Teachers, Students, Expectation of Privacy in Online Classes

Hi Everyone - I was having a discussion with the Dean of another school and in the course of the discussion it emerged that my thinking on the topic of adminstrative access to virtual classes for monitoring was completely opposite of his.

I did some searching, found some policies but also wanted to ask this enlightened group what you thought. I would be interested in hearing both from faculty perspective and student perspective.

For example, do you sign a statement acknowledging no expectation of privacy? Do you care? Have you even thought about whether someone is observing the classroom without your knowledge?

Personally, as an administrator I use the access to make sure students are staying on track, it's easier to help a student who is behind a week than the student who has disappeared for a month. It's also better to find out an instructor has gone missing in action before a student brings it to your attention (it HAS happened before).

So, enlighten me as I am genuinely interested to hear your thoughts.

Thanks,
Mary A

 

Mary, as a learner or a faculty, I would expect that administrators are monitoring the online courseroom. As an administrator, I would not hesitate to monitor a courseroom. I don't see this as a privacy issue, or an academic freedom issue for that matter. I see this as a QA/QC issue that is the responsibility of the administration. As you point out, it is easier to deal with an issue now than it is to hear of it later (or too late).

Courseroom monitoring is just one of those ways to try and head off major problems, befor it's too late.

 

While I have no real disagreement with what Paul has posted, I admit, I'm unaware of how these issues are dealt with in a B&M classroom situation. If I were a student registered into a "butt-in-classroom" course, let's say it's Psych 101 (or 201 or 301), how would you, as an administrator, become aware of the fact that I wasn't coming to class? Doesn't the "online" aspect of this teaching/learning modality actually give you increased access to this sort of information? Now, don't get me wrong, I'm not necessarily objecting to this degree of access, I'm just thinking about the issue of "what is necessary" v. "what is possible."
Jack

 

As you've worded it, no. That's too broad... and it would be unconscionable for any institution to ask either student or teacher to sign-away, in such a blanket manner, their privacy rights.

You've not been in a coma for the past five or so years, have you? Privacy. Identity theft. C'mon! You've heard of 'em, right? Of course everyone cares -- categorically, that is.

Look, I'm a died-in-the-wool, sue-'em-first-and-ask-questions-later kind of privacy advocate. Still, I, personally, would not hesitate to sign something that gave my permission for appropriate management personnel of the university to view the classes. It's little different from when one calls the phone company and is warned by the recorded voice that the call may be monitored for quality control purposes. If you can give your personal information to the customer service representative who eventually answers the phone, then you can certainly trust it with his/her eavesdropping boss. But even that, in this day and age, is irritating to a privacy-conscious society, hence many phone companies now offer a choice (by pressing one of the touchtone keys) to not have the call s/he's about to have monitored by anyone.

I think it's appropriate to ask students and teachers alike to allow themselves to be observed by appropriate parties in the university. But that's where it stops. Just as I wouldn't want some creep sitting in the back of the classroom on a brick-and-mortar campus (and would count on campus police to keep them away), I most certainly would expect the university to keep the online delivery system secure (in all the ways professional IT people know how to securite a wide-area or Internet-based network) from persons not employed by the university and/or not enrolled in the class.

And any privacy agreement which the university asks either teachers or students to sign should make clear that it understands the difference between what's described in the former paragraph, and what's described in the latter; and should ask teachers and students to give-up only as much privacy as is necessary to accomplish its quality control objectives... and not one thing more.

Yes. It's creepy. More so today than years ago. The Internet and the rash of identity thefts in recent years, has changed it. Any university that isn't sensitive to this issue, generally, is irresponsible. Any university that asks teachers/students to give away more of their privacy than is absolutely necessary to achieve quality control objectives is equally irresponsible... perhaps more so.

I agree with everything PaulC wrote except the part I highlighted in red, above. It most certainly is a privacy issue -- and one that can get a university sued in a big hurry if it's given short shrift. I warn anyone reading here who has control over such things not to make that foolish mistake. Privacy is a big deal today. If if happens that you've not noticed that... well... fine. But please don't diminish its importance to others.

Yes... you, and others -- some of them, perhpaps, not authorized to do so. That's what elevates the privacy issue, generally, from one of mere concern to one of absolute necessity and imperative.

