This weekend The Chronicle of Higher Education published an opinion piece by Michael Morris arguing that in the name of campus security campuses should start data mining all student internet traffic. Or as the not so subtle, fear mongering, almost fit for Fox News title says, “Mining Student Data Could Save Lives.” Morris’s article to put the matter bluntly is a phenomenally bad idea. Indeed his argument so ill conceived that it is difficult to know where to begin in exposing the problems. I even question The Chronicle’s choice to publish this piece. Yes, opinions are helpful for generating discussion, but a certain amount of competency should have to be cleared before The Chronicle is willing to co-sign your piece, even if done under the commentary section.

Let’s start by being clear on what Morris is calling for. You have to read through to the fifth paragraph to understand exactly what Morris wants:

“If university officials were to learn that a student had conducted extensive online research about the personal life and daily activities of a particular faculty member, posted angry and threatening comments on his Facebook wall about that professor, shopped online for high-powered firearms and ammunition, and saved a draft version of a suicide note on his personal network drive, would those officials want to have a conversation with that student, even though he hadn’t engaged in any significant outward behavior? Certainly.”

In other words Morris is calling not for data mining, as his title suggests, but rather for total surveillance of all student internet activity with an eye towards mining that data. What Morris is suggesting is not only that Universities monitor student email and conversations on University servers and equipment (student email addresses, Blackboard conversations), but all student internet activity. He is talking about monitoring internet search traffic, i.e. what students search for on Google, what students post on any site, i.e. Facebook Wall, blog comments, etc., what students shop for online, i.e. any purchase you make or any purchase you look at making, and even open up and look at any files you have stored (his suggestion that the University would mine a suicide note written and saved on a computer would involve opening and analyzing said file). And I assume, even though he doesn’t mention it Morris would like to monitor and then mine all IM traffic, and Skype calls. Calling this data mining hides the fact that the first step is actually surveillance, collecting the data, where the end goal is then mining what has been collected.

Technologically Morris doesn’t know what he is talking about and ethically he equates himself with some of the world’s most oppressive governments. In short this proposal reads as if it is written by a despotic leader who has spent too many hours watching poorly conceived science fiction.

In the first iteration of this post I wrote several lengthy paragraphs explaining how the surveillance Morris outlines here is not as technically trivial as he seems to make it, and it is obvious from this piece that Morris has little to no sense of how this technology works (someone please explain to him the difference between http and https cause he seems to think that all internet traffic is the same). Morris’s piece argues that technology is a “crystal ball” (his word not mine) that would allow us to predict and control the future. The technology he describes here is neither as trivial nor accurate as he suggests. But ultimately I decided to cut out all of the technical bits which demonstrated Morris’s ignorance (perhaps he has been watching too much Minority Report or Person of Interest) and instead focus on the more important issue: the ethical one. Morris is arguing that the government should monitor, without cause, all the internet traffic of some of its citizens. (Maybe I’ll write the technical stuff later.)

Let’s put it in no uncertain terms: Morris wants total surveillance of all student traffic on the internet all the time. In other words he is calling for the wiretapping of all private digital communications. Since in this particular circumstance, and in many he outlines the students attend a public school, and the police would be the ones doing the monitoring (or at least involved), what is being suggested here is that private citizens have the entirety of their online communications surveilled by the government. And this monitoring would happen regardless of the student, everyone, all students, no probable cause, no reason for suspicion, just surveil everyone 100% of the time. Total state surveillance. Perhaps Morris has a different measure of what is reasonable, but in my America the government is limited in the degree to which it can monitor its populace without a subpoena (I know, FISA, but we can save that for later).

Morris’s logic goes something like this. In rare circumstances a student will commit an act of violence, in order to prevent this we should curtail the civil liberties of all students. What’s worse though is the bizarre logic deployed to justify this type of surveillance. Morris notes that companies already engage in this kind of monitoring (Credit Card companies, Amazon, Netflix, Facebook, etc.)

Let’s take these “justifications” one at a time. Effectively in the first instance Morris is arguing because a small percentage (an extremely small percentage) of individuals might commit a crime we should extensively violate the rights of all citizens. Now Morris lines the argument up by beginning his piece with a colorful fictional scenario: imagine a student “his sweating hands firmly clutched the grips of the twin Glock 22 pistols.” These sort of hypothetical, the world is really dangerous scenarios, are often used to justify curtailing liberties, after all who wouldn’t want to prevent the kid with twin Glock 22 pistols. But, in reality it doesn’t work this way. Sure we could limit all sorts of social ills through restricting citizen behavior (let’s start with curfews) but we don’t.

Or put perhaps in terms that would directly apply to Morris. We know from research that police officers are more likely to commit spousal abuse than the average individual. Thus we should in order to prevent the scenario of a cop with twin Glock pistols killing his wife institute a policy of monitoring all cops all the time. All internet activity by all cops should be monitored. We should know if they visit any sites that might indicate violent tendencies. Also we should put cameras in their homes which record how they act at home so that in case they raise their voice, engage in behavior that indicates violence, we could intervene. I am sure Morris would not be for this scenario, but it is the equivalent of what he suggests, the only difference is who is monitored and who is doing the monitoring.

