Yale May Access Student (and Alumni and Faculty) Emails
E Mail, Privacy, Surveillance, Technology, Yale
The Oldest College Daily recently advised the Yale community of a potential downside to the use of free University-provided email addresses.
Yale students’ email accounts are subject to search without consent or notification by the University, as outlined in a publicly available but little-publicized document.
Under the University’s Information Technology Acceptable Use Policy, the University maintains the right to access not only employee accounts, but students’ accounts as well. While 55 of 73 students interviewed were unsurprised that the University can monitor their correspondences, few were clear on the specifics under which Yale can search their accounts.
Only three students of 73 interviewed were aware of the specifics of Yale’s policy, with one adding that he learned about the University’s regulations through a class.
“I feel like the University should make clear under what circumstances they consider searching emails,†Sherry Du ’17 said. “The school should do more to publicize this.â€
Most students said they were not taken aback by the policy because the email account is provided by Yale.
Graduate students who came to Yale after working in the corporate world expressed especially little surprise over the policy. Ashlee Tran SOM ’14 said employees at large corporations assume their emails are monitored.
“It doesn’t shock me at all that they can do that,†Acer Xu ’17 said. “It’s Yale email, it’s an internal server.â€
According to its Acceptable Use Policy, several circumstances warrant access to students’ emails: “preserv[ing] the integrity of the IT systems,†complying with “federal, state, or local law or administrative rules,†carrying out “essential business functions of the University,†“preserv[ing] public health and safety†and producing evidence when “there are reasonable grounds to believe that a violation of law or a significant breach of University policy may have taken place.â€
Administrators did not define what actions constitute a significant breach of University policy, though ITS Director of Strategic Communications Susan West described these circumstances as “specific and unusual.â€
For the University to access a student account, two administrators must give their approval: University Provost Benjamin Polak as well as the dean of Yale College or the appropriate graduate or professional school, though deans are allowed to delegate this task.
However, in situations where “emergency access is necessary to preserve the integrity of facilities or to preserve public health and safety,†systems administrators may access an account without approval.
No explicit mention is made in the Undergraduate Regulations of the University’s right to access student accounts, though the Appropriate Use Policy is accessible through a link on page 128 of the 131-page document.
“Preserv[ing] the integrity of the IT systems,†complying with “federal, state, or local law or administrative rules,†carrying out “essential business functions of the University,†“preserv[ing] public health and safety†and producing evidence when “there are reasonable grounds to believe that a violation of law or a significant breach of University policy may have taken place.â€
Translation: Whenever we feel like it.