Major Changes in IT

This weekend marks a number of changes in the operations of Antioch University’s IT system. In addition to the move of the college’s server and change in FirstClass login names, new policies have been drawn up that will give IT staff legal access to Email boxes of employees.
According to head of the IT department, William Marshal, there are 30 to 40 servers that support University IT operations, two of them running Email services. The Yellow Springs campuses have their email on a server that was here in Yellow Springs and the other four run their mail off a server in New England. Marshall, who accepted the position of Chief Information Officer 10 months ago, explained on Tuesday, “What we’re doing is putting everyone on the same server because there are problems with people communicating across campuses. That server will be physically located in New England.”

The server migration will take place this weekend, November 3-4, and FirstClass will be offline for the transfer. Coinciding with this move of hardware is a move from current usernames to the NetID system. When the FirstClass email system goes back online all usernames, formerly the user’s first initial and surname, will become Datatel, or NetID numbers. For students, this is the number on caf/key cards and the number used to access

Accompanying the IT overhaul are three new policy drafts that were recently released from the office of the CIO. Most notably, under a section titled, “Who is Entitled to Use the System,” the new Email Policy states:

“Staff and faculty who leave the university will have access to their email account disabled. Access to their Email account will then be set up for the manager of the staff or faculty member who has left. The manager will be expected to review the contents of the Email account and make arrangements to preserve and Emails which are required to be preserved. The Email account and its contents will be deleted three months after the departure of the staff or faculty person or when the manager has indicated that they have finished reviewing the contents of the Email account.”

The proposed Email Policy also covers privacy and confidentiality, saying the university will not normally monitor the content of Email or search Email archives, but that professional staff members “may on occasion need access to or monitor parts of the system and thereby gain access to certain electronic messages.”

The Record sat down with Marshall to discuss the documents drafted by his office over the past two months.

What prompted your office to draft new policies?
We just didn’t have them. Some campuses had acceptable use polices, some didn’t. We were looking to create consistency across campuses. We’ve borrowed liberally from other policies at similar universities. Most of them were available online, we looked at University of Dayton and there were some others to but I can’t really remember offhand. This is about the third draft; the preliminary draft was discussed within IT. We made some alterations then discussed it with the IT Steering Committee and came back with this based on their input. The Steering Committee includes representatives from each campus.

You say we simply didn’t have policies of this sort before, specifically the Email Policy. Was it common practice in the past for supervisors to read and preserve emails after an employee has left?
Well I don’t know if it’s been common practice but… mainly because the Email is primarily given for business purposes – it can be used incidentally for non-business purposes – but primarily messages in the inbox will be business messages and in practice supervisors need that information.

Why not leave it up to the employee to make necessary information available to their supervisor or replacement?
In the normal course of business they would, but if they leave without much notice things get rushed. There may not be a scheduled departure. That’s why it’s in there. If they retire and have time to plan, then the person would normally let people know new Email should be sent or forwarded to the supervisor.

Do you see a potential risk to employee privacy? How can it be insured this access will be used to read only the necessary messages?
Well they have to look through it all but the Email account is provided for business Email. If they need a personal Email account, get a second one. I keep a Gmail account. The Email system and all of the IT system are provided for the business of the university so if people have paranoia I suggest they maintain a separate Email account. Most people don’t get their regular work mail sent to their home.

I notice the policy expressly forbids the email system from being used to “construct an email communication so it appears to be from someone else.” Do you have any comment on the falsification of “out of office emails” from employees of the office of Institutional Advancement? Was this provision added after those events?
I don’t know that it’s illegal but it’s certainly immoral.

Do these policies override or replace extant policies at the college?
If the Board of Trustees approves these they would override, yes.

When will the Board be looking at these new policies?
Early in the new year, I’m not sure the exact date of the board meeting. First it’s going to the ULC and if they approve then it will go to the Board of Trustees. Then they would override any existing policy.