Alma is always watching

Alma is always watching

Sometimes the Man can really get you down, especially here at Columbia, but not always for the wrong reasons. In light of tomorrow’s town hall on protest rules, we bring you an article from the Blue and White’s December issue on security at Columbia. This is the first half of the investigation written by Naomi Cohen.

Four years ago, before public scrutiny of Facebook’s privacy policy began and majority opinion about the National Security Association soured, a Columbia student posted a comment on his Facebook wall about Julian Assange. The comment was a joke about Gossip Girl. Non-political.

The student says that in a matter of hours, he received a message from Columbia University Information Technology (CUIT) in his Cubmail inbox. The message, he says, strongly suggested that he take down the post. Words like “Julian Assange” attract unwanted attention. Heeding CUIT’s words of caution, he took the post down—and asked to remain anonymous in this article. Associate Vice President for Media Relations Robert Hornsby wrote in an email that CUIT “does not monitor or review student Facebook pages” and couldn’t have sent the email. The student says the email was deleted in the switch from Cubmail to Lionmail—CUIT reserves the right to delete emails without notice. Hornsby wrote that a CUIT search for the email was “inconclusive.”

In the same year as the alleged email, the Office of Career Services at the School of International and Public Affairs drew fire for sending a similar warning. The email passed on advice from a SIPA alumnus in the State Department, who advised that mentioning Wikileaks on social media might jeopardize students’ prospects for employment with the state. Following public “alarm that the liberal bastions of academe in the US would be complicit in restrictions on access to the documents,” as reported The Guardian, the State Department denied that these restrictions even existed on its side. The advice was never meant for non-employees, said the State Department spokesman. Then-SIPA Dean and now-Provost John Coatsworth defended the email as a “cautionary suggestion.” He encouraged Columbia students to keep sharing their views publicly “without fear of adverse consequences.”

Students by now have been repeatedly reminded to be distrustful of transnational surveillance. The NSA, though, is not the only pair of watching eyes. Wherever students go on campus, whatever they write in emails, whichever sites they browse, whomever they text and call, and whatever other information they provide the school, Columbia is also systematically keeping tabs—and hovering closer and more unchecked than any municipal or federal institution.

Students rank the campus security apparatus as the most effective service at the university, according the 2013 Quality of Life. Lionmail inboxes tend to feature more campus blasts from the Department of Public Safety broadcasting its investigations of thieves and predators outside of campus than updates from the university president. In response to the Quality of Life survey and the June arrest of 100 suspected gang members in West Harlem—one of the city’s largest gang arrests—Public Safety is expanding the breadth of monitoring even further this year. In one of few public messages on a decade-long ramp up of security presence, Vice President of the Department of Public Safety James McShane wrote in June that he is committing to “actively supporting an enhanced police presence in West Harlem and increasing our public safety personnel and patrols in and around Columbia buildings in Manhattanville.”

McShane’s commitment “to do everything possible to keep making our campus community even safer” hides one detail: safety targets not just outside threats, but students, too.

Just as the NSA is expanding its access to information for the sake of national protection, Columbia University Information Technologies and Public Safety are expanding their capabilities for data mining and monitoring on Columbia’s own campus network. The more services and security Columbia provides, the more information it owns: Columbia-provided Internet services, email services, personal data storage, and physical security are more robust and centralized now than ever. As a private institution, though, Columbia is reserving access and use for two of the most impenetrable organs on campus: the Office of the General Counsel and the senior management of Public Safety.

***

Security policy is reactive. The bigger the hubbub after a breach, the tighter the grip. Public Safety surveillance escalated after PETA protested animal testing on College Walk in 2003 and after 2006 when student and non-student protesters stormed the stage during a talk by Jim Gilchrist, the head of the Minutemen border vigilante group.

McShane was hired from the New York Police Department—where he had served as legal adviser to former commissioner Ray Kelly—months after the first protest and promoted months after the second; throughout his tenure, he has increased the volume of security cameras on campus by over 50 percent.

“I think it’s a wonderful device,” said McShane in an interview. There are about 3,000 cameras on Columbia property—rumor has it that’s the highest concentration of security cameras in Manhattan. McShane declined to comment on the strategic placement of cameras, but said that updated technologies now allow cameras to zoom in and automatically project high-resolution images in the central office monitor when an associated building alarm goes off.

According to a Public Safety officer, who asked to remain anonymous because of privacy stipulations in his contract, buildings under construction have significantly more cameras than older ones. Another member of Public Safety, who also requested anonymity, said that many have audio capabilities. (He added that Public Safety can listen to all campus phone lines.) One member of the tech crew that installed the cameras now works for the State Department.

After a scuffle three years ago with non-Columbia affiliates protesting outside of the 116th St. gates, Public Safety officers were told to alter their approach. “The University wants Public Safety to move away from confrontational situations,” said the Public Safety officer. He said he was told that Public Safety “looked bad” if it was involved in physical interventions on campus. In response to these demands, the officer said that Public Safety is increasing its preventative measures to avoid active intrusion. “Our role is to protect, observe, and report.”

