Prof. William Cronon, from the University of Wisconsin, started a blog, Scholar as Citizen, wherein he critiqued Republican policies in the State of Wisconsin and elsewhere. I’m going to skip the politics and focus on the fact that the Republicans used Wisconsin’s FOIA mechanism to ask for a wide variety of his emails and they’re likely to get them.
Cronon believes this is a fishing expedition to find material to discredit him and he’s probably correct. He also notes that he scrupulously segregates his non-work-related emails into a private account (perhaps Gmail) while doing his work-related email using his wisc.edu address, as well he should.
What I find fascinating about the Cronon case is that it highlights a threat model for email privacy that doesn’t get much discussion among my professional peers. Sophisticated cryptographic mechanisms don’t protect emails against a FOIA request (or, for that matter, a sufficiently motivated systems administrator).
When I’ve worked in the past with lawyers when our communications weren’t privileged (i.e., opposing counsel would eventually receive every email we ever exchanged), we instead exchanged emails of the form “are you available for a phone call at 2pm?” and not much else. This is annoying when working on a lawsuit and it would completely grind to a halt the regular business of a modern adacemic.
While Cronon doesn’t want to abandon his wisc.edu address, consider the case that he could just forward his email to Gmail and have the university system delete its local copy (which is certainly an option for me with my rice.edu email). At that point, it becomes an interesting legal question of whether a FOIA request can compel production of content from his “private” email service. (And, future lawmaking could well explicitly extend the reach of FOIA to private accounts, particularly when many well-known politicians and others subject to FOIA deliberately conduct their professional business on private servers.)
Here’s another thing to ponder: When I send email from Gmail, it happily forges my rice.edu address in the from line. This allows me to use Gmail without most of the people who correspond with me ever knowing or caring that I’m using Gmail. By blurring the lines between my rice.edu and gmail.com email, am I also blurring the boundary of legal requests to discover my email? Since Rice is a private university, there are presumably no FOIA issues for me, but would it be any different for Prof. Cronon? Could or should present or future FOIA laws compel you to produce content from your “private” email service when you conflate it with your “professional” email address?
Or, leaving FOIA behind for the minute, could or should my employer have any additional privilege to look into my Gmail account when I’m using it for all of my professional emails and forging a rice.edu mail header?
One last alternative: Let’s say I appended some text like this at the bottom on my email:
My personal email is dwallach at gmail.com and my professional email is dwallach at rice.edu. Please use the former for personal matters and the latter for professional matters.
If I go to explicit lengths to separate the two email addresses, using separate services, and making it abundantly clear to all my correspondents which address serves which purpose, could or should that make for a legally significant difference in how FOIA treats my emails?
I am wondering to what degree such state open records acts also apply to other electronic records. For example, could someone ask for all search engine queries, or web accesses, by University employees?
This would certainly make things much easier for those of us working on web search technology – just FOIA yourself a data set for your next study, and hope the IRB will go along with it. (I would never do this, of course.)
My comment also regarding “Sophisticated cryptographic mechanisms don’t protect emails against a FOIA request (or, for that matter, a sufficiently motivated systems administrator).” –
Exactly. You don’t have to go too far up the tech curve to get to the point where the dominant threat is that your supposed friends or allies will rat you out.
Yup. If you’re legally compelled to produce a document, then you can be equally compelled (perhaps by the same laws) to produce the crypto keys necessary to read it.
“Sophisticated cryptographic mechanisms don’t protect emails against a FOIA request (or, for that matter, a sufficiently motivated systems administrator).”
I’m not sure what you mean by this. If a professor and his colleagues used encrypted email to communicate with each other, the University server would just have encrypted emails stored (though the senders and receivers would of course not be secret). Now, the law would possibly require the Professor to give up his key/decrypt the emails….
Gmail leaves in a “Sender:” header that still reveals your GMail address, and if you send mail through GMail’s servers with a different from address, one particular mail client made by a large Washington company will always show your name as “ on behalf of “, so it’s not entirely hidden.
Indeed, I was simplifying. Gmail makes an email look like it came from your university account well enough that, unless you go digging, you won’t be able to tell the difference. It’s safe to say that this blurs the distinction between them in a technical sense. I’m curious whether there’s a comparable legal blurring of the lines.
If UW had a dispute with the professor, they would already have the emails. Also having the emails deleted would be a problem – imagine if there were sealed-bid contracts and after they awarded the contract they destroyed all the bids. Or destroyed minutes of a meeting.
UW is a public college – AFAIK a creation of the state with a charter from the state. The professor could have chosen to work for a private one.
It may be a fishing expedition or overly broad, but if he wrote the same things on a whiteboard in class and was photographed, it would still be public.
The alternative is to have a CENSORED stamp like we see but labeled “Secret” at the federal level when anything embarrassing might be revealed but isn’t really secret.
Ultimately, if you are part of the state, the state has rights it would not have otherwise.
There are some privileged emails, so they should be filtered and redacted. But this is standard practice. If he mixes his correspondence, it creates a greater burden, but either you want open records and FoIA to be broadly interpreted, or you want to have dozens of arbitrary and maybe a few good exceptions.
If the voting machine controversy was all under seal or secret could you have investigated?
Reading Cronon’s comments about this, one gets the sense that (deliberately or otherwise) overbroad search criteria are a significant part of the invasion of academic freedom he is talking about. The publicly-paid GOP operative who filed the FOIA request didn’t ask only for email relevant to the op-ed that Cronon wrote, but for a huge raft of additional material (some arguably protected by law) connected to the op-ed only by the sharing of a few common keywords.
