Lessons of Harvard’s secret email search

by Stephen Petrina on March 13, 2013

Dan Gillmor, The Guardian, March 11, 2013— According to Harvard Universityemail subject lines are not “content”. This remarkable claim comes in a university statement, sardonicallycalled a “partial apology” by the Boston Globe, attempting to explain why Harvard semi-searched email accounts of 16 “resident deans” to find out who’d leaked information about a student cheating scandal to the press.

The statement attempted to put to rest a mini-uproar set off by theGlobe’s initial report on the leaker probe methods. In attempting to explain what had happened, and to assure the Harvard community that people’s emails weren’t being scanned wholesale, the statement answered some questions but only provoked others.

Most of all, the entire episode highlighted several realities in today’s working world: notably, the folly of using an employer’s email system for any purpose that might ever prove controversial.

I won’t even attempt to sort out the Harvard explanation; it’s too convoluted. But I do want to point to the bizarre assertion mentioned at the top of this piece. The statement says, in part:

“The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: no one’s emails were opened and the contents of no one’s emails were searched by human or machine.”

I have news for the deans under whose names this statement appeared. Like most people who send email, I try hard to make the subject line relevant enough that the recipient will be inclined to open the missive and read it. Other highly relevant material in my email includes the name of the person I’m sending it to; the date; the time; the internet address of the machine I’m using; and the network I’m sending from. None of those is the message itself, but they are “content” in every way that matters. That data form the basis for all kinds of inferences and knowledge about me.

I take for granted that Harvard, like all employers, has a right to look at pretty much anything it pleases on the machines that are part of its network, and I’d put administrative email accounts, as these were, fairly high on the list. That doesn’t mean Harvard is necessarily doing the right thing, or that any employer exercising its internal snooping rights, except in the rarest of circumstances, is being honorable with its employees.

It does mean that employees should always assume that their employers’ networks are under surveillance, at least internally.

Read More: The Guardian