Where video surveillance is inadequate, Public Safety deploys plainclothes sergeants. Another Public Safety officer, who also asked to remain anonymous for job security, said that, since the Minutemen protests, “any protest or rallies has plainclothes officers to keep outsiders who may come inside and try to interrupt what is going on.” Most plainclothes sergeants stand in areas most targeted for theft; some of them, according to the Public Safety officer, record their own videos at student rallies.

One such sergeant, Branko Yurisak, has a reputation for recording videos of Public Safety officers shirking duties while on the job. The Director of Morningside Operations used this footage to fire Public Safety officers who were supposedly underperforming, according to several officers. Yurisak, who declined requests for an interview, would only describe his job as “quality and integrity control.” Quality and integrity control of officers is the informal responsibility of all Public Safety supervisors.

***

Public Safety surveillance affects anyone on Columbia property; Internet and data surveillance affects anyone with a Columbia UNI or who uses the university network: that includes Wi-Fi and information resources such as university computers and servers.

CUIT manages all routers, switches, and cabling for computers, TVs, and cell phones on campus, so it’s privy to all information passing between these devices. Live information, including Internet browsing, connections between computers, and illegal downloading, can potentially be catalogued in the system, which also stores logs of ID swipes into buildings, Social Security Numbers, and financial data. CUIT is technologically capable to locate students through their phones’ Wi-Fi connection.

Because a student wouldn’t know if his or her information was intercepted, examples of the Office of the General Counsel (OGC) or Public Safety exercising its privileges beyond catching theft and illegal downloading are usually speculative. Student groups that organize against administration have been especially suspicious of Public Safety or administration following their activity. Many student groups have learned from previous experience to avoid Lionmail and meet away from video cameras when sharing important information.

Columbia Prison Divest (CPD) does not use Lionmail for internal communication but keeps its Facebook events public and has Columbia email addresses on its listserv. When they held a rally at a World Leaders Forum event in late September, for which they had no permit, a plainclothes Public Safety officer was deployed to keep watch, according to one of the anonymous officers. Other groups like Students for Justice in Palestine, Occupy Columbia University, and students organizing against the Manhattanville project have said that they experienced similar cases.

Occasionally, the alleged surveillance directly affects the ability of student activists to mobilize. At a Student Worker Solidarity rally last year, an officer shot video footage that was then used as evidence in a disciplinary hearing against two of its members. When asked if students have the right to access university camera footage and include them in their defense, Executive Director of Communications for Facilities and Operations Dan Held—who handles media inquiries for the Director of Investigations—did not answer. No Red Tape, which was also created to protest administrative policy, had had a few similar recorded actions before three of its more visible members were rejected from being consent educators last year. All three were highly qualified—and only anonymously a part of the group.

Even the Columbia University Democrats, which boasts one of the largest club memberships and has a non-antagonistic relationship with administration, was prevented three years ago from even entering the space where they planned to hold their protest. According to former board members who heard the story repeatedly from the organizers, the CU Dems received an email from an advisor warning them about an upcoming sit-in they were organizing. They had informed neither the advisor nor Public Safety about the protest, but the day of the action, members waiting at the Barnard gates were told they could not enter the quad to access the building of the sit-in. The story in the Dems circle is that their emails on the event were flagged because of the keywords “sit-in” and “1968 protest.”

According to Held, Public Safety does not flag emails. CUIT also does not regularly or generally read emails either, said Vice President and Chief Information Officer Candace Flemming. The Email Usage Policy, updated November 1, places authority for direct surveillance in the OGC, which handles legal matters: “For reasons relating to compliance, security or legal proceedings (e.g., subpoenas) or in an emergency or in exceptional circumstances, the Office of the General Counsel may authorize the reading, blocking or deletion of Data.” Beyond releasing data in exceptional circumstances, a Student Affairs web page launched last year adds that the University may do so to “enforce or apply the terms of any of our user agreements” or to “protect the rights, property, or safety of Columbia College, Columbia University, our users, or others.” The College or University evaluates “in good faith” when such a release is “reasonably necessary.” Data includes personal records and emails and may eventually be transferred to Public Safety, Student Affairs, Human Resources, or or any public or private outside agencies.

These regulations involve personally identifiable information. Anything non-identifiable—any communication through Columbia web sites or services, including Lionmail email content, and any web browsing, along with the computer’s domain, service provider, operating system, and Internet provider—is not subject to as many restrictions. CUIT can even profit off of its resources: in 2005, for instance, two sociologists bought  a year’s worth of the Cubmail content of over 43,000 students, faculty and staff.

While personally identifiable information is more closely guarded, less about its circulation is known. In the “exceptional or emergency circumstance” in which the OGC authorizes an interception, Flemming said that the Information Security Office (ISO) is aware and involved in executing the action but has no exposure to content.

Neither CUIT nor Hornsby, who represents the OGC, would comment on the frequency or content of such authorizations.