14 DAY TRIAL // University of California, Berkeley (UCB) professors have expressed their concerns about a new security tool installed on the university's IT network, which they say is capable of eavesdropping on their email conversations, the San Francisco Chronicle reports (paywall).
Faculty professors are exchanging emails that provide further details about a new security tool that UCOP (University of California, Office of The President) secretly installed last July, after a cyberattack on the UCLA Medical Center.
Blogger Chris Newfield has obtained some of the letters currently exchanged by university staff, and they paint a grim picture.
Management told the university's IT staff to stay quiet
University staff are saying that the new equipment can be used to spy on email communications and has storage capabilities that allow it to save email correspondence for as long as a month.
Since the beginning, the university's IT staff were against the installation of this new equipment, but management moved past their complaints and even forced them to stay silent about their plans because of "attorney-client privilege," which technically doesn't apply between employer and employee.
Additionally, the university's IT staff also revealed that the new equipment is not under their control, and sends all recorded data to the UCOP offices and the equipment's vendor.
The new equipment is meant to prevent attacks from ATPs
The emails also disclosed that, in conversations with UCOP staff, the IT staff was told that this device was necessary to defend them against "advanced persistent threat (ATP) actors," a term they consider to be just fearmongering.
"They further promise not to invade our privacy unnecessarily, while the same time implementing systems designed to do exactly that," one of the email reads, explaining that's except a line in the university's policy, there's nothing stopping Berkeley's management from doing so.
UCB president, Janet Napolitano, previously explained that the new equipment is a pre-emptive security measure meant to deter cyberattacks against her institution.