IRT: 'we do not tap communications'

The AUP allows for monitoring in order to maintain security and integrity.

By: Amy Peterson

Posted: 11/12/04

The University has responded to recent allegations that it is tapping student communications, in particular AOL's instant messenger program AIM.

Drexel University "does not monitor individual communications," said Ken Blackney, associate vice president of Information Resources and Technology. Since AIM conversations fall under the category of individual communications, the University has denied allegations that Drexel has intercepted private exchanges.

Blackney went on to say "aggregate information such as total bandwidth used is monitored to help plan for network growth, e-mail is scanned for viruses, but not content, and intrusion detection systems monitor the network for patterns of potentially dangerous traffic." He explained that these practices are necessary to provide the Drexel community with a reliable and safe network.

A student, who wishes to remain anonymous, informed The Triangle of a potential invasion of privacy ("Student Alleges Drexel Taps AIM," The Triangle, Oct. 29, Page One). He claims that the contents of a private conversation between him and a friend were presented as evidence against him in a University judicial proceeding. Dean of Students David Ruth is "not aware of any efforts to monitor electronic communications at Drexel." When asked about the specific student involved, Blackney replied, "Unfortunately, Drexel doesn't and won't discuss specific students or cases. So, not only can't we give you information about [the student] or an investigation involving him, we can't even tell you if there is such an investigation." Blackney stressed that he was doing this to protect everyone involved.

The University's Acceptable Use Policy states that communications will not be monitored unless required to do so by law or to "maintain the security and integrity of the Drexel Network." However, this maintenance of the network includes "the investigation of any AUP or other Drexel policy infractions." By virtue of that statement, the University is able to monitor communications for the purpose of exploring any violations of Drexel policy.

Many colleges and universities across America have similar policies, although there is a range of privacy protection. At the University of Illinois at Urbana-Champaign, "campus and unit-level system administrators will not examine the contents of electronic messages and files and will make every reasonable effort to protect them from unauthorized inspection" unless required to do otherwise by law or authorized administrative approval. The policies regarding computing at the University of Southern California are much more stringent and allow USC to consider "software, files, and materials stored on or transmitted by university computer equipment to be university property and may inspect them without notice." The legality of these policies is somewhat unclear.

Under the Electronic Communications Privacy Act, the disclosure of electronic communications is a criminal offense except in the case of the consent of one party, authorized legal documents, or a life-threatening emergency. However, this act only applies to public communications, not those in a private network. The courts have not determined the applicability of ECPA to colleges and universities.