An Unfinished Investigation

In April, President Faust announced that Boston attorney Michael B. Keating would “verify” the University’s initial findings concerning the timeline and scope of unauthorized email searches that took place regarding the Government 1310 cheating case. While the Keating report assures us that the chronology presented by administrators was accurate, it does little to assuage the deficit of trust that emerged through the scandal.

The great institutional failure visible in the Keating report is the utter lack of knowledge of important FAS policy throughout the University and a resulting failure to abide by it. It fails to explain many instances of questionable conduct on the part of administrators, while, in the space of a footnote, detailing a complete breakdown in the diffusion and execution of FAS policy.

At the bottom of page 20, we learn that “neither the HUIT Employee nor the FAS administrators who approved the searches knew about” the FAS email privacy policy. Even the Office of General Counsel, the University’s legal advisory body that played a central role in executing the searches, did not ensure that it did not infringe privacy policy. “No attorney at the OGC appears to have been aware of” the FAS email privacy policy, and “as a matter of practice, the OGC is not asked to ‘approve’ privacy policies adopted by different institutions at the University,” Keating writes.

Furthermore, the report uncovers that FAS Dean Michael D. Smith was sent an email describing a planned search of “Resident Dean X’s” mailbox for correspondence with Crimson reporters. The institutional failure to take privacy seriously is yet again signified by Smith’s decision to “not focus” on the description of this search, and “not read past the first page” of such an important email.

The privacy task force convened by President Faust should take these revelations seriously, as should Faust herself in formulating interim policies. They should not merely focus on revising guidelines, but also ensure more effective practices are in place—for disseminating policy, for training technicians, lawyers, and administrators to adhere to policy, and for enforcing policy. In order for it to serve any purpose, privacy policy must be respected by the University staff as a whole.

Despite describing a widespread ignorance of privacy policy, the report does not see it fit to examine the many unjustified actions taken by administrators in the case of “Resident Dean X,” whose mailbox was searched after sharing with two students an internal email advising Administrative Board members on how to counsel undergraduates implicated in the cheating scandal.

Keating asserts that “all actions taken in connection with these email searches were undertaken in good faith.” In fact, Keating takes great pain to carefully reason how those conducting the email searches were probably doing so with proper intentions of protecting students’ identities.

Yet this reasoning fails due to notable omissions in Keating’s investigation. A number of important questions remain that may or may not have been inside the purview of the report as Keating understood it.

Keating did not investigate why “Resident Dean X” was threatened with sanctions while acting in good faith and adhering to the letter of the confidentiality statement included in the email. This dean was forwarding an email with advising instructions that would have reached the ears of advisees regardless. Additionally, the confidentiality statement does not say that the email may not be forwarded by recipients, only specifying that unintended recipients “may not review, copy or distribute this message.”

The report also does not clarify why the search for correspondence with Crimson reporters conducted on the dean’s administrative account was extended back to January 2012--months before the Gov 1310 final--when the forwarded email in question was first sent to this dean on August 16, 2012.

Keating’s conclusion that those executing the email searches were acting “in good faith” demands more serious consideration so long as these questions are not answered.

The institutional failure to protect privacy exposed in the Keating report highlights the urgency of understanding how and why University officials conducted these searches in the manner they did, so that such a situation can be prevented from ever happening again.