— Elizabethtown College recruiting slogan
A former student at Elizabethtown College was, indeed, probably surprised earlier this month after a Pennsylvania federal district court ruled that the school broke no rules when it hired an investigation service to snoop on his email account without his knowledge.
According to the Aug. 4 decision, school officials at Elizabethtown College wanted to rid themselves of the learning-disabled student who had an argument with a professor. To do so, administrators met and devised what the student’s lawsuit described as a “multi-part plan” to force the student out, which included “spreading rumors” about the student, “advising faculty members ‘to make a record of all of [the student’s] inappropriate behaviors,’” and refusing to provide the student with further academic accommodations to address his learning disabilities.
Additionally, the chair of the education department hired a computer investigation service to monitor the student’s email account.
(Application materials for EC are here for anyone interested!)
The court tossed out the student’s civil rights claims as well as several computer-related claims based on various federal and state computer privacy laws. None applied, the court said. (There is a federal anti-hacking law, the Computer Fraud and Abuse Act, but that requires showing a substantial financial loss or physical injury, not just a loss of privacy. And there is a federal wiretapping law, the Electronic Communications Privacy Act, but that requires showing that your communications were intercepted as they happened, not read after-the-fact.)
The court also dismissed the student’s traditional invasion of privacy claim. In this case, the court ruled that the student failed to show that he had suffered “mental suffering, shame, or humiliation” as a result of the email snooping. Other courts, however, have simply looked to a school or company’s email policies in finding that email users — when they click through or sign off on that policy when creating their account — have effectively signed away any reasonable expectation they have that their email is private.
If you don’t know what’s in your school’s email policy (often called an “Acceptable Use Policy” or AUP), take a look. You may be as surprised as this student. Very often, the policies make no beans about it:
“[M]essages created, sent, or received by MUS students using MUS e-mail systems, when stored on MUS-owned equipment, are the property of the MUS. Privacy of e-mail is not guaranteed. E-mail, when stored on university computers, belongs to the school.
– Montana Board of Regents (University of Montana, Montana State University, etc.)
“[P]rivacy is not guaranteed and users should have no general expectation of privacy in email messages sent through a University Email Account or through a Gmail Account.”
“The university provides electronic resources to users to help the university fulfill its mission. The university routinely monitors electronic data, software, and communications. There should be no expectation of privacy for any information stored, processed, or transmitted on university IT resources.”
As we’ve warned before, because of the risk of electronic snooping by school officials, student journalists who need to ensure that their confidential newsgathering materials or communication remains secure should take special precautions. Secure files, for example, should probably not be stored on computers linked to the school’s network. Email to confidential sources should take place outside of school, using private computers and private email accounts for both the sender and recipient. The same goes for student and adviser email to us here at the SPLC when you’re seeking legal help. (Similar practices should probably also be used for confidential telephone communications.)
It is possible that, given the right facts, additional legal protections from electronic snooping may be available to student journalists in the form of the federal Privacy Protection Act and various state laws specifically enacted to protect reporters and their work material from prying eyes. Nevertheless, the safest bet is to assume that your campus electronic communication is not private and — when confidentiality is a must — take the necessary steps to ensure you and your recipients are protected.