Is your university reading your emails?

The policies and realities of monitoring correspondence may vary, but the ethical implications are always significant

September 5, 2013

Are decisions on monitoring done fairly and transparently, with regard to standards of academic freedom?

With the ongoing fallout from Edward Snowden’s revelations about eavesdropping on electronic communications, I can’t be the only academic wondering about the extent to which emails are – or might be – monitored by organisations closer to home: universities.

When I spoke to colleagues, most said that although it was legitimate for universities to monitor internet use, it would be unacceptable to routinely read emails without good reason and, more vitally, without permission. They also doubted that universities had the resources for widespread monitoring.

Investigating further, I found that the Information Commissioner’s Office has a code of practice on monitoring employees’ emails. It says organisations must respect individuals’ privacy, but privacy concerns can be overridden depending on the nature of the contractual relationship and the potential for damage to the institution. Neither the code nor the Data Protection Act 1998 prohibit “covert” monitoring that is “proportionate and justified”.

Some universities openly assert their right to access staff emails. City University London, for example, says on its website that it is “obliged to monitor to fulfil our responsibilities with regard to UK law and the JANET [higher education computer network] code of conduct”. It also notes that the “misuse” of email can have “a detrimental effect on other users and potentially the university’s public profile”. For these reasons, it “maintains the right to access user email accounts in the pursuit of an appropriately authorised investigation”.

You might argue that in signing my contract of employment I have effectively agreed to permit the university to monitor my email, since any misuse – which is explicitly prohibited – could not be discovered without intrusion into my ostensibly private interactions.

When I send an email from a university address I am trading on its reputation. So university authorities might argue that I may be bringing them into disrepute if I write something they profoundly disagree with. The issue is then deciding who should make that call, and how. Is it done fairly and transparently, with regard to standards of academic freedom?

In City’s case, investigations are authorised by its director of computing services and, “if required”, deans or its director of human resources.

Like all public bodies, universities also have a statutory duty of care to their employees and clients. Such a duty might also justify the monitoring of domains once thought to be private, although hackles would clearly be raised if the rationale was unclear – just as they have been over the alleged bugging of European Union offices by the US’ National Security Agency, which hardly seems justified by security concerns.

In the case of students, a number of recent terror suspects have university backgrounds. Might this be seen as justification for monitoring email correspondence, including that with students’ academic supervisors? No doubt reasons could also be found for monitoring staff communications, although it is equally likely that the credibility of any justification would be open to question.

Among the many counter-arguments is the clear bearing that such snooping would have on research ethics. Giving third parties sight of research data relating to individuals who have been promised that their details are “secure” would be a serious breach of trust.

This issue is further complicated by debates about the “ownership” of research data. Some universities assert their property rights over data because researchers are their employees. They might also argue, therefore, that they have the right to interrogate the data – by means of email surveillance if necessary. Such an approach would render worthless the guarantees of data protection upon which ethics committees regularly insist, and it could have dire consequences for the ability of researchers to recruit willing subjects in future.

These may sound like extreme scenarios, and there is little evidence that emails are being systematically monitored by universities. But following Snowden’s revelations, it would be complacent to ignore the ethical implications.

Please Login or Register to read this article.

Register to continue

Get a month's unlimited access to THE content online. Just register and complete your career summary.

Registration is free and only takes a moment. Once registered you can read a total of 3 articles each month, plus:

  • Sign up for the editor's highlights
  • Receive World University Rankings news first
  • Get job alerts, shortlist jobs and save job searches
  • Participate in reader discussions and post comments

Reader's comments (2)

Yes - my University monitors e-mails if you have a disagreement with their policies... but they do not have the resources to do it more frequently.
We have a departmental administrator "the A" who became extremely territorial when I married my spouse, listing an entitlement to my spouse's tenderness to me at our marriage reception. The A has maintained desire to spy on us, now 15 years! My news media disappeared, I was accused falsely of theft, I could not throw away my mail, and was constantly repressed from course advertisement and listings. I got Outlook theme changes designed to humiliate me. Now that we've retired, the A has monitored my spouse mail by special sorting and summaries of mail as the "trusted sender". The A doesn't open the mail, but instead has downloaded outlook Manager Ad-ins that allow the A to read most of the message without opening it (most of the inbox content is put in folders outside the inbox). When we found a default Sweep Rule listing the A's email where spouse's mail was forwarded, allowing the A to receive the mail in the A's favorite mail App, we deleted that rule, deactivated the Manage Ad-in, and then added a forwarding address for mail, then delete all inbox mail. That brought out the vindictive side and the A kicked spouse out of the emeritus status in the department. The department chairman refuses to acknowledge the A's continued spying efforts (twice we've reported the A), thus he is protecting the A. This only giving the A more cover to continue the tool usages for the next round of spying. WHAT do any of you recommend our strongest reply....especially given the chairman's refusal to admonish the A?. The 15 years of spying has been fraught with problems, as our privacy and safety feel compromised. Thanks in advance.


Featured jobs

Associate Professor in Marketing

Edinburgh Napier University

Lecturer in Information Systems

Cranfield University

Clinical Psychologist

University Of Southampton

Senior Lecturer in Adult Nursing

University Of Lincoln