Recently, using my cellphone to access the secure Wi-Fi signal that all of us at the university are advised to log on to, I was confronted with this message:
Privacy Warning
This network is blocking encrypted DNS traffic.
The names of websites and other servers your device accesses on this network may be monitored and recorded by other devices on this network.
This message gave me such a start that I canceled my request to join and spent the rest of the day on cellular access. Though I know that’s not immune to prying, either, I assume it would happen only if a major emergency occurred.
Most of us are aware that you shouldn’t employ company electronic devices for personal use: no web surfing, no placing orders on eBay and certainly no NSFW material. We also recognize that, if you’re using a work computer, your browsing history may be monitored. But how many people know that if you use a college’s Wi-Fi connection, even your personal phone or laptop is subject to scrutiny? That this may be true even if you’re just texting a friend? Given the political stakes these days as to who’s saying what about whom, this is a real privacy issue—or ought to be. It almost seems like a new version of the K-12 hall monitor, but extended far past school corridors.
The information technology person at my university was cautious when I broached the issue, referring me to university legal counsel. The university counsel never got back to me, despite multiple emails and follow-ups over the course of a month. In this recorded era, I maintain a record of that.
I contacted an acquaintance of mine who works in business operations and explained the situation. He arched an eyebrow at me. “This is standard,” he told me. “If we don’t do that, we could be liable for something that occurs without our knowledge.”
“But—”
“In fact, when you first joined that Wi-Fi network, you must have signed an acknowledgment—”
“What!”
“—that your communications might be open to surveillance.”
I tried to recall if I’d clicked on “I accept” when I joined the secure university network. Maybe. We all click on so much these days.
“Actually, some places even insert some coding into your device when you accept.”
I didn’t want to visualize that. I couldn’t help but visualize it, though I swear I have almost nothing to hide. “Do they ever use that information?”
“Rarely.” He smiled. “Unless they want to fire an employee for cause. This gives them something they can use.”
Since I’m not 100 percent naïve, this news came as only half a surprise. Reviewing my university’s computing use policy, I’m struck by certain key words (emphasis mine): “Users should also be aware that their uses of university computing resources are not completely private. While the university does not routinely monitor individual usage of its computing resources …” I’m not trying to call out my university specifically here. But suffice to say, we have been warned.
During the worst of the pandemic, when so much of academia was on Zoom, recording and sharing everything from classes to meetings always seemed like a possibility. But somehow we thought the recording angel was no longer in the wings.
In fact, the issue of monitoring, known and unknown, has expanded with the growth of electronic surveillance. Recently, at the University of North Carolina at Chapel Hill, a business school professor was dismissed shortly after he was informed that his classes had been recorded by the Panopto equipment in his classroom (on this issue, see Michael Schwalbe’s “Resisting the Panopticon” in Inside Higher Ed back in 2021). As an associate dean at UNC commented, “Notice is not required to record classes.” Maybe so, but a lot of us were taken aback by this statement.
The Electronic Frontier Foundation, EFF, keeps track of these issues, from cell tracking to surveillance drones. In the state where I teach, a new data protection and privacy act, recently signed by New Jersey’s governor and set to go into effect next January, applies not just to companies but also to educational institutions. The rules stipulate that any monitoring must protect personally identifiable data, restrict data collection to a minimum and keep the data secure. But it also seems to largely allow monitoring, provided the “controllers” of the data notify employees, students or other users in some way.
So the process is endemic, and, again, we have been warned. For example, when I accessed a few sites for research into New Jersey electronic privacy laws, they all listed at the bottom of the screen their cookie policy, which is to say whether I was OK with their embedding small files on my computer for information about my preferences. Many of us semi-tolerate that.
But how many of us are ignorant about being watched? How many of us mind? When I asked some students about the issue, most just shrugged.
“Yeah, no. Not really.”
As one woman explained, it’s not that they like being monitored, but they’ve grown up with the technology and simply assume that whatever they do might be recorded. Our exchange over, she walked over to the elevator. While waiting, she took out her phone. From over her shoulder, I could see she was checking TikTok. Was I guilty of an invasion of privacy? Not unless it was to elicit information not available through normal inquiry or observation, a so-called intrusion into seclusion.
On the other hand—there are so many hands here—that’s exactly how three Columbia administrators were recently seen—and permanently removed from their positions for—texting offensive messages during a meeting. The apparent proof came from a person seated behind them, who took photos of the texts with her phone, a combination of high- and low-tech surveillance.
Where does this leave us? Maybe just with two words: Exercise caution.
EDITOR’S NOTE: In a written statement provided to Inside Higher Ed, a Montclair State University spokesman said that “while the university does not routinely monitor individual usage or restrict access to web content, it utilizes as part of its safety protocols endpoint protection software, which protects against malware and other viruses and logs and alerts the university to activities associated with known high-risk content categories. Additionally, normal operation and maintenance of university-issued devices require the backup and/or caching of data and communications, the logging of activity, the monitoring of general usage patterns, and similar activities for the service. These are industry-standard safety protocols and practices that allow the university to safely operate, protect the information of its students, faculty and staff, and protect the university from liability.” The statement also notes that the university’s Responsible Use of Computing Policy affirms that “the rights of academic and political freedom and freedom of expression apply to the use of university computing resources.”
Discussion about this post