a similar conclusion.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133459)

The point is whether, given the supposedly Enlightenment ideals of the Western idea of a university, they should have done.

Of course they should have done it. Every opportunity to make academics realize that they are not above the law and not any better or any different from everybody else should be taken. They need to be reminded that they are not special little snowflakes.

Re:There was no unauthorized access. (1)

Anonymous Coward | about a year ago | (#43132769)

Rules seem to be "staff email can be read, faculty email cannot be read". The administration is now pretending professor that becomes dean are no longer faculty but staff.

Harry Lewis thoughts [blogspot.com]

Re:There was no unauthorized access. (0)

mabhatter654 (561290) | about a year ago | (#43132949)

The ACCUSATION OF CHEATING at the level of Harvard is a professional "death sentence". Frankly, the accusations by the expelled students were probably cause to look at the professors.

If this went WRONG these Professors would have found out when security locked them out of their offices... And escorted them off campus. This wasn't going through the union, board, require process... This was Academic "Sudden Death". Be glad they ONLY searched your email!

They can be upset and outraged all they want, but they dodged a bullet they didn't even know about. That kind of thing happens in life more than you'd care to admit.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133009)

Um... no. That is not how academia works at all.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133241)

Why are you answering to me? I'm not a Harvard professor. My email wasn't searched.

Re:There was no unauthorized access. (0)

gl4ss (559668) | about a year ago | (#43132885)

really? so technically at&t could read your sms backlog since it's employees would be doing the reading?

where I live it would have been unauthorized access, they had no business searching through those mails.
the police could have done it with proper authorization(and that would not have come from the faculty).

at most they could have seen email headers - after permission from the judical system.

of course, I don't live in the states... ( and you know, this is not something you can just blanket sign away on the contract).

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43133033)

Anyone here have direct access to a Harvard Faculty / Administration Employment Manual or Employee Agreement or Contract? That's the only way to be sure: look at the actual contract.

Don't you have protection against this type of insanity? This would be a gross violation of privacy, considered very much illegal in Europe. Contract clauses aiming for these things are only allowed in circumstances and must be specified and motivated.

Re:There was no unauthorized access. (0)

Anonymous Coward | about a year ago | (#43139707)

I'd share it but leaking it would mean they'd investigate my internet usage.

How is this a /. story? (2)

eyenot (102141) | about a year ago | (#43132671)

We're all supposed to be geeks, here, especially computer geeks.

Computer geeks are supposed to be the ones who have to repeat ad nauseum and hammer home the fact that no, email is not secure (or private).

Shouldn't the story just be "shrug [link]"?

Shouldn't the comments just be all speculation about how the fact that this made "news" could possibly mean we face further uninformed and draconian measures in legislation?

Re:How is this a /. story? (1)

qubezz (520511) | about a year ago | (#43132721)

Some of the finest minds in tech didn't graduate from there.

Re:How is this a /. story? (2)

skids (119237) | about a year ago | (#43133057)

I'm more concerned that the title correctly used an s-apostrophy. When that happens I'm deeply suspicious that Slashdot has been taken over by a secret cabal of English majors.

Re:How is this a /. story? (1)

Anonymous Coward | about a year ago | (#43134005)

I'm more concerned that the title correctly used an s-apostrophy. When that happens I'm deeply suspicious that Slashdot has been taken over by a secret cabal of English majors.

Whose vine ripened mod points hang menacingly over us.

Re:How is this a /. story? (1)

idontgno (624372) | about a year ago | (#43139117)

Shouldn't there be a hyphen in the compound-word adjective "vine-ripened?"

<sotto voce>Um. Rats. Cabal rules say I shouldn't comment to correct, only moderate.</sotto voce>

Umm.. and there is no English major cabal!

Re:How is this a /. story? (0)

Anonymous Coward | about a year ago | (#43132845)

We're all supposed to be geeks, here, especially computer geeks.

And speaking as a geek who has a bachelor's degree, I'm certainly interested in academic freedom and intrusions into privacy.

Though they are employees and the university has a legal right to search their email, Deans should have some kind of independence to ensure a free exchange of ideas.

The fact that the search was to track down a whistleblower is incredibly depressing.

Why would you use your work email? (0)

Anonymous Coward | about a year ago | (#43132685)

If I want to leak something, it'll be over an SSL encrypted webmail account (ie Gmail).

Re:Why would you use your work email? (2)

gagol (583737) | about a year ago | (#43132829)

...sent from a specially created account while hooking up on unencrypted wifi connection from my car.