Excellent. You've gone right to it. One need only turn to any newspaper or radio or TV news broadcast over time to observe what's possible by hackers and crackers and all manner of skilled knuckleheads -- the very same ones who break-in to web sites and steal credit card numbers -- and who, guided by no moral compass whatsoever, delight in breaking-in to computer systems (including course delivery systems) just for the sport of it. Once there, being as intelligent (though typically young) as they tend to be, they quickly assess what's at stake (i.e., determine by what means they may do the most damage), and then they proceed to do that voodoo that they do so well. Just imagine the ways that someone of that ilk could screw-up a student if they had said student's login and password to an online course delivery system. Or, worse, said student's teacher's login and password!

Just imagine. I mean really imagine.

Once one truly grasps the horrific possibilities, it sort of makes discussions like this kinda' silly; and the notion of not having good privacy policies, and good security as a means of enforcing them, irresponsible on its face.

 

As someone who has taken online classes, I view this exactly the same as if an adminstrator dropped by to observe the professor or just to participate. I don't care in the slightest and can't imagine why anyone would.

At a brick-and-mortar school, administrators have every right to come and sit in on classes *whether you know they are there or not* and this is exactly the same.

To be honest, I'm much more concerned about doing well in the class than who is watching what I type.


Tom Nixon

 

I appreciate the insights. I personally fall into Tom and Paul's camp but am mindful of issues raised everyone else. I absolutely agree an institution has a responsibility to ensure that their campus is secure, especially as it relates to student information.

I do not think a faculty member or student should object to administration observing a course. I think both should be aware that such observations can take place, but beyond that I feel no obligation to let them know that it is happening or when it will happen.

Thanks again,
Mary

 

I think that's perfectly reasonable. All I'm saying is that the privacy policy -- which is something, among many things, that I, for a living, help people develop -- needs to be comprehensive and sophisticated; and needs to cover all aspects of the students' and teachers' privacy as long as it's at it; and should be painfully clear that, except for authorized university administrative personnel dropping-in unexpectedly (and maybe even anonymously or invisbly, if that's how you want to do it), the student may rest assured that no one else can observe classes, or get at anything else about them that may happen to be on the system. That's all I'm sayin'.

 

I think FERPA regulations covers most of this.

 

I don't think there's any question that administrators should be able to observe classroom activities, in person or electronically.

Let us extend this discussion a bit, however.

Most private corporations (which many DL providers are) have established policies that state, in effect, that the employee's email (presumably that which comes through the company's server) is not private.

Should administrators be able to view faculty and student email? I wonder what the policies are for Capella, UoP, AIU, or the other for-profit entities, since they are a bit closer to the corporate model than most of the non-profits.

What do we think?

I'll start off. In non-profit higher education, it would be rare, I think, for administrators to view faculty email, even if they could get the acquiescence of the IT department, which is another question. There would probably have to be an accusation or some such that raised a question of impropriety (terms of employment stuff). I doubt very much that "quality assurance" observation of email activities goes on. In the non-profit sector, there is at least the expectation of private communication. We all know the old saw, of course. If you want privacy, don't use email.

However, in the for-profit sector, the institution is a corporation. I assume they use the corporate model here--no expectation of privacy. The administrator can view email transactions at will.

What do we think of the issue? Are there faculty of for-profits here that can tell us about current practice?

marilynd

 

And many non-profits, too... both of which have been upheld by the courts numerous times.

Lets say we're talking about the fictitious "Parkenfarker University," which has as its domain name "parkenfarker.edu"

Remember that I'm a staunch privacy advocate when I say that were I the CIO or IT director at Parkenfarker, the university's policy would clearly allow me and key members of my staff to view any and all email that goes through both the SMTP (outgoing) and POP3 (incoming) mail.parkenfarker.edu mailserver. Period.

And the reason, simply, is that the university, and not the teacher, student or staff member, owns the domain name and mail servers; and is legally responsible for how they're used. And, moreover, it's a "that's my name above the door," sort of issue wherein the domain owner most certainly has the right to control his image, and what's written by someone using his, in this case, "@parkenfarker.edu" email address.

This is really a no-brainer. It's a long-standing practice, upheld by the courts, and with a years-long, sophisticated and comprehensive body of policy language that has withstood both judicial and constitutional scrutiny.

There simply needs to be a good Terms of Service Agreement (TOS), and Privacy Policy, in place to both notify the end-user under what circumstances the owner of the domain may reasonably inspect/view the end-user's mailbox; and which also instructs the domain owner when s/he can and cannot do so.