There’s obviously a debate to be had over whether a professor’s decision to write an op-ed that some people consider political should expose the process of writing that op-ed to public scrutiny. (I’m not sure where I come out, but the “yes” position at the very least isn’t obviously bankrupt.) But all these other pieces of email — which would constitute the bulk of the chilling effects on academic discussion — are getting sucked into the controversy simply because the requestor has used a really ineffective way of specifying the stuff he’s ostensibly looking for. (Note that a bunch of email highly relevant to the writing of the op-ed might not be caught up by the search, if Cronon happened not to make regular use of the keywords.)
In this case, I tend to think that the overbreadth was intentional. But in general I wonder whether the universality of keyword-based search engines hasn’t made massively overbroad keyword searches seem like a natural way to proceed, When I’m looking for information about something that’s a bit hazy, I’ll run the widest search I can and then trust in my wetware pattern-finding abilities to narrow down the field (sometimes adding keywords based on likely-looking initial results) to the truly relevant bits. We have algorithms that can do similarly, but they’re not widely used or well known by the average searcher.
The law is working as intended. Government employees (university professors among them) should not expect to be able to use public resources without subjecting themselves to public scrutiny. This is especially true where it concerns scholarly activities funded by the public. Academic freedom is freedom from being fired for what you say, not the freedom to conspire in secret with public resources.
We live in an age where you always hold office hours with the office door open, with witnesses within earshot, and requirements to hold onto exams and grading rubrics for a year after a class ends, and a professor expects to be able to use his position as a scholar to make political pronouncements without pushback?
If you can’t stand the heat, get out of the kitchen.
Academic freedom is freedom from being fired for what you say…and a professor expects to be able to use his position as a scholar to make political pronouncements without pushback?
So I guess you’re saying that academic freedom protects your speech, but only if it’s not political. As for your reference to conspiring in secret with public resources, how is writing an op-ed suggestive that he has done so?
I know it’s hard for people outside the community to understand and it may seem quaint, but the academic world is built on trust. We communicate with our colleagues in very blunt fashion, because it is the quickest way to go about the process of pursuing knowledge. Yes, there are certainly times when messages stray from one’s area of expertise. And sure, this secrecy opens the system up to abuse, but the system could not function without it.
Academic freedom is the freedom to say what you want without being fired for it, if you’re tenured. It’s not freedom from scrutiny; this reminds me of the old saw that transparency is great, until you’re the one subjected to it.
The professor in question hasn’t conspired in secret with public resources, because, well, he’s under requirements to disclose. If he weren’t, is anybody going to suggest he wouldn’t use public resources (his office, his white/blackboard, his email, his library accesses, his departmental office supplies) in support of his political activities, and claim privacy in his usage of the above?
To carry the discussion further, isn’t this kind of diversion for public resources precisely one of the things open records and freedom of information acts are supposed to bring to light for public scrutiny?
Just because a University is publicly funded does not mean it should be treated as a part of the Government in this way. True academic freedom requires that Universities be treated as private entities regardless of their source of funding.
I wonder if the assumption that public University == Government has been tested in the US courts? Could a case be made that they are not?
As public universities are less and less funded with public money, when do they cross the line?
First, to clarify, the request was made under Wisconsin’s open records law, not FOIA (which is a federal law), but that’s splitting hairs.
As for UW, it’s not a question of the funding source, and it does not rely on an assumption that UW is part of the government. The only relevant question is whether UW (specifically UW-Madison) is subject to Wisconsin’s open records law as written. According to Chapter 19 of the Wisconsin state code (text at http://legis.wisconsin.gov/statutes/stat0019.pdf), it’s pretty clear that UW is subject to the open records mandate. The relevant portion is the section on definitions in 19.32(1) on page 6:
“Authority” means any of the following having custody of a record: a state or local office, elected official, agency, board, commission, committee, council, department or public body corporate and politic created by constitution [emph. added], law, ordinance, rule or order;
Although we don’t think of public universities as government, UW was specifically created by Article X, Section 6 of the state Constitution (see page 13 of http://legis.wisconsin.gov/rsb/unannotated_wisconst.pdf). One could potentially argue that UW is not a “public body corporate and politic,” but (from my understanding of the term) I don’t believe that argument has any merit. The term refers to any group or unit that is set up or organized by the government, regardless of whether the unit has any particular political mandate.
So, by the letter of the law, UW is subject to the open records mandate. The issue would be more interesting if Prof. Cronon were at a branch campus, such as Whitewater (UWW). While UWW is part of the UW system, the Constitution only mentions a state university “at or near the seat of state government,” which would be Madison. So it is not as clear if UWW would be subject to the open records mandate.
Having said all that, this action by the Wisconsin GOP sets a dangerous precedent. I do not agree with the claim that public universities should be treated as private organizations. For example, how the university handles its budget is clearly a matter of public interest. However, confidentiality and freedom of inquiry are critical to academic integrity (which I think was your real point). I don’t believe in blind trust, and there should still be some means of accountability (e.g., a university committee charged with oversight powers) to ensure that real violations of academic integrity (e.g., plagiarism, financial corruption) are punished. But state or federal open records laws are the wrong venue for that mechanism. This can be easily accomplished by amending the laws to exempt faculty and students from being subject to the law.