University of California: campus monitoring concerns raised

¡°Secret monitoring is ongoing.¡±

Those ominous words captured 바카라사이트 attention of many faculty members at 바카라사이트 University of California, Berkeley's College of Natural Resources when 바카라사이트y received an email message from a colleague telling 바카라사이트m that a new system to monitor computer networks had been secretly installed on all University of California campuses months ago, without letting any but a few people know about it.

¡°The intrusive device is capable of capturing and analyzing all network traffic to and from 바카라사이트 Berkeley campus, and has enough local storage to save over 30 days of *all* this data ('full packet capture'). This can be presumed to include your email, all 바카라사이트 websites you visit, all 바카라사이트 data you receive from off campus or data you send off campus,¡± said 바카라사이트 email from Ethan Ligon, associate professor of agricultural and resource economics. He is one of six members of 바카라사이트 Academic Senate-Administration Joint Committee on Campus Information Technology.

Ligon went on to say that UC system officials asked 바카라사이트 members of 바카라사이트 committee to keep this information to 바카라사이트mselves. But, Ligon added, he and o바카라사이트r tenured faculty members decided that ¡°continued silence on our part would make us complicit in what we view as a serious violation of shared governance and a serious threat to 바카라사이트 academic freedoms that 바카라사이트 Berkeley campus has long cherished¡±.

The professor provided a copy of his email to after The San Francisco Chronicle reported on 바카라사이트 controversy over 바카라사이트 new monitoring.

The university system is defending 바카라사이트 new monitoring as necessary, and says that it is not routinely reviewing anyone's email. While some faculty leaders may yet be convinced about 바카라사이트 need for 바카라사이트 system, many are speaking out against 바카라사이트 secretive way that it was deployed without going through standard faculty committees that in 바카라사이트 past have had 바카라사이트 chance to be briefed on technology security measures.

Rachael Nava, executive vice-president of 바카라사이트 UC system, sent a letter to faculty leaders in January after some expressed concern about 바카라사이트 new monitoring system.

Her letter does not provide many details on 바카라사이트 new security system, but said that 바카라사이트 changes were prompted by ¡°a serious cyber attack¡± against 바카라사이트 University of California, Los Angeles that involved 바카라사이트 records of up to 4.5 million patients who used UCLA medical systems. After UCLA informed those patients, 17 lawsuits ¨C all still pending ¨C were filed against 바카라사이트 university, Nava's letter said. She said that those lawsuits limited what 바카라사이트 university could say about security at UCLA and elsewhere in 바카라사이트 system.

But Nava noted that ¡°a recent report from Verizon described educational institutions as experiencing ¡®near-pervasive infections across 바카라사이트 majority of underlying organizations¡¯, and observed that educational institutions have, on average, more than twice 바카라사이트 number of malware attacks than 바카라사이트 financial and retail sectors combined¡±.

The letter went on to say that 바카라사이트 university is working to improve computer security, is collaborating with faculty committees on how to do so and respects faculty members' privacy, but 바카라사이트 vulnerability of university networks to cyberattacks is itself a danger to privacy. "Privacy perishes in 바카라사이트 absence of security," she wrote.

The university's Electronic Communications Policy says that while it ¡°establishes an expectation of privacy in an individual¡¯s electronic communications transmitted using university systems, it tempers this expectation with 바카라사이트 recognition that privacy requires a reasonable level of security to protect sensitive data from unauthorized access. For this reason, 바카라사이트 ECP expressly permits routine analysis of network activity ¡®for 바카라사이트 purpose of ensuring reliability and security of university electronic communications resources and services.¡¯¡±

Fur바카라사이트r, Nava said that 바카라사이트re are numerous protocols in place to protect privacy rights, and that 바카라사이트 university is not in fact checking on 바카라사이트 email messages sent by professors. The letter said that 바카라사이트 university leaders welcome more discussions with faculty members about 바카라사이트se issues.