Everywhere I've ever been an IT Director or MIS Manager or Chief Information Officer (CIO), or whatever the title is, here's pretty much how the policy went:

1. All email which utilizes a company-owned domain name, mail server, and/or emailbox is viewable by me and my staff at any time, for virtually any reason. And note that I said "me and my staff," and not just any upper-level manager and/or executive. A good privacy policy permits IT staff -- and if it's really good, only top-level IT staff -- to view company email; and then only if a problem of such magnitude that non-IT upper-level management should be notified (as set forth in the policy) would I bring it to the attention of the appropriate party. Mostly, though, I would simply sit down, privately, with the offending employee and call the problem to his/her attention, assure him/her that it would be kept confidential as long as no further problems arose, and I'd ask him/her to please stop. I would, of course, document the incident and the discussion and file it safely away.
   
2. Having explained to employees that how it's described in item 1, above, is how it's gonna' be, I add that no one in my department -- including me -- will ever look in anyone's emailbox unless there's a darned good reason... i.e., something has happened to call attention to the mailbox and/or its user which pretty much forces us to investigate; or there's a technical problem that forces us to go into email accounts or mailboxes in order to get it resolved. In that sense, it would be very much like how the cops used to not be able to look in your vehicle's trunk unless they had probable cause. This means -- and I have always been very strict about this -- that no one on the IT staff would ever be allowed to "cruise" emailboxes just for entertainment value or to be nosy, etc.... and I made it clear to my staff that their doing so would be a fireable offense.[/list=1]I realize it's just a personal ethic sort of thing, but, honestly, I must tell you... whenever I've sat down at an employee's computer to fix something email-related such that his/her list of messages sitting in his/her emailbox is right there, in front of me, I almost avert my glance and try not to even look at them or their subject lines... and I never, unless I have to, to fie some kind of problem; or unless the user gives me permission, clicked on any of them and read what was inside. Of course, from my experience, I realize that that sort of moral compass is absent in alot (not most, mind you, but alot) of IT people. However, those who have been around awhile and who really and truly understand the fiduciary nature of having access to everyone's stuff on a computer system are never really tempted.
   
   Remember, the IT staff -- or at least it's top-level people -- can see absolutely everything on a computer system. And I mean everything! Always have been able to. Always will.
   
   But just think about that. We could get into the payroll system if we wanted to to see how much you make; or we could get into the personnel system if we wanted to... well... I leave you to just imagine what we could see there if we wanted to. And so on and so on and so on.
   
   However, decent, honorable IT professionals (and, really, I gotta' tell ya'... that really is most of them) who truly get it -- like me, for one, I dare (and proudly) say -- are never even tempted. Honestly. And even the ones who might be are typically too busy to find the time.
   
   So my point is, while the privacy-violating possibilities boggle the mind, as a practical matter, there's typically less snooping going on than one might think. That said, there are some companies that go exactly the opposite way and have even hired a person or to to do nothing but snoop around and make sure that company resources -- including emailboxes -- are not being used for things for which management would not want them used. Personally, I think that sort of behavior is unconscionable; and it has never, ever happened on my watch. But it does happen... and I think it's awful!
   
   
   I'm not sure that anyone -- not in IT, at least -- is differentiating between "for profit" and "non-profit" entities regarding this matter. And I would argue that no one should. Good privacy policies such as what I've described in this thread should exist in both kinds of institutions.
   
   
   It should be a decided non-question... and for all the reasons I describe herein.
   
   
   Or a technical problem; or a spam issue; or a child-porn issue; or a faked email identity issue; or a virus, worm or spyware issue; or a denial-of-service attack issue, or any number of other security and/or usability and/or system failure issues that could crop up. Non-technical end-users are never the ones who should decide under what circumstances it can happen.
   
   
   You're probably right... though, if you think about it, since alot of teaching in a D/L program happens in email between the prof and the student, maybe there should be. If that bothers the prof, then maybe the IT department should give him/her a special email address for back-and-forth with the students as part of the teaching task, and another email address for the prof for everything else. Both the prof and the student would understand that the former would be potentially highly scrutinized, and the latter would not... but both would be subject, in my perfect world, to the kind of policy I described earlier.
   
   
   Well, there shouldn't be. Any non-profit IT director who runs that shop differently, in this respect, from a private, corporate shop is doing his/her employer a disservice.
   
   
   Or a network-connected computer, at all. Or, if you do want privacy -- or at least as close as privacy can be achieved on a computer network -- then make sure your CIO and IT Director have my kind of sensibilities.
   
   
   Not the administrator. The IT department -- and even then, only it's top brass; and they should have the kind of internal policy that I've described herein. That's how it should be, whether in a for-profit or a non-profit environment.
   
   
   Well, for my part, I've just described how it's been -- and is currently -- at any entity, regardless of profit status, where I've ever worked or to which I've consulted. I'm sure others will chime-in.

 

Thanks, Gregg

Comprehensive and informative, as usual.

