At Calif. Campuses, A Test For Free Speech, Privacy And Cybersecurity
A controversy over a secretly installed data monitoring system is simmering at university campuses across California.
Last summer, hackers broke into the computer network at the UCLA medical center. A few months later, the University of California system's president quietly ordered a new security system to monitor Internet traffic on all UC campuses.
"And the people who had to put the box in place were ordered to do so and also ordered to keep quiet about it," says Ethan Ligon, a professor of agricultural economics at the University of California, Berkeley.
But they didn't keep quiet: Ligon and other faculty members found out — and were surprised that they weren't consulted.
"There's a long tradition that dates back to the [1930s] at the University of California that gives faculty the right to share in shaping policies at the university, both on the campus and across the UC system," Ligon says.
The decision by Janet Napolitano, the university president and a former secretary of homeland security in the Obama administration, is stoking debate over what level of privacy and free speech should be guaranteed to faculty and students at public universities.
The security system ordered by Napolitano not only monitors Internet traffic — it also stores it for at least 30 days. The idea is to allow security personnel to go back through the traffic to look for breaches.
But experts like Vinnie Liu, a senior partner with the Internet security firm Bishop Fox, say this kind of system creates a trove of information for hackers.
"Where you rely on that as a central point of control, if that monitoring system were to be compromised, if it's not deployed correctly or it's not managed correctly, then, yes, it would absolutely be a very bad situation," Liu says.
At a recent meeting of the UC Berkeley Graduate Assembly, many students learned about it for the first time. Some, like Andrew Stevens, were not pleased.
"How many people here have research with human subjects where you're ensuring them that your communications are private?" he asked. "That information is now sitting in a repository that could be subpoenaed."
And then Marten Lohstroh — a student in electrical engineering and computer science — raised what was on a lot of students' minds.
"The question I have is, how, as the University of California, did we end up having a president that was the former secretary of homeland security?" he asked, to laughter.
Last week, the Graduate Assembly passed a resolution in opposition to the University of California Office of the President's "coordinated monitoring" activities.
Napolitano was President Obama's secretary of homeland security until 2013. Her office said it did not have anyone available to speak with NPR in time for this broadcast.
But in a letter to university chancellors, Napolitano said her office had no interest in individual emails or browsing history, but that network monitoring is a critical element of cybersecurity.
Christine Borgman, a professor of information studies at UCLA, recently got a chance to meet with representatives from Napolitano's office who stressed the urgency they felt after the UCLA break-in.
"We can certainly understand that you need to scale up your security and you don't want to broadcast exactly what you're doing because you're only going to invite certain kinds of attacks," Borgman says. "But that doesn't mean that we couldn't have talked through more of it as we went."
But Napolitano presides over a university system with a stormy history around free speech and spying by the federal government — especially at Berkeley, where Eric Brewer is a professor of computer science. He says J. Edgar Hoover spied on Berkeley faculty and students during the Cold War.
"He was worried about Berkeley being a hotbed of communism, and so he felt free rein to monitor what was going on there," Brewer says.
Of course, these days most people expect their employers are monitoring them at work. But academia is different, says Barmak Nassirian of the American Association of State Colleges and Universities.
"The very substance of higher learning really would not be possible unless the faculty and students have some guarantee of confidentiality that they can pursue perhaps crazy ideas and speak with each other without the fear of the stuff coming back to haunt them," Nassirian says.
But universities are also favorite targets of hackers because of all the personal and professional information on their servers, which means it's going to be tough to balance security, free speech and privacy.