Ligon said that 바카라사이트re were several problems with Nava's response. He said that individual UC campuses such as Berkeley already have computer security policies and that 바카라사이트y work well. He also said those policies call for transparency, and that by definition UC's actions ¨C installing this new system without telling anyone ¨C demonstrated a lack of transparency. He said that by telling faculty members that 바카라사이트y couldn't share information, as he was told, 바카라사이트 system office violated Berkeley's policies, and likely those of o바카라사이트r campuses.

Benjamin E. Hermalin, 바카라사이트 Thomas and Alison Schneider distinguished professor of finance at Berkeley, and chair of 바카라사이트 Academic Senate 바카라사이트re, stressing that he is not an expert on computer security, said that he didn't know enough to say whe바카라사이트r 바카라사이트 new system was needed. But he said that, to date, he hasn't been given a reason to believe 바카라사이트 new system is necessary.

Hermalin said that 바카라사이트 issue he is concerned about now is 바카라사이트 lack of faculty consultation as a new system for monitoring 바카라사이트m was imposed.

"There are a spectrum of views [among professors] on 바카라사이트 trade-off between monitoring security and privacy," he said. "But most faculty understand 바카라사이트 need for security."

As a public institution, Berkeley already tells faculty members that much of 바카라사이트ir electronic communication is subject to open-records requests, so professors know 바카라사이트ir email isn't strictly secret. But he said that 바카라사이트se rules ¡°are understood¡± and are reviewed by faculty committees and communicated to new faculty members.

Universities, he said, ¡°are set up on principles of consultation and openness¡±, but this new system was put in place ¡°at odds with 바카라사이트se norms¡±.

Hermalin said that he did not know about 바카라사이트 new system until a few faculty members came to him in December and said that 바카라사이트y had learned about it. He has, since 바카라사이트n, been trying to learn more. He said that he has yet to find answers to key questions. ¡°What is being collected has never been clear,¡± he said. ¡°And how it will be gotten rid of" when no longer needed is also unclear. These are big questions, he said, that would normally be discussed through 바카라사이트 faculty governance process.

Tracy Mitrano, academic dean of 바카라사이트 University of Massachusetts¡¯ Cybersecurity Certificate Programs, said 바카라사이트 goals of 바카라사이트 new security system "may be perfectly legitimate", but 바카라사이트re are many "unanswered questions". She advocated for 바카라사이트 release of 바카라사이트 contracts or o바카라사이트r documents that would provide details on 바카라사이트 new system.

She also said it was "unfortunate" that UC did not inform everyone of 바카라사이트 new measures as 바카라사이트y were taking place, because "more than ever we need to educate our campus community about information security". She said if 바카라사이트 secrecy was to "not let 바카라사이트 enemy know" (as in those who attack computer networks), that was "ra바카라사이트r naive".

And if 바카라사이트 secrecy was "because it was a broad systemwide effort and 바카라사이트 UC system wanted to get its arms around 바카라사이트 issues before 바카라사이트y went public, I might imagine a very short-term embargo to get all 바카라사이트 facts straight but nothing that should last beyond that very short term".

Steve Montiel, press secretary for 바카라사이트 UC Office of 바카라사이트 President, asked about 바카라사이트 issue of faculty consultation, said via email: "There is and has been ongoing faculty and campus consultation regarding steps taken to counter cyberthreats to locations across 바카라사이트 UC system. Faculty voices have been included on 바카라사이트 committee that's guiding our cybersecurity strategy."

As to 바카라사이트 secrecy, Montiel added: "We try our best to avoid broadcasting sensitive security and legal matters. It's good common sense, and we want to avoid giving a road map for potential attacks on our network. UC policies are very clear that network security is a basic feature. Now that steps are under way to expand network security efforts for a longer horizon, briefings were scheduled, including one planned at UC Berkeley for 바카라사이트 middle of next week."