Davidson’s Technology and Innovation Department (T&I) has updated its technology policies, with significant revisions to its Access to Electronic Communications and Files Policy. These updates, the first since 2018, were the result of a routine review of college policies on technology services. The policy now clarifies specific capabilities of T&I and administrators when it comes to accessing student data. In the case of emergency situations, this includes extension of legal access to communications and files.
Community members received an email from T&I on September 16 inviting students and staff to “provide feedback on new and updated technology policies.” The public comment period came to a close on October 7.
These updates reflect an effort to notify community members of how their data is being interacted with. “This policy seeks to inform the campus community of the college’s right to inspect any electronic communication or file created, viewed, transmitted, recorded, stored, or posted with any Davidson College Electronic Resource,” the policy states.
In addition to minor language changes, such as replacing the term “cellular phone” with “mobile phone,” the updated policy includes three major changes.
The first is that it includes formal definitions for “monitoring” and “inspection.” Kevin Davis, Chief Information Officer at Davidson, said that the establishment of these definitions is more a matter of semantics than actual change.
“[Monitoring and inspection were] used but not defined in the current policy,” Davis said.
Second, it allows for extended legal access to communications and files in certain urgent or emergency situations. To mitigate delays in administrative approval, the number of administrators needed to approve inspection of electronic communications and files drops from four to two. Additionally, the President can substitute for any one of the administrators listed in the policy.
“[These conditions] make improvements to some of the administrative steps in the processes around approvals for the rare cases when data inspection occurs,” Davis said.
The updated policy also includes two additional technology services in which “administrative inspection is pre-authorized for certain routine or time-sensitive activities,” namely, campus security camera recordings and door access records/CatCard usage, as stated in the policy.
Murtaza Nikzad ‘27, President of Hack@Davidson, explained that this policy is a means of acknowledging pre-existing T&I protocols and administrators’ ability to access students’ data.
“In simple terms, this is basically saying that we have this protocol, and we just want to acknowledge that our protocol is very privacy invasive, in a way, because it says that you cannot expect privacy whenever you’re using any Davidson computers, or when you’re using the network from Davidson College,” Nikzad said.
Nikzad also clarified the definitions of “monitoring” and “inspection.”
“In monitoring […] what they mainly try to do is review metadata about the contents of an electronic communication, and they don’t actually check the data,” Nikzad said.
“If you send one email or one file from one Davidson computer to another, they look at the date it has been sent and the file name and the people who have sent it to each other, but they don’t actually look at the content. But inspection is when they actually look at the context and also the content of the files.”
The policy explains that while Davidson has the right to always monitor communications and files “to ensure the proper functioning of a technology service,” inspection can only occur with the approval of four different people: The Chief Human Resources Officer (Katie Germana) or Vice President of Student Life (Marquita Barker), the Chief Information Officer (Kevin Davis), the General Counsel (Sarah Phillips), and the appropriate vice president or division head for cases involving employees.
According to Davis, cases in which data inspection is necessary are “rare.”
“I do not expect this policy to have a material change or impact on student life,” Davis said, as the updates are mainly related to defining already-used terms and responses to emergency situations.
Computer Science major Jessie Carr ‘28 understands the need for the policy.
“After reading the policy, my immediate thoughts were ‘Wow, Davidson really got access to anything and everything,’’’ Carr said. “But after thinking about it for some time I get why. At the end of the day, colleges, universities, and higher education as a whole are businesses. In order to maintain a business, you have to be able to control the controllables and technology is one of, if not the most common, controllable.”
Despite his understanding, Carr still had reservations about the policy. “One thing that does concern me though is when Davidson feels the need to access and inspect their tech services. They use the phrase ‘legitimate business interest or need’ as an indicator, but that’ll always be a grey area, no matter how many examples they put,” Carr said.
Ultimately, students viewed the policy as a reminder of the seemingly absent relationship between privacy and technology.
“Overall, the policy makes sense and I’m not greatly surprised by it, but it definitely made me reflect on the concept of privacy and how internet or technology privacy never truly exists,” Carr said. “There’s always going to be something of yours that’s going to be ‘out there.’”
“For students, I just want to say that they shouldn’t expect any privacy,” Nikzad concluded. “Whenever they’re using Davidson devices or the Davidson network, they will be monitored.”
The current policy (not updated) can be viewed here. The updated policy is available here. The other updated documents, including the new AI policy, are available here.
