The Point: Admin’s Unacceptable Use Policy
11/26/2024
This week’s Point is written by Jason Rodriquez, Associate Professor of Sociology.
Did you know that the administration has required you to sign a document that allows the university to monitor, search, and potentially seize your personal devices without notice, at any time, and for any reason? You can read it here. I want to draw your attention to the bottom of page one, which reads:
“The University reserves the right at any time, with or without prior notice or permission from the user or users of a computer or other University-owned computing device, to monitor, seize such device, and copy or has [sic] copied and wiped any information from the data storage mechanisms of such device as may be required at the sole discretion of the University. In addition to the preceding, privately owned devices connected to the University network or used for University business are also subject to inspection and monitoring by authorized University personnel.”
Really? Yes, really.
Have you ever sent a work email from your phone or personal laptop? Ever connect those devices to eduroam? Ever use OneDrive or Outlook? Ever Zoomed from your phone? I’d wager that the vast majority, if not all of us, routinely do some work on our personal devices. NTT faculty, who are not typically provided computers at all, have no choice but to use their personal devices for all university business. And of course, all of us are required to use a personal device for two-factor authentication. This means everyone on campus will be subject to the monitoring, search, and seizure of our personal devices, without notice, at any time, and for any reason. This is what the policy says. This is what admin wants.
There are so many questions one hardly knows where to begin. Who at the university is charged with establishing cause to monitor, search, or seize our devices? No details are provided. What is the justification for admin to claim these rights “for any purpose…without limitation?” Unclear. Is there any due process at all before admin may claim authority over your device? The policy does not say.
What the policy does say, however, is that “personal devices should not be used for official University business” without written approval from department chairs to the “Information Security Office.” Is that so? Great – I’ll take Outlook off my phone right now. I’ll take OneDrive off my personal laptop. My students and colleagues will just have to wait until the next time I’m in my office, on my university-issued computer, before I reply to that email, grade that paper, or give comments on that draft. And the university can provide me with a device for the required two-factor authentication. This is what admin really wants? Great – I’d love to have my nights and weekends back. Silver lining, I suppose.
If you did not know about this policy until now, it’s likely because admin does not want you to know about it. They buried it in an email announcing a required IT training. When you do the training, you have to click to accept the terms of this new policy.
As is typical of our current administration, there was no shared governance process, no consultation with faculty, staff, or librarians in its development. No discussion of the problem that this new policy is trying to solve, much less a collaborative process that starts from a place of goodwill and arrives at a policy everyone can live with.
But this is about more than shared governance. It is about the administration’s trampling over workers’ rights. It represents yet another stunning power grab by the administration that is not dissimilar to the new space use and protest policy. That policy severely restricts our free speech rights. This policy severely invades our privacy rights. It’s admin’s virtual version of “stop and frisk.”
Dare we even consider how the administration could apply this wildly excessive policy? How people could be targeted? How inappropriately the justification for monitoring, search, and seizure can be established? How personal information, on private devices, can be misused by the very same administrators who wrote this policy in the first place?