Many universities across the country have compromised their protection of computer privacy and speech. Ball State University, for example, prohibits the possession of computer programs used to crack passwords, even if they are never run. Stanford University, with the consent of the majority of its faculty, banned access to an electronic newsgroup that included racist jokes. And at Virginia Polytechnic Institute any "unwarranted annoyance" or "unsolicited e-mail" is prohibited.

Fortunately, Harvard does not explicitly have any similar policies. Current university policy, however, is vague enough to allow such infringement. The Handbook for Students states that "information stored on a computer system is the private property of the individual who created it. Examination of that information without authorization from the owner is a violation of the owner's rights to control his or her own property." In addition, The Handbook says, the "use of an electronic mail system to send fraudulent, annoying, or obscene messages is prohibited." The Handbook also recognizes that electronic security mechanisms are imperfect, warning that "any attempt to circumvent them in order to gain unauthorized access to private information will be treated as an actual violation of privacy."

There is a conflict in these standards: the privacy of students' files and behavior is less than absolute, subject to the restrictions on what Harvard considers "fraudulent, annoying, or obscene." The integrity of data in students' accounts is assured, but the right of students to produce or obtain that data is not. Certainly some limits on student conduct should exist: users should not be able to violate the files of other users. But nevertheless, students must be granted the same First Amendment speech and Fourth Amendment privacy rights on Harvard computer systems that they possess in other academic and non-academic realms at Harvard.

William Ouchark, a HASCS system manager, says that HASCS practice is to prevent a computer program from being run by a student only under exceptional circumstances, such as when it significantly interferes with the operation of a computer shared by multiple users. HASCS, he says, makes an effort to distinguish files, which are subject to a higher standard of privacy, from programs. None of this is not codified in a written policy, however. Nor is there any indication of whether certain programs, like those designed to encrypt data or crack passwords, are inherently prohibited. It may be difficult to define exactly what, if any, types of programs and programming are either so dangerous or computer-time-intensive as to justify regulation and restriction. But without a standard policy students are left unprotected and subject to potentially capricious decisions by HASCS administrators.

Indeed, the terms of what speech are prohibited on Harvard computers do not give adequate warning to students of what is unacceptable, endangering both speech and privacy. The term "fraudulent" normally refers to financial deception; it is not at all apparent what it means in the context of the electronic mail system. Does it apply to e-mail with a false return address, to e-mail with deceptive content, or to yet another category of speech? The words "annoying" and "obscene" are even more unclear. The legal definition of "obscene" refers only to a very small class of materials; no textual work has ever been found obscene. "Annoying" is a term almost void of legal meaning. And while Harry Lewis, Chair of the Standing Committee on Information Technology, claims that the policy was originally intended to apply only to harassment of a specific individual, this is not clear in the text itself.

E-mail communications should have the same privacy protection as telephone communications and postal mail. The Free Speech Guidelines adopted by the Faculty of Arts and Sciences state that the "free interchange of ideas is vital to our primary function of discovering and disseminating ideas." Despite its sometimes vague standards, Harvard has generally respected students' privacy. Computer privacy, however, is too subject to the whim of HASCS officials. System administrators, the staff of HASCS that monitors and maintains the computer systems, can access any student's files. Ouchark admits that under extenuating circumstances HASCS administartors could access student files without the permission of the university's General Counsel.

A Harvard student last year was investigated by HASCS and the Administrative Board after his name was found in an e-mail letter sent by another Harvard student who had been disciplined for misusing an account. The letter suggested that the first student had misused his account to send fraudulent e-mail. Eventually, no action was taken against him but the student was not adequately informed about the process and his rights as the investigation proceeded. Ad hoc regulation, even when benevolent, is no substitute for an explicit policy. Investigations of this nature are more appropriately the jurisdiction of Senior Tutors and other college officials than HASCS staff. With the current system, the only results are conflict and confusion.

Further complexities in computer system policy require clarification. Harvard does not presently indicate whether the standards that apply to electronic mail also apply to electronic newsgroups, nor does it guarantee students access to information from other parts of Internet, the larger network of which Harvard is but a part. The roles of Senior Tutors and advisors in the disciplinary process is entirely unclear. As Harvard expands its High-Speed Data Network to include every undergraduate dorm, it is necessary that these ambiguities be clarified.

The decision to be more explicit about its computer privacy policy may not be a voluntary one; Harvard may actually be legally required to do so. The Electronic Communications Privacy Act of 1986 prohibits employers from reading their employees' e-mail except for a necessary business purpose or if the users do not have a "reasonable" expectation of privacy. It is also within the university's own practical interest to clarify its policy. By screening or censoring electronic communications the university increases its liability in the event of a lawsuit for something like libel: courts have found colleges responsible for the content of student newspapers only if they impose prior restraint upon them; the same principle may apply to e-mail.

In order to ensure students' privacy, Harvard should amend its policies to indicate that:

• Personal files on Harvard computers have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory, and communications on the computers have the same privacy protection as communications via telephone and mail.
• The principles of academic freedom apply to the use of Harvard's computer systems. Free inquiry, free expression, and free access to information are indispensable for this purpose; the same legal and ethical protections of speech that apply in any other arena should be applied to electronic communications.
• Offenses should be as clearly defined as possible and interpreted in a manner consistent with the aforementioned principles. The disciplinary standards should be formulated with significant student input.
• Harvard should educate the college community about the benefits of access to the Internet and information technology, as well as the need for the responsible use of these resources.

Postscript: Harvard has since altered some of its policies, but FASCS (formerly HASCS) policies still do not fully comply with the above recommendations.