Napolitano Says She's Always Wanted To Talk About The Secret Surveillance She Hasn't Talked About Since Last August

from the it's-all-just-a-big,-opaque,-pitch-black,-secretive-misunderstanding! dept

A Techdirt reader has sent us a copy of former DHS head/current University of California President Janet Napolitano's official response to the outcry over the secret surveillance of UC staffers -- surveillance she personally approved.



Napolitiano's letter to UC-Berkeley employees immediately ties the secretive surveillance implementation to the UCLA Medical Center cyberattack, just in case anyone (and it's a lot of anyones) feels the effort was unwarranted.

A group of faculty members at the Berkeley campus has articulated concerns regarding some of the security measures we adopted in the wake of the UCLA cyberattack last year. The concerns focus on two primary issues: whether systemwide cyber threat detection is necessary and whether it complies with the University’s Electronic Communications Policy (ECP); and why University administrators failed to publicly share information about our response to the cyberattack.

The Berkeley faculty members have shared their concerns with colleagues at other campuses and with various media outlets. Unfortunately, many have been left with the impression that a secret initiative to snoop on faculty activities is underway. Nothing could be further from the truth.

I attach a letter from Executive Vice President and Chief Operating Officer Nava explaining the rationale for these security measures.

As you know, leadership at all levels, including The Regents, Academic Senate leadership, and campus leadership, has been kept apprised of these matters, including through the establishment and convening of the Cyber Risk Governance Committee (CRGC). The CRGC, comprises each campus’s Cyber Risk Responsible Executive (CRE), as well as a representative of the University’s faculty Senate, the General Counsel, and other individuals from this office with responsibility for systemwide cybersecurity initiatives.

UCOP would like these facts to remain secret. However, the tenured faculty on the JCCIT are in agreement that continued silence on our part would make us complicit in what we view as a serious violation of shared governance and a serious threat to the academic freedoms that the Berkeley campus has long cherished.



[...]



For many months UCOP required that our IT staff keep these facts secret from faculty and others on the Berkeley campus.

I have from the beginning directed my staff to make every effort to actively engage with all stakeholders and to minimize to the extent possible the amount of information that is not shared widely.

Personal privacy and academic freedom are paramount in everything we do. But we cannot make good on our commitment to protect individual privacy without ensuring a sound cybersecurity infrastructure. While we have absolutely no interest in the content of any individual’s emails or browsing history, we must accept that active network monitoring is a critical element of a sound cybersecurity infrastructure and the interconnectedness of the University and all of its locations requires that such monitoring be coordinated centrally.

I invite further robust discussion and debate on this topic at upcoming meetings of the CRGC and COC.

This sort of thing, by the way, is exactly the reason that everyone had the "say what?" reaction when Napolitano was appointed. This is why people were concerned.



P.S. I'm one of the people whose information was compromised in the UCLA Med Center hack, and don't appreciate their screw-up then being used as an excuse to screw us over now.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

If your privacy is being compromised, the real villains here are the people behind the cyberattack. As for the secrecy surrounding it, Napolitano seems to indicate she'dto discuss it, but immediately abandons that line of inquiry to blame disgruntled staffers and the media for misrepresenting her snooping initiative.Please explain.Great, except that Nava's letter arrivedafter the program was implemented and two months after a university official said the program would be shut down -- a statement which itself preceded (by a month) the news that the program has actually been allowed to continue uninterrupted.Napolitano claims there was no secrecy.Yes, look at all the people who were informed! And were apparently informed they could not pass this information on to anyone else!From our earlier post on the subject -- directly from some of those on Napolitano's "approved" list.This assertion directly contradicts Napolitano's depiction of the events.This seems highly unlikely, considering no one began publicly talking about this secret surveillance until just recently. If the information had been widely disseminated (as Napolitano's claims she directed), the backlash would have begun months ago.And, of course, Napolitano is all about that privacy.School officials -- at least those allowed to see email content/web browsing history -- may claim they have "no interest" in seeing it, but that doesn't change the fact that any of themaccess it without fear of repercussion. Not only that, but a third party has access to this same data -- a third party Napolitano won't identify.She closes her official "this is all fully justified because cyber" letter with the same assertion so many officials make when secret goings-on are dragged out into the sunlight: "I've always wanted to have this discussion I'm now being forced to have!"That's just disingenuous. Don't extend an invitation to a conversation you can no longer avoid.As the TD reader who sent this over explains, they're not exactly thrilled the former DHS head is using a privacy breach to further undermine UC staffers' privacy.

Filed Under: cyber attacks, cybersecurity, dhs, janet napolitano, surveillance, transparency

Companies: university of california