"HP's Playbook" (1)

Kupfernigk (1190345) | about a year ago | (#43132695)

That would seem to be the new HP tablet that looks like a BlackBerry PlayBook but with a worse display and camera. What has that got to do with Harvard seeming to have forgotten the difference between a university and a corporation?

Re:"HP's Playbook" (1)

kinko (82040) | about a year ago | (#43134919)

That would seem to be the new HP tablet that looks like a BlackBerry PlayBook but with a worse display and camera. What has that got to do with Harvard seeming to have forgotten the difference between a university and a corporation?

Some years ago, HP's board of directors approved spying on some of their own top executives to try to find the source of a leak. "Playbook" was supposed to be a metaphor for "game plan", not a product name :)

Thoughts on this from former Harvard College Dean (5, Informative)

haus (129916) | about a year ago | (#43132703)

Here is Harry Lewis thoughts on the matter...

http://harry-lewis.blogspot.com/2013/03/email-privacy-at-harvard.html [blogspot.com]

For those not familiar, Harry Lewis was not only the Dean of Harvard College for a number of years, he is also a Professor of Computer Science.

Re:Thoughts on this from former Harvard College De (1)

Anonymous Coward | about a year ago | (#43132929)

The man is living in the past, a kinder and gentler age where the university was "like family". We are now in the age of the Internet and education as big business with "brands" that can ebb and flow with the news.

Re:Thoughts on this from former Harvard College De (1)

mabhatter654 (561290) | about a year ago | (#43132991)

He mentions scientific fraud, but when the school is EXPELLING 60 students over ONE incident, they are looking at the "academic death sentence" if they find professors involved in any way.

Having professors involved would be the WORST possible outcome the University would have. They were looking for blood, there is probably a secret organization that would have "suicided" the offending professors... After they were pubically tarted and feathered (Harvard has old traditions) Privacy was the least concern.

Re:Thoughts on this from former Harvard College De (1)

dkf (304284) | about a year ago | (#43133641)

After they were pubically tarted and feathered (Harvard has old traditions)

Tarted and feathered? Is this some reference to an old punishment of dressing up academics like they were performers in the Moulin Rouge? That would be... well, rather eccentric and would make an absolutely wonderful punishment really. You'd only have to do it once and people would behave for the best part of a century (except for those who are secretly extreme exhibitionists and who want to do that sort of thing in public anyway; different strokes for different folks, and all that). Or were you talking about turning them into meat tarts? (I really think that sort of thing would be illegal. Gross too.) Or putting a custard pie in their face perhaps?

When you get right down to it, with an old tradition about you can never really tell.

Re:Thoughts on this from former Harvard College De (0)

Anonymous Coward | about a year ago | (#43134947)

Well, they do that whole Hasty Puddings Theatrical crossdressing burlesque thing....

Re:Thoughts on this from former Harvard College De (0)

Anonymous Coward | about a year ago | (#43139059)

For those not familiar, Harry Lewis was not only the Dean of Harvard College for a number of years, he is also a Professor of Computer Science.

He was a real dean. Turns out, the "deans" in this story are just people in charge of residence halls. Calling them deans and houses is just ivy league bullshit.

anyone stupid enough (3, Funny)

v1 (525388) | about a year ago | (#43132773)

to leak something USING the source's computers deserves to get caught. Just sayin'

How else can you leak it? (1)

betterunixthanunix (980855) | about a year ago | (#43132815)

You realize that if you leak anything that is on a computer, you need to access that computer at some point.

Re:How else can you leak it? (0)

Anonymous Coward | about a year ago | (#43132927)

It was the fact of the investigation taking place at all and the number of students suspected and the disciplinary actions taken that were leaked. All of this could have been done without the use of electronic documents. For example, a professor could have discussed the findings of the investigation board with a reporter. He or she might have used handwritten notes.

Re:anyone stupid enough (2, Insightful)

girlinatrainingbra (2738457) | about a year ago | (#43132853)

just look at what happened to (and is still happening to) Bradley Manning... Whistle-blowers beware...

Re:anyone stupid enough (1, Insightful)

mabhatter654 (561290) | about a year ago | (#43133049)

Normal whistle blowers have legal protection... When you whistle blow THE LAW that's what you get. They probably will push to execute him. The military doesn't have provisions for whistle blowing against the civilians.. Spreading secrets is treason... Even if when people label their own treason "secret".

Re:anyone stupid enough (0)

Anonymous Coward | about a year ago | (#43134509)

Yes, but think of it... They are searching someone's email to detect leaking. There has to be a certain amount of hypocrisy involved here.

