Robert,

Can you post a hot link to this site

GH

Robert,

Thanks for another superb post!  The folks at USM are lucky to have you on their side.

From Robert Campbell's newest blog entry:

"Since at the public hearing on April 28, Thames read intercepted emails from Gary Stringer dating as far back as January 31, 2003, virtually no one believes that Thames gave the email surveillance order to Jack Hanbury on January 16, 2004, as he claimed in his testimony. In late May, Thames responded to the Hattiesburg American's request for details under the Mississippi Public Records Act with the assertion that there was no written record of his supposed order on January 16, 2004 to Jack Hanbury to spy on Frank Glamser and Gary Stringer's email."

I was encouraged when I first saw that the HA had sent an Open Documents request to USM administration about e-mail surveillence.  I was disappointed when the paper finally reported that: "An investigation into e-mails sent and received by two professors at the University of Southern Mississippi was not documented in writing..."

Ask the right questions and you may get no lies...

Someone who knows the law better than I, please feel free to pipe in but my understanding is that a citizen has the right to inspect and copy documents.  That doesn't mean that the government entity, or representative being FOIA'd has to create them if they don't exist, explain them if they do, or locate them if they are reasonably accessible by the requester. 

So, if the HA requested a copy of the order to investigate the e-mails of the two professors and such order was indeed not in writing, then the university could (and did) get away with its answer. 

What if the request had been to inspect and copy all intercepted e-mails directed to and/or from USM faculty, staff, and students during the Thames presidency.  What if the request had been to inspect and copy all documents between USM employees and Pileum employees related to electronic surveillence of USM faculty, staff, and students.

My (perhaps limited) understanding of FOI efficacy is that the requests have to be very specific regarding documents known or suspected to exist. 

 

quote:

---

Originally posted by: FOIAFan
"the requests have to be very specific regarding documents known or suspected to exist.   "

---

Excuse me, but we've gotten off thread here. The only reason I point it out is that I believe it is an important thread.

Yes, there are both federal and state laws regulating disclosure of information. But the issue here is not retrospective, who did what when, but prospective, what can the FacSen do to (a) force SFT's hand with respect to e-surveillance at USM, and (b) set a standard for future policy and, perhaps, law in what will  be a growing area of legal interest over the next several years.

 

FOIAFan --  You are right on target here.  Keep it up.

My fellow blogger Steven Horwitz sent me the provisions of St. Lawrence University's computer use policies that deal with email privacy.

The whole policy can be viewed online at

http://it.stlawu.edu/about_us/aup.htm

Acceptable Use of Computing Resources Policy

The University's network system and all its components (including hardware, software and web access) exist to support the University's academic mission. Access to the network is a privilege that should be exercised responsibly, ethically and lawfully. Acceptable use is governed by the following broad principles: the enhancement of the University’s academic mission, the academic freedom of users, the privacy of users, and the maintenance of the integrity of computer resources.

Acceptable Use of Computing Resources

Activities related to the University's academic mission take precedence over computing pursuits of a more personal or recreational nature. Any use that disrupts the academic mission is prohibited.

Users have the responsibility to take prudent and reasonable steps to prevent unauthorized access to University computing resources. The user-ID and password system is designed to establish ownership and responsibility for computing resources and use. Acceptable use respects these identification and security mechanisms. Account owners are considered to be responsible for all activity associated with their account, whether on a University-owned or a personal computer. Likewise, proceeding beyond the login screen is not acceptable use if the account is not yours.

Following the same standards of common sense, courtesy and civility that govern the use of other shared University facilities, acceptable use of information technology resources respects all individuals’ rights to privacy and to freedom from intimidation, harassment, and unwarranted annoyance.

Any use of University resources for unauthorized business or commercial purposes is prohibited (this does not include on-line purchases of personal items).

Use of all network resources must respect the University’s network access contracts and requirements.

Acceptable use is governed by current federal, state, and local laws covering, but not restricted to, the practices of theft and copyright infringement.

Abuse of networks or computers at other sites through the use of St. Lawrence University resources will be treated as an abuse of computing privileges at St. Lawrence University.

Wireless access points must be connected to the University’s network with help from the IT staff. Unauthorized access points endanger network security and will be removed from the network by IT staff immediately upon discovery.

Acceptable use respects the need for the operational integrity of the computer network. For example, the following activities and behaviors are prohibited:

distributing computer viruses, worms, Trojan horse programs, email “bombs,” and chain letters;
triggering system security features that result in the denial of service to other users;
misconfiguring programs or equipment intentionally;
forging or counterfeiting email messages;
sending an email message with a false or misleading user ID;
altering or attempting to alter files or systems without authorization;
scanning of networks for security vulnerabilities without authorization;
attempting to alter any University computing or networking components (including, but not limited to, bridges, routers, and hubs) without authorization or beyond one's level of authorization;
extending or re-transmitting any computer or network service without authorization.

University Responsibilities

The University reserves the right to protect, repair, and maintain University computing equipment and network integrity. In accomplishing this goal, University IT personnel or their agents must do their utmost to maintain user privacy, including the content of personal files and internet activities. Any information obtained by IT personnel about a user through routine maintenance of University computing equipment or network must remain confidential.

Privacy

The University will make every reasonable effort to respect a user’s privacy. However, in response to a judicial order or any other action required by law, the President (or if the President is unavailable, the Vice President of Academic Affairs) may authorize the Vice President of Information Technology, or an authorized agent, to review computer files associated with an individual's account. Before authorizing any action, the President (or Vice President) will first verify the authenticity of such a request. (Also see the Library section of this document for specific regulations regarding computers in Libraries.)

In each instance (unless forbidden by law), a reasonable attempt will be made to contact the user to inform him or her before IT attempts to access their computer files. If that is not possible, the Vice President of Information Technology or an authorized agent will view the computer files related to the specific issue and will inform the user, in writing, indicating that the files have been reviewed.

General Privacy Issues Concerning Email and Network Security

Users should be aware that no computer system is entirely secure

Unauthorized individuals, working inside or outside of the University’s system, may find ways to access files despite the University’s best efforts to enforce security. Therefore, all users should be aware that the University cannot and does not provide any guarantee of user privacy.

Users should not expect total privacy of electronic mail (e-mail). IT staff may see the contents of e-mail due to addressing errors or as a result of maintaining the e-mail system. In those cases where IT staff view the contents of private e-mail, they are required to keep the contents confidential. Also remember that e-mail sent off campus may be viewed by IT personnel at other institutions that may not have any considerations of privacy concerning e-mail.

Users should try to limit the storage of files containing personal information on the network because their privacy cannot be guaranteed.