Opinion: Proactive stance on campus internet privacy is needed

Have you looked up symptoms for an odd ailment on WebMD on a UNC internet connection? Sent anything controversial on your University email? Have a weird porn fetish?

The University might know.

The current UNC Privacy of Electronic Information policy — updated in 2002 — is often vague and nondescript, leaving broad discretion for individual employees to look at campus internet usage.

Although almost all UNC employees likely respect users’ privacy and would not misuse their ability to intercept data, the possibility for abuse is real and should be addressed.

In a world roiled by the revelations of Edward Snowden about secret warrantless spying on American citizens, the University should show its commitment to privacy by establishing stronger, more specific mechanisms regulating how and when officials can view a student’s email or look at an individual’s search history.

What’s to stop an unprincipled network administrator from looking at the internet history of a love interest or a university administrator from perusing an email exchange between activists? Is there a record of who accesses students’ data?

If a campus activist uses the University email for personal purposes, loose standards regarding overseer access to email could lead to blackmail or the leaking of intimate details about students.

The classic arguments against online privacy are that electronic communication does not have a strong entitlement to privacy, and those who “have nothing to hide have nothing to fear.”

The first claim is specious because expectations and culture surrounding privacy can be changed. If the protection of individual liberty and political activism requires institutional protections against invasive authorities, there is no reason such protections cannot be enacted, even if they do not exist now.

The second claim presumes that authority figures never abuse their position. It also ignores that there is a wide range of activity that is not illegal, but stigmatized or subject to vilification, that individuals have a right to keep secret. Should the University be able to find out if a student searched for, say, mental or sexual health concerns?

The University currently reserves the right to review internet usage “to prevent or investigate any actual or potential information security incidents and system misuse, if deemed necessary by authorized personnel” and to “investigate reports of violation of University policy.”

Given the recent spate of campus activism targeting university administrations, it would be naive to think that the administration could never misuse its ability to review electronic communications, especially email.

The University should update these policies to include stronger, specific institutional mechanisms that would prevent abuse. Unilateral discretion by one individual is not sufficient.

Every review of a student’s internet usage should be logged, and this log should be public. There should be a stronger process for approving a review of internet history involving multiple persons and requiring a strong suspicion of prohibited conduct.

Vague clauses about what constitutes a violation should be clarified or stricken from the internet code. Privacy must be protected.