Who's Reading My Mail?

Harvard’s e-mail system is notoriously behind the times. Problems ranging from its limited storage space to the webmail interface’s unwieldy design have caused many students to simply use their school-issued account as a forwarding address to third-party accounts. But recent Undergraduate Council (UC) legislation has highlighted a flaw of a different nature entirely, one that has long gone unrecognized: a threat to student privacy. According to the current wording in the Handbook for Students, administrators may access student email at will in order to “ensure compliance with…University rules.”

The UC Electronic Privacy Act asks the Committee on College Life to amend the handbook to require that access to student email accounts be granted only to the Administrative Board or the Student-Faculty Judicial Board, and only when necessary to disciplinary proceedings already underway. In addition, the UC-proposed wording would require that students be notified beforehand and have a chance to appeal such an incursion into their account.

We applaud this legislation and recommend that the Committee on College Life make the proposed change to the handbook. Though, to our knowledge, the administration has not abused its power to peek into students’ e-mail accounts, students have a right to know exactly how much privacy they can expect and have some assurance that the administration will not conduct fishing expeditions into students’ e-mail before any disciplinary charges have been brought.

Furthermore, adding transparency to the process by requiring notification and by providing a means to appeal would keep student privacy concerns from being ignored while doing little to impede the legitimate actions of disciplinary bodies. Although students could conceivably delete sensitive emails in response to a notification, recently deleted e-mail messages are recoverable by system administrators. In addition, disciplinary bodies should be willing to accept the review of an appeal process if they can reasonably claim that the University’s interest in enforcing discipline is great enough to justify violating student privacy. Accessing student e-mail should be a measure reserved for exceptional cases.

While this legislation is a valuable step, it does not go far enough in protecting students’ privacy. Even though we recognize that students give up some of their privacy by accepting University e-mail addresses, students should be able to communicate without being subject to any University surveillance. We hope that an eventual move to outsource webmail, by removing users’ data from the direct control of Harvard system administrators, will solve many of these problems, but for the present, stronger institutional safeguards to protect student privacy should be instituted.