I think I was limiting the situation to what might cause a college administrator to seek to read faculty email. Clearly, there might be all sorts of security and technical issues that arise as well.

I can see that from an IT perspective there is not and ought not to be a difference between profit and non-profit. Perhaps there ought not to be from any perspective. However, looked at from perspective of the ethos or milieu or traditions of educational institutions, there has been a difference historically. I suppose the issue is one of sensibilities. At many non-profits, faculty are not just employees. To use the old term, they are "constituents" of the university. At Harvard and Columbia, for instance, they are officers of the corporation (in the older sense of that term), part of the governing structure. They have a kind of autonomy--and have come to expect the kind of autonomy--that simply doesn't exist in non-educational institutions. In that environment, expectations of intellectual freedom and privacy in communication go hand in hand (within certain limits, of course). Some non-profits, of course, never developed along these lines. It is still fairly wide-spread among private non-profits, where they are better able to guard their "rights and privileges" from the MBAs (no offense intended) that now populate higher education administration. I suspect that if some administrator decided to start opening email of faculty for "quality assurance" purposes (I'm not talking about WebCT mail, mind you), the result would be a fire-storm of indignation and protest on campus.

My impression is that for-profits, for the most part, never developed in this way. The faculty member is just another company employee, and I wonder if there would be the same sort of fire-storm.

Hence, my separation of the question into non-profit and profit, and my curiosity about what for-profit faculty had to say on the issue.

It is clear from your post, however, that whatever the expectations used to be, the digital age is rapidly making them moot.

Quite a bit to think about. Thanks.

marilynd

 

Whew! We ended-up in the same place...

Thank you for adding that last part, because as I was reading what you wrote I thought to myself, "Yes... I understand what you're saying... but technology and its issues come in just one flavor. Whether it's an old non-profit with its IBM-Selectric mentality that is forced, kicking and screaming to adopt technology; or a new non-profit with optimizing technology to its benefit written right into its charter, the legal issues of responsibility surrounding domain ownership and use by either staffers or volunteers of corporate technological resources (and remember, all non-profits are still corporations... which can still be sued), are the same for non-profits and for-profits alike."

But I like the way you said it better.



If you really want to get your blood boiling, here's a twist on your email question:

• Does an employer have the right to view an employee's personal email which doesn't use the employer's domain name, or its incoming POP3 server, or its outgoing SMTP server, or any emailbox disk space on the employer's email server; but which is viewed by the employee while sitting at the employer's desk, using the employer's computer on that desk, and while using the employer's Internet connection and bandwidth?

In other words, let's say that you're an employee of Parkenfarker University and your email address there is [email protected] and that the email client you use at work to send/receive messages and view your emailbox on the Parkenfarker email servers is Microsoft Outlook (not Outlook Express, but Outlook).

And let's say that, at home, you're an SBC DSL subscriber, and so your personal email address is [email protected] and that the email client you use at home to send/receive messages and download them from your emailbox on the SBC email server is Microsoft Outlook Express (not Outlook, like at work, but Outlook Express, like comes free with Microsoft Windows).

And let's say that though you normally use your home copy of Outlook Express on your home computer to download your email messages from your POP3 account on the SBC servers to the hard drive on your computer whenever you're at home; whenever you're on the road, or at a friend's, or at an Internet cafe, or at Kinko's, or at work, you use a web-based interface to your personal SBC emailbox that SBC provides to all of its email customers.

So, there you are at work, sitting at your desk (but which he actually owns), using your computer (which he actually owns) and his connection to the Internet.

You open your copy of Outlook (not Oulook Express, like you have at home, but what you use at work, which is Outlook) and you view and reply to all your [email protected] email...

...and then, when you're done with that, you take a personal moment to open your web browser (well... actually, technically, it's your boss's web browser) and you go to http://webmail.sbc.net and you key-in your username ("marilynd"), and your password, and up pops your personal email inbox (for your [email protected] email account); and you read and reply to a few messages there, and then you logout and go back to work.

• Is your employer allowed to see those messages... the ones in your personal SBC inbox, but which you used his web browser, on his computer, sitting on his desk, connected to his network, and using his high-speed T1 connection to the Internet (and, therefore, his bandwidth)?

There. That one ought to get ya' goin!

 

When I am at work I sometimes take the time to check my personal email (I have three separate accounts) and sometimes even check in at degreeinfo (on my lunch break, of course). It is my assumption that my friends in the MIS Dept. could be monitoring my activities (no, not in that paranoid way of thinking, just as a part of some ordinary activity). I am on their time, I am on their equipment, I am on their network. It's OK with me.
Jack