University of Minnesota can read ‘umn.edu’ emails for security, law enforcement

Print

When a University of Minnesota community member hits the send button on an email, it joins the hundreds of thousands of emails sent from University accounts every day.

The University has to maintain the security of this information, but according to University policy, student, staff and faculty emails can be “examined” in the process.

Staff and faculty emails are considered public records by the Minnesota Government Data Practices Act because the University is a public institution, so anyone can request to see them.

University policy technically classifies all emails as private but makes exceptions for system maintenance and security when there’s “reason to believe an individual is violating the law or University policy” or “as permitted by applicable policy or law.”

Brian Dahlin, director of security and assurance for the Office of Information Technology, said the policy was written this way to allow the University to use a spam filter on emails to monitor threats.

OIT doesn’t actively monitor specific accounts, he said — it only examines specific emails if police, courts or the email’s owner need them. Users could ask OIT to recover their emails if an account crashed from a virus, for example.

Amy Sanders, a journalism professor and licensed attorney, recommends students treat their University email accounts like professional accounts to avoid any policy-related repercussions.

“The biggest challenge,” she said, “is that we need to start to think about who has access to the information that we perceive to be private.”

Corporate comparisons

A recent Microsoft-sponsored survey found 69 percent of college students didn’t realize their universities could access their emails.

But with companies like Google and Facebook monitoring users’ accounts on those websites, many University students said they weren’t surprised by the University’s policy.

Mathematics senior Peter Oberly said services like free email have to be paid for somehow.

“We pay for it with our personal information,” he said.

The University’s Gmail contract with Google doesn’t allow the company’s privacy policy to apply to the University, according to past Minnesota Daily reporting, so Google can’t track University email accounts like it does Gmail accounts.

Dahlin said he came to the University a year ago after working in the corporate world, where employees’ emails were monitored for content, not just spam.

“I don’t think this is a corporate environment. I think it’s different,” he said. “But at the same time, I think there’s a level of security controls that they expect to be in place to help protect them.”

The University is on firm legal and ethical ground with this policy wording, Sanders said.

“Many members of the public, if they believed that there was reason to think that someone might commit a crime or do something bad, would support the University being able to look at the emails,” she said.

Dahlin said the University’s spam filter blocks potential “threats” from accounts, and users can sign up to receive a list of spam it filtered.

Other universities

Universities across the Big Ten have the ability to access students, staff and faculty members’ emails, but each has its own approach.

In spring 2011, the Republican Party of Wisconsin requested certain emails from University of Wisconsin professor William Cronon. The university’s legal counsel explained in a letter what emails could and couldn’t be public under the law.

At Madison, any request to review emails needs to be approved — including those from within the university — according to its policy. But staff members still monitor the system for security reasons, said Katrina Forest, bacteriology professor and Information Technology Committee chair.

“If you’re using a University of Wisconsin email account, you cannot assume that it’s not being monitored,” she said. “Is someone sitting behind a curtain reading every single email? Of course not.”

Dahlin emphasized that the University’s spam filter is a tool “not a human being going and looking at spam.”

But Madison’s policy clearly lays out which emails are and aren’t protected and what happens when someone requests to see them, Forest said.

‘Private’ information

Both pre-dentistry junior Ashley Akpaka and management freshman Ben Powers said they didn’t think it was an issue for the University to monitor emails, especially for students who aren’t doing anything wrong.

“I don’t use my email to do anything that would need the attention of the University,” Akpaka said.

Powers said he was fine with the University monitoring emails after a complaint or illegal incident, but he doesn’t think they should be able to do so without justification.

But Oberly, the mathematics senior, said he was not worried about the University monitoring its email accounts.

“I think it sounds kind of creepy,” he said, “but if I was going to do anything illegal, I wouldn’t use my UMN account for it.”