In scanning the email of its resident deans in order to suss out the source of a leaked letter, Harvard may have made history — in setting an example for how to spy on employees in "blanket" fashion: Search 'em all to find just one, and don't tell anybody about it. The university's statement on Monday, in which it admitted to scanning the electronic headers of more than a dozen deans' email history, capped a three-day-long controversy that began with the revelation on Saturday that Harvard officials, in an effort to plug a series of leaks to The Harvard Crimson (concerning that huge cheating ring), had identified a dean who forwarded an email to two advisees... and then searched the email of a bunch more deans. Being vaguely reminiscent of Goldman Sach's epic "Muppet" search that transfixed the banking world in 2012, Harvard's investigation also set off another debate about privacy in work environments — everyone's favorite topic! — due to the odd circumstances under which Harvard's administration conducted the search.
Some background: According to The Boston Globe, Harvard professors Michael Smith (the school's Dean of the Faculty of Arts and Sciences) and Evelynn Hammond (the dean of Harvard College) first tried asking Harvard's resident deans — who all received the leaked correspondence — if they had provided it to another person. When none of them did, Smith and Hammond ordered a search of the email metadata (not the emails themselves) for all 16 resident deans in question. That search turned up a still unnamed resident dean, who admitted that he or she had in fact forwarded the email to two students. As Kashmir Hill at Forbes points out, this procedure isn't that strange, nor especially far-reaching:
All in all, it wasn’t a very invasive search. They can be much worse. ... While you don’t completely give up your privacy when using work email or sending personal email from work devices, employers can go searching when they have a legitimate reason.
What was strange was the fact that Harvard declined to inform the deans that their email was being searched at all. This, Harvard claims, was a measure intended to protect the identity of the unnamed dean (who apparently leaked private correspondence by accident). But doing so kept the other deans in the dark, even as their emails got spied upon by their employers, which opened up Harvard to accusations that it had invaded the privacy of its faculty.
And that brings us to the real nitpicky heart of the matter: At Harvard, it's unclear whether resident deans fall under the designation of "staff" or "faculty." The distinction is important because the policies for searching each group's emails are very different. Faculty have to be informed their email will be searched (or shortly after it is), whereas staff email accounts are wide open to inspection, at any time. Currently, resident deans occupy a gray area: like faculty, they do in fact teach (even if they don't publish); but they also perform administrative duties, like advising and negotiating conflicts with students.
The confusion over which status resident deans deserve brings to the fore the real privacy battle going on here. Should universities function as regular workplaces — where work-related email accounts can be searched at any time — or seek to guard the privacy of their staff and faculty, even at the expense of potential leaks? This question certainly has caveats: after all, it's possible that a faculty or staff member could compromise confidential student information, in violation of federal law — which is how Smith and Hammond, the Harvard professors, justified the search in their statement on Monday. But their noble intentions have yet to persuade a great number of Harvard professors, one of whom wrote over the weekend:
It seems to me that we have taken another step away from the old feeling that the university was a family, benevolently disposed towards its members and even lovingly indulgent. It has taken a step toward becoming instead a bristling corporation, with adversaries within who must be spied upon using all available tools, or perhaps an authoritarian government.
In other words: Harvard professors don't want their beloved university — which bears veritas as its motto — to suddenly become, say, the banking behemoth Goldman Sachs, which was forced to search through of all of its employees' emails after a former Goldmanite, Greg Smith, claimed that his former colleagues often referred to unsophisticated customers as "Muppets."
But some legal experts say Harvard may have set a strange kind of precedent for snuffing out a leak by sifting everyone's email — protecting one by invading all, as it were. At least that's what Pauline Kim, a law professor at Washington University in St. Louis, tells the Los Angeles Times:
"Oftentimes in a corporate setting, when a corporation decides it needs to investigate something, they tend to do it in a blanket way," Kim said. "I would actually think that if employers wanted to be careful, they could follow Harvard's example. To the extent that it was justified, they were very narrow in the search. ... That kind of approach is far more sensitive to privacy concerns than what you normally see in the corporate setting."