Educational privacy law can penalize institutions who negligently or intentionally transmit their students’ records.
The student’s father, James C. Wang, said that he had not heard about the message that circulated and that Harvard had not contacted him to inform him of the accidental leak.
“I didn’t know anything about that,” he said.
After The Crimson sent him a copy of the e-mail, Wang, who has been a practicing doctor in California for almost two decades, wrote that he was concerned about the apparent lack of privacy and compared the situation to a breach of medical privacy.
“Technology is a double-edge sword. Most of physicians in this country don’t e-mail their patients because of concern of privacy leakage,” wrote Wang. “However, if indeed there is a violation of privacy, patients have the right to be informed by their service providers.”
Fox said he had not heard of any previous comparable instances of this at Harvard, and that there was not an inherent problem with using e-mail to correspond about confidential student data.
“The matter of computer security is not my responsibility, that’s [Director of Harvard Arts and Sciences Computer Services (HASCS)] Frank Steen’s responsibility,” he said. “I’ve never heard it suggested that we should not use e-mail to discuss student matters. It would be a major change if that were decided.”
Steen said that his department reacted quickly to the Bugbear virus, posting an announcement on their website and updating the virus definitions for the anti-virus software that all FAS affiliates are encouraged to install, and that the actual number of computers infected was minimal.
“The Bugbear virus, what I can gather from around campus, affected a minimum number of machines here; it was pretty small,” he said. “What was more disturbing, I would say, is that people were getting e-mails from others that looked like they were sort of private correspondence.”
But he said the number of e-mails was minimal. “I haven’t heard a lot of reports