University must secure confidence in privacy

UNIVERSITY ISSUES: Shameful secrecy surrounding online monitoring at UC Berkeley and other campuses shows university officials' disdain for transparency.

We have long lamented the university’s lack of transparency on various issues, from tuition hikes to budget problems and beyond. But the recent discovery that the university is monitoring UC Berkeley’s network traffic represents a new level of covert activity.

In August 2015, the UC Office of the President began monitoring campus networks after consulting with a cyber security committee — a committee that included one faculty member and no students. Yet because excessive monitoring could threaten the personal information and intellectual property of all players in the UC system — faculty, students and administrators — they deserve to know the extent of their privacy. The university exists to educate students and support faculty-led research. By leaving students and faculty out of these security discussions, the university excluded the very populations that it purports to serve and who have the biggest stake in the state of cyber privacy.

It was not until campus information technology staff alerted practice of art associate professor Greg Niemeyer to the presence of a security device that the extensive monitoring came to light, at which point several faculty members brought the issue up with UCOP. Only after this did UCOP respond with a letter acknowledging the monitoring. Napolitano released a statement Monday reiterating that, after a cyberattack at UCLA, the university decided to take many measures to shore up cybersecurity, including engaging an independent cybersecurity team. Napolitano even claimed that these measures were disclosed “very publicly.”

Vague statements on the UCOP website and brief generalized mentions during a UC regents’ meeting do not constitute transparency. Such a large contingent of UC Berkeley faculty and most students would not have remained completely ignorant of these developments had they been made easily accessible. In fact, the issue only recently gained media attention after campus associate professor Ethan Ligon, one of six members of the school’s Academic Senate-Administration Joint Committee on Campus Information Technology, notified the College of Natural Resources faculty to it.

Cyberattacks are a serious threat, and no member of the faculty or student bodies should underestimate them. There is no question that the university’s need for increased cybersecurity is pressing, particularly after the cyber breach at UCLA over the summer. But the balance between security and privacy is delicate, and members of the UC community should play a part in establishing the limits of this kind of security.

Even now, faculty and students know exceptionally little about the actual mechanics of the system, a testament to the utter lack of transparency throughout this process. We understand that full disclosure would inevitably weaken any security system. But the university must more effectively toe the line between perfect security and shared governance.

To its credit, over the last week, the university has made efforts to increase transparency and include more faculty voices. UCOP created a website this week that provides further information on cybersecurity at the university. Moreover, the Academic Senate’s systemwide university committee on academic computing and communications met with UC technology officials Monday. This shows that the university is taking pains to include faculty in the conversation going forward, which we appreciate. But these efforts only appeared after significant public outrage and bad PR. That the university was not proactive about including student and faculty input is embarrassing, and it shouldn’t require public indignation to spur the university to transparency.

Editorials represent the majority opinion of the Senior Editorial Board as written by the opinion editor.