Three searches of Harvard College resident deans’ e-mail accounts last September—prompted by unauthorized disclosure of Administrative Board communications during an investigation of widespread misconduct on a final exam—“were undertaken in good faith” by people who “believed that they were acting in compliance with applicable e-mail privacy policies.” So found an outside review conducted by attorney Michael B. Keating, LL.B. ’65, as requested by President Drew Faust last April, after further e-mail searches were reported (see “E-mail Imbroglio,” May-June, page 46). Keating found no intentional violation of any requirement that resident deans be notified of the searches (a point of ambiguity in University policies—they were not notified), and stated, “[T]here is no evidence that any of the individuals involved read the content of any e-mails that were identified as a result of these searches.”
Keating’s report was delivered to Faust and a subcommittee of Corporation members on July 15, reviewed by the entire Corporation later that week, and made public on July 22. The detailed narrative covers the brief period within which all the e-mail account searches took place and the targets of those searches, which extended to resident deans’ communications with student advisees (presumably those concerned about involvement in the misconduct investigation) and with reporters for The Harvard Crimson (and, it turns out, The Boston Globe) covering the story. Among the details Keating uncovered:
- Beyond conducting searches of accounts maintained by Harvard University Information Technology (HUIT) and by an outside vendor (where some resident deans’ accounts resided), HUIT “archived” or made copies of all the resident deans’ administrative accounts for possible review at a later date.
- During the review of “metadata” for the 17 resident deans’ accounts, HUIT and the outside vendor, respectively, scanned 14,000 and 17,000 e-mail accounts’ information, in all—including, it is now known, faculty and staff members’ and students’.
- The searches were apparently conducted within the interpretation by Harvard’s Office of the General Counsel (OGC) of some, but not all, of existing University e-mail privacy policies (some of which, it became clear after the fact, overlap, are inconsistent, or leave gaps).
Responding to the report, Faust said in a statement that she was “reassured” by Keating’s conclusion that the individuals who undertook the searches acted in good faith and in a manner they believed to be consistent with policy and with “a guiding responsibility for safeguarding student confidentiality and the integrity of the Ad Board process.” She continued: “Unfortunately, the detailed factual account…deepens my already substantial concerns about troubling failures of both policy and execution. The findings strengthen my view that we need much clearer, better, and more widely understood policies and protocols in place….”
Corporation member William F. Lee said in an accompanying statement that Keating’s “detailed account…makes it even clearer than before that there is much work ahead in improving the University’s policies and protocols concerning privacy of, and access to, electronic communications.” Lee pointed to the University task force examining such questions—chartered by Faust and chaired by Green professor of public law David Barron—for those proposed improvements.
Among the issues the Keating investigation raises for task-force consideration are:
- The technological knowledge of the administrators and OGC attorneys with authority to approve and oversee such searches.
- The coordination of University and school policies, particularly given the finding that the OGC attorney did not review a Faculty of Arts and Sciences (FAS) policy on the privacy of faculty electronic materials; in fact, according to Keating, “in 2012, no attorney at the OGC appears to have been aware of its existence. Also, neither the HUIT Employee nor the FAS administrators who approved the searches knew about it.”
- The level at which future requests to conduct such investigations must be authorized, and whether, in practice, the OGC attorney or other authorizing personnel have the opportunity to discuss the rationale for and mechanics of a search, or to challenge the decision to proceed with such searches.
In September 2012, the decisions to investigate resident deans’ e-mail accounts were made under extreme time pressure (as detailed in the Keating report). It is not obvious that a great deal was gained by proceeding, yet much harm was done when the investigations were revealed, piecemeal, last spring. In the future, the University will no doubt want organizational structures and a culture in place that encourage airing diverse views on alternative courses of action (including but not limited to e-mail searches), on the consequences of those alternatives (versus searches), on the mechanics and scope of any searches, and so on—even under time pressure. The community will want assurance that these critical decisions and actions take place within the context of improved, coherent, and well-communicated policies. The Barron task force has much important work to accomplish this fall.
Read a detailed account of the Keating investigation, with a link to the full report. For an analysis of the investigation, unanswered questions, and issues facing the Barron task force, see “Investigating Harvard's E-mail Investigations.”