Enough about Dean (0)

Anonymous Coward | about a year ago | (#43132819)

What about Hank's?

inomni satanas (0)

Anonymous Coward | about a year ago | (#43132831)

LVX INRI

Assume far more than your email is read (4, Insightful)

onyxruby (118189) | about a year ago | (#43132833)

When you work for someone you need to assume that your email is read, your website are logged, your SSL traffic decrypted and your computer inventoried. It is also a fairly safe assumption that login, logoff times, screenshots and keyboard strokes as well as mouse movements are all routinely captured.

Depending on your place of employment many of these big brother activities are demanded by law (SEC etc). It's not a question of whether or not you like or the IT department likes it, because neither of you do. It's a question of someone /way/ up your food chain has made the decision to perform that level of monitoring. If your going to get mad, get mad at the VP, the legal team, the SEC, or other person typically at the VP level that had the power to demand the level of logging to begin with.

To illustrate my point on how these things are often driven by and watched from the top you need only look at Yahoo. Their new CEO looked at the VPN logs when she saw the parking lot emptier than she thought it should be. She concluded people were slacking off and not really working and ended telecommuting for everyone at Yahoo. This was a data driven decision based on the logs that Yahoo's servers kept and their CEO reviewed.

I'm not justifying this, I'm not defending this, I'm simply explaining how these things work in the real world.

Re:Assume far more than your email is read (0)

Anonymous Coward | about a year ago | (#43132883)

You're deluded if you think the Yahoo CEO is being at all honest about the telecommuting policy. It's a stealth layoff.

Re:Assume far more than your email is read (-1)

Anonymous Coward | about a year ago | (#43133789)

I dunno...

When you work for someone you need to assume that your email is read, your website are logged, your SSL traffic decrypted and your computer inventoried. It is also a fairly safe assumption that login, logoff times, screenshots and keyboard strokes as well as mouse movements are all routinely captured.

My core network traffic at work goes through a validated, self-signed certificate to a cloud host over SSH. The key obviously has to be in memory, but that's all they'd get. There's a passphrase around it they could access... but key itself travels with me. Since the HTTP(S) goes through SSH, the usual MITM techs are pretty worthless.

When I'm away, there's a mouse agitator running over the screensaver keeping the desktop busy, and a steady 1kps of remote garbage traffic.

My email is published with a PGP key, and the work account links to a personal key and is immediately forwarded off site. You get a nice combination of a fetchmail script, some forwarding, and an crypter/signer (dangerous, but it's not /my/ key, just a mailbox key) and now I can use my toolchain of choice instead of god-awful exchange crap. If they turned off POP, it wouldn't work with my current config, but it'd just take few lines of VB to duplicate the effect in windows. That and a windows install.

Not many people use the PGP key, so mail sent to me or to people without it is readable. But none of that stays on corp mailservers. And it shouldn't. My backups are more available and reliable than IT. My password policy is stronger, and I actually monitor my network logs. But more importantly than all of that, I'm productive on my systems and toolchain.

Now -- there are still ways to compromise this situation, but I wouldn't bet on it.

I understand some of these behaviors would be a 'fired immediately' in a fortune 500, or even certain government jobs. But not at mine.

And oddly enough, there are IT people "up the network" that honestly believe they do monitor all traffic. In ten years one of them called with some questions. They're just incompetent idiots that don't actually understand networking, and when they see the network in my subdivision, they go running for their damned lives (it's too complicated for them to even understand the documentation, let alone run. We get our own /26, and that's all they know about it.

And frankly, as I go looking for another job -- that will be one of the late interview questions if it comes up in salary. If you monitor my keystrokes, you need to provide writing indemnifying me from the responsibility of protecting my passwords that authenticate myself to your hosts on your network.

Don't want to? That's fine -- modify the job description so that I don't require access to secured resources, or offer an immediate 25% raise to cover the discussions I'll be having with a solicitor and some specialized insurance companies.

Don't want to? I'll show myself to the door, thank you for the time. I'm a paid professional, not a serf or patsy to be set up as the fall guy and cast off the moment there's a problem in management.

When playing with the big boys, you don't treat your employees like suckers. You might need to establish trust-but-verify protocol, but if you're going to audit them continuously you need to make it worth their time. That includes very complex incentives if you don't actually engaged in merit-based reward.

And that's really the crux of it. If you have a policy that promotes monitoring, you better make sure the policy doesn't just protect the company. Otherwise it's basically just a loss of benefits.