His second justification is that companies do it anyway, so why shouldn’t Universities. I find it odd that we would want to look to these companies for guidance on respecting student privacy, at precisely the moment when their is a large public conversation developing around the degree to which they don’t respect privacy, and that the government should intervene to establish guidelines. Just because students willingly share information online is hardly a justification for violating their privacy, monitoring all of their internet communication. Furthermore the scale at which Morris suggests students should be monitored in no way equates with what is being shared (mostly publicly) in particular online venues. In the first case students chose to share particular pieces of information on Facebook, making them (again mostly) public for others to view, and remain empowered to not share other aspects of their online communication. Private online communication is still possible. Second in the case of corporations students (at least theoretically) willingly enter these relationships with corporate entities, trading privacy for some other benefit. With government monitoring there is no opt out, use the internet to communicate and you will be monitored. Finally the response by these corporations is in no way comparable to what happens with these private companies. A credit card company calls you to verify that you indeed did purchase a $800 dollar pink stuffed elephant, a minor inconvenience, but the government detaining you for hours of questioning because you called your professor an asshole on a Facebook wall, hardly constitutes the same level of inconvenience.

Imagine the depth of invasion this constitutes. Emails about private family matters. Monitored. Concerned about a medical condition, searching the internet. Monitored. Have a drug or alcohol problem, reaching out to a support group. Monitored. Organizing a political protest. Monitored. You name it. Monitored. This is why we have restrictions on what type of surveillance our government can conduct. We should find it a little more than disturbing that Morris’s position aligns him with the STASI, or if you prefer, more contemporary situations despotic regimes: “In order to preserve the safety of our citizens we must monitor all of their communications.”

Perhaps people are lulled into believing that this type of surveillance constitutes a minor inconvenience, because one would only be monitoring online communication. But imagine the outrage that would ensue if Morris was suggesting that police begin routinely searching all dorm rooms in order to insure that no illegal items are on campus. Ultimately I would argue that monitoring my online communication is far more invasive then searching my physical property. Heck just knowing what someone has searched for on Google in the last month can often tell you a lot more about them than looking through their apartment.

Morris’s argument is the classic, but severally flawed one, that we should give up privacy to maintain security. As Daniel Solove has argued this is a fundamentally misinformed approach. In the first case, because one rarely achieves security, and in the second because this type of ubiquitous surveillance itself constitutes a serious harm to the community. As Solove points out, privacy is not just an individual good, it is a public one as well. A community without privacy is an unhealthy one. Individuals need control over what type of information is made public (even if they don’t always exercise said right), and what types of information monitoring bodies can collect about them, not only for individual health but for public health as well. A community with no sense of privacy is a dysfunctional one. Imagine a community where all communications are monitored by the government (again this is either very directly what Morris is calling for, in the case of the public university, or by proxy in the case of the private where the institution de facto serves as the local governing body). One doesn’t have to have read Foucault to understand the degree to which severe government monitoring adversely effects the population, 1984 or Brazil will work just fine for this.

Let’s take even the best case scenario that Morris offers here, that we are going to use this technology to monitor all students, looking for ones who might have mental issues. How is this data going to be used? Are the flagged students going to be expelled? are students who the predictive algorithm decides are risks going to have mandated counseling? Will this be permanently attached to their file? Will there be a no-class list equivalent to the no-fly list? And given the issue of liability institutions are liable to err on the “conservative” side questioning any and all students that might pose the slightest risk, for fear that if they don’t they would be liable in the future? (And again, keep in mind the technology doesn’t work this way, looking for “mentally unstable” people is not nearly the simple analysis Morris implies it is.)

Even if this surveillance would work the way Morris thinks it does, it is not even the best way to accomplish what he wants. Rather than actually try and address the larger issues, or develop a more reasonable plan, Morris purposes the “magical” technological fix. Which of course is neither magic nor a fix. Compare this to a plan which would call for increased funding of mental health clinics, building a positive relationship between Residence staff and students so that those with concerns would speak to someone. Sure staffing a mental health clinic is costly, but it is more effective, and what Morris doesn’t want to tell you cheaper than the solution he purposes. As Morris himself admits, “In the aftermath of nearly every large-scale act of campus violence in the United States, investigation has revealed that early-warning signs had been present but not recognized or acted upon.” If these early warning signs exist why do we need more monitoring?

But lets be clear, Morris isn’t after safety or mental health. This is about something far more nefarious, this is about control. And to understand this argument it is important to situate this claim within the context of higher education in California where Morris works. The mental health angle here is just a ruse, a rhetorical strategy to convince people that students need to be monitored for community safety. This is something those with power have been wanting to do for a long time, wholesale monitoring of the population, and given the recent tense situations between students and the California system, situations often mediated by the police, certainly part of the story here is a feeling on the part of police that all students must be monitored and controlled all the time.

If you doubt my reading here all you have to do is turn to his paragraph on FERPA. Morris argues that yes FERPA might be a concern, you would be monitoring student’s private conversations, but “luckily” for those who want to monitor there is an exception to the rule that would allow this type of monitoring. In other words Morris treats FERPA as a technical/legal hurdle that can be circumvented not something that expresses a legitimate concern about protecting student privacy. Morris deals with the letter of the law (“look it’s easy to get around”) without addressing the reason the law is there in the first place (“protecting student privacy is a philosophically and ethically important community principle”). Notice nowhere in the essay does he recognize that this type of surveillance might constitute a privacy concern (the only mention of a limit is in taking care to make sure that students maintain a right to due process). Student privacy is treated as a hurdle to be overcome not a value to be respected.

I am an educator because I believe college can be an incredibly important step in individuals becoming productive members of their community. At philosophical times when people ask me what I do I respond, “I work with students to help them become the people they want to be.” I find it loathsome, and counterproductive to suggest the best way to help students become citizens is to monitor their behavior all the time. What types of individuals would be produced from such a community, a community under constant surveillance?