Harvard dean who okayed secret faculty email search steps down

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.networkworld.com/news/2013/052813-harvard-dean-who-okayed-secret-270200.html?source=nww_rss

Computerworld - Harvard College Dean Evelynn Hammonds, who last month
acknowledged authorizing a secret search of email belonging to several
residential deans at the university, will step down from her position
July 1.

According to the Harvard Gazette, Hammonds will return to teaching and
research at the departments of History of Science and African and
African American Studies at the university's W.E.B Du Bois Institute.
She will head a new program for the study of race and gender in
science and medicine at the institute, the Gazette noted. She will
also continue to serve on several advisory committees and boards at
Harvard.

Hammonds was the first woman and first African American to be named
dean of Harvard College when she was appointed in 2008.

Earlier this year, Hammonds became embroiled in a controversy
following a Boston Globe report on how university administrators had
secretly searched email accounts of 16 resident deans at Harvard. The
university was looking for the source of a leak about a student
cheating scandal.

Harvard acknowledged the search, but maintained it was done in a
limited manner and only to identify an individual who shared a
confidential email with an unauthorized person. The email, which
contained advice on how to counsel students accused of cheating, was
shared with the Harvard Crimson student newspaper and later picked up
by the Globe. Harvard administrators said they conducted the search
out of concerns for the privacy of students involved in the cheating
scandal.

Hammonds and others acknowledged they erred by not informing the deans
about the search, either before or after it occurred. But they
maintained that IT administrators only conducted an automated
subject-line search of each dean's administrative email accounts to
see if they could identify the source of the leak. The university
stressed that the search only involved administrative email accounts,
not separate Harvard email accounts deans have for personal use.

In April, Hammonds acknowledged that the search was slightly broader
than originally described. After the initial search had identified the
dean responsible for forwarding the email, Hammond authorized another
search to look specifically for correspondence between that person and
two student reporters from the Crimson. Hammond said she also
authorized a subject-line search of the personal email account of the
implicated dean.

News of the email search evoked criticism from several Harvard faculty
members. Harvard president Drew Faust described the entire episode as
an "institutional failure" caused by a lack of adequate policies for
protecting email privacy.

In April, Faust announced that Harvard would do a complete review of
its email privacy policies and disclosures and develop new guidelines
and policies.

This article, Harvard dean who okayed secret faculty email search
steps down, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial
services security and e-voting for Computerworld. Follow Jaikumar on
Twitter at @jaivijayan or subscribe toJaikumar's RSS feed. His e-mail
address is jvijayan () computerworld com.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.