Re:Assume far more than your email is read (1)

evil_aaronm (671521) | about a year ago | (#43134305)

At my last corp job, I brought in my own laptop and Sprint wireless modem. My work machine was for nothing but work, and they had no idea how much time I spent surfing /.. If I'd had something to whistle-blow, I'd have just copied it to a flash drive from my work machine, and sent it from my personal laptop.

Re:the real world (0)

Anonymous Coward | about a year ago | (#43134557)

You mean the portion of the real world that is you and people like yourself.

When will we learn (1)

FuzzNugget (2840687) | about a year ago | (#43132879)

To self-encrypt everything?

What good does crypto do? (1)

betterunixthanunix (980855) | about a year ago | (#43132897)

They are looking for a whistleblower. An encrypted message to the press is a big red flag that says, "I am a whistleblower," unless all the deans are in the business of communicating with the press. A message to an anonymous remailer is equally incriminating.

The real answer here is to take the documents out of Harvard on a thumb drive and mail them from an Internet cafe or somewhere else that cannot be monitored by the administration.

Mixed Messages (5, Informative)

the eric conspiracy (20178) | about a year ago | (#43132925)

Harvard has a problem because of THIS:

Harvard University Information Security

FAS Policy Regarding the Privacy of Faculty Electronic Materials

The Faculty of Arts and Sciences (FAS) provides the members of its faculty with computers, access to a computer network and computing services for business purposes, and it is expected that these resources will be used in an appropriate and professional manner. The FAS considers faculty email messages and other electronic documents stored on Harvard-owned computers to be confidential, and will not access them, except in the following circumstances.
First, IT staff may need access to faculty electronic records in order to ensure proper functioning of our computer infrastructure. In performing these services, IT staff members are required to handle private information in a professional and appropriate manner, in accordance with the Harvard Personnel Manual for Administrative and Professional Staff. The failure to do so constitutes grounds for disciplinary action.
Second, in extraordinary circumstances such as legal proceedings and internal Harvard investigations, faculty records may be accessed and copied by the administration. Such review requires the approval of the Dean of the FAS and the Office of the General Counsel. The faculty member is entitled to prior written notice that his or her records will be reviewed, unless circumstances make prior notification impossible, in which case the faculty member will be notified at the earliest possible opportunity.

They were not notified according to this policy.

Could get messy.

Re:Mixed Messages (0)

Anonymous Coward | about a year ago | (#43133093)

This is what I came here to say; the summary completely missed the point. Reading the emails was a direct violation of established University policy. Usually it's the cover-up that causes more trouble than the original crime; here the attempt to find a cover-up is going to be the biggest problem for Harvard.

No privacy (4, Insightful)

Emperor Tiberius (673354) | about a year ago | (#43132973)

When are people going to learn that they have no privacy on their employer's computer systems? Geeks and IT folks seem to have the biggest problem with this. If you really need that privacy, go out to your car on your lunch hour and use your smartphone. At the end of the day, it's your employer's power, bandwidth, space, and equipment. If they want to monitor their systems, they have every right to do so. Now obviously, some monitoring is a huge gray area when it comes to moral and ethical issues. So why not simply side step the issue by using your own person accounts, devices, and access?

Re:No privacy (1)

Anonymous Coward | about a year ago | (#43133205)

You do when policy clearly states a degree of confidentiality and due process for breaching it, both which were not followed. This will likely become a big deal, with the administration coming down hard to Protect The Brand.

Re:No privacy (3, Interesting)

dkf (304284) | about a year ago | (#43133791)

You do when policy clearly states a degree of confidentiality and due process for breaching it, both which were not followed. This will likely become a big deal, with the administration coming down hard to Protect The Brand.

It's particularly a big deal when you do it to a substantial number of Deans. I'd assume that a number of people in the administration will be without jobs before too long, and maybe also a change of general counsel too. Not that anyone will say anything nasty; there will just be a general agreement that some people need to... well... move on; personality clashes, changing priorities, that sort of thing. And that perhaps it is time to ring the changes with who provides legal advice. No fault implied. No public link with this incident at all.

In a commercial organization, I'd expect more recriminations in public for spying on the executive members of the board (damn close to what's happened here, in explicit contravention of their own policies). Universities tend to prefer to keep things a bit quieter. But no amount of union membership or past history of good relations is likely to save those responsible for authorizing this. A key rule of university politics is this: unless you have cast-iron evidence of wrong-doing, you DO NOT MESS WITH ANYONE WHO CAN TAKE YOUR BUDGET AWAY. Or who can replace the person with that power.

