March-April 2005

« AAUP Homepage

Legal Watch: Electronic Citizenship

By Donna Euben

At the same time that academic discourse increasingly relies on computers, faculty computer privacy is threatened as computer programs decipher keyboard strokes to determine what is being typed and monitor electronic conversations. Nevertheless, legitimate reasons exist for administrative access to campus computers, such as to back up campus computer networks or rid them of viruses. Moreover, sometimes faculty e-mail communications must be disclosed to comply with state public records law or subpoenas.

The right to privacy is protected under various laws, including the Fourth Amendment of the U.S. Constitution, state constitutions, federal statutes, and state laws (statutes and common law). So far, however, courts have generally interpreted these laws to uphold the legal right of college and university administrations to limit expectations of privacy by faculty in their university-owned computers.

The Fourth Amendment's guarantee "against unreasonable searches and seizures" protects reasonable expectations of privacy for faculty from admi-nistrations at public, but not private, institutions. In O'Connor v. Ortega, the U.S. Supreme Court ruled that public employees may have an expectation of privacy in their offices or in parts of their offices, such as their desks or file cabinets. The Court recognized that such expectations of privacy "must be assessed in the context of the employment relationship. . . . Given the great variety of work environments in the public sector, the question whether an employee has a reasonable expectation of privacy must be addressed on a case-by-case basis." At the same time, the Court opined that employee expectations of privacy may be "reduced by virtue of actual office policies and procedures, or by legitimate regulation."

In United States v. Angevine, a federal appellate court ruled in 2002 that an Oklahoma State University tenured professor of architecture, who used his university-owned computer to download child pornography, did not have a reasonable expectation of privacy in his computer. The court noted that the university posted its computer-use policy on a "splash screen," so each time faculty logged on they were informed that the university reserved its right to inspect computers "at any time without prior notice," and that faculty were prohibited from using campus computers to "access [legally defined] obscene materials." The court held, "Reasonable people in Professor Angevine's employment context would expect University computer policies to constrain their expectations of privacy in the use of University-owned computers."

The limited case law available in the corporate sector suggests that private colleges and universities may have even more leeway in restricting employee expectations of computer privacy.

While the child pornography material in Angevine was unprotected, the court's rejection of the professor's privacy claim without discussion of how privacy law might apply distinctively in the academy, or of how it might be affected by academic freedom concerns, suggests that courts may not be following the O'Connor Court's admonition to consider context. The academic context is addressed by the University of Pennsylvania's electronic-privacy policy, which says, "the mutual trust and freedom of thought and expression essential to the academic mission of a university rest on an expectation of privacy and the privacy of those who work, study, teach, and conduct research in a university setting will be respected."

While the law may allow a university to restrict faculty privacy in e-mail communications, the law does not require it to do so. Unfortunately, many administrations have taken the O'Connor decision to its logical, albeit circular, endpoint: policies asserting that no expectation of privacy exists for faculty establish that faculty have no expectation of privacy.

Too few institutional policies seek to protect to the extent feasible the computer privacy of faculty. Exceptions include Rensselaer Polytechnic Institute's policy, which "extends to its students, faculty, and staff a reasonable expectation of privacy in the communication that they conduct via Rensselaer's computer system and networks," and the University of Michigan policy, which provides that "electronic mail and computer files are considered private to the fullest extent permitted by law."

The AAUP's recently revised policy Academic Freedom and Electronic Communications, which can assist colleges and universities in drafting computer-use policies, recommends that such policies include provisions that clearly delineate any exceptions to the presumed privacy of electronic communications and that they limit administrative access to e-mail communications except in exigent circumstances. Furthermore, faculty should be involved, in a substantial and meaningful way, in the formulation of computer-use policies. By following these guidelines, we can continue to promote our academic missions while striking the proper balance between faculty privacy and the protection ofinstitutional resources.

Donna Euben is AAUP counsel.