Pass the popcorn. I'm going to enjoy watching this from afar.

Re:No privacy (1)

Solandri (704621) | about a year ago | (#43133755)

I'm of the opinion that there's no one right answer to this. Some companies will treat their employees like prisoners and monitor them every minute they're at work (and maybe even try to when they're not at work). Some will give them complete privacy. And the rest will do something in between. IMHO you do not have a fundamental right to privacy when someone is paying you for that time. But you are free to negotiate with the person writing the checks exactly how much privacy you wish to have. Companies with unusually strict monitoring hurt themselves by decreasing the pool of prospective employees. People with unusually high expectations of privacy hurt themselves by decreasing the number of prospective employers.

Privacy of government employees OTOH is something where the electorate needs to decide what constitutes the "one right answer".

/., I am disappoint (5, Insightful)

Anonymous Coward | about a year ago | (#43132985)

Here we have a story about how students, generally of wealth and privilege, being caught cheating, and being handed less severe sentences then are handed out by low ranking local state schools. Adding to that, the school's biggest concern now seems to be to get whomever had the audacity to air Harvard's dirty laundry.

Slashdot reaction? Silly noobs, e-mail is insecure. Employers have the right to search company e-mail.

Hey guys, how about concern about what these people are teaching the kids who, let's face it, will be future congresscritters and other leaders. Hey, it's OK to cheat, just don't get caught, or else you'll get a slap on the wrist. Oh, and be sure to exact revenge on whoever lets the plebs know.

Yes, it's OK to cheat, just don't get caught. (1)

porky_pig_jr (129948) | about a year ago | (#43134349)

That's *the American* way, dude.

Re:Yes, it's OK to cheat, just don't get caught. (1)

guruevi (827432) | about a year ago | (#43135497)

And you think that's not the way anywhere else? No-one that has made a name for themselves has done this with a completely clean conscience or even a legally clean track record. You can't make money being honest.

Re:Yes, it's OK to cheat, just don't get caught. (0)

Anonymous Coward | about a year ago | (#43138371)

You can't make money being honest.

Wow! Is it depressing being that cynical?

End-to-End Encrpytion (1)

tapspace (2368622) | about a year ago | (#43133155)

I think we're going to finally see end-to-end encryption popularized for email. You can now mod me funny.

How Is this news? (1)

viperidaenz (2515578) | about a year ago | (#43133721)

If you change the title to reflect reality
Company does what it said it may do in employment contract/IT policy amendment.
It's really not so scandalous

Re:How Is this news? (1)

the eric conspiracy (20178) | about a year ago | (#43135071)

Except they didn't. Harvard's policy is a bit more respectful of faculty privacy than the average company. At least they are supposed to notify you.

Property (0)

Anonymous Coward | about a year ago | (#43134901)

Property owned by Harvard.

No illegal searching at all.

This covers all faculty, staff and students, including all Administration employees and board members and chancellors as the structure may be.

If there is a 'concern' among faculty, staff and students then re-direct to a pseudonym e-mail.

University or Brand (0)

Anonymous Coward | about a year ago | (#43135239)

Is Harvard still a university, or has it now become a brand?

Seems to me its become all about its brand...

Liquid Document Control? (1)

dgharmon (2564621) | about a year ago | (#43136661)

"In June 2010, Liquid Machines was acquired by Check Point Software Technologies Ltd [harvard.edu], an Israeli Internet and data security company best known for its ZoneAlarm firewall software."

You have got to be shitting me ! ! !

Re:Liquid Document Control? (0)

Anonymous Coward | about a year ago | (#43138395)

You have got to be shitting me ! ! !

I shit you not ! ! !

Delicious irony (0)

Anonymous Coward | about a year ago | (#43138479)

Only at some white tower like Harvard would faculty members be surprised that they have no expectation of privacy. Just like everyone else at any other organization — commercial or otherwise – anywhere.

And good luck getting a “private” email account. What are you going to use? Gmail? Hotmail? Yahoo? Any of those places will drop trou the moment someone with a badge shows up, and ask questions later, specifically because the federal government has retroactively made it legal to do basically anything they want with digital communications.

Cell traffic instead? We just found out that the FBI's been snooping it and dodging the legal questions for 20 years. Well whaddya know? Since the technology was invented. Who'd've guessed?

Maybe Harvard professors should think twice before they produce the next generation of jurists, presidents, senators, and congressmen that continue to erode our Constitutional rights, and the limp-wristed “journalists” and news “anchors” that let them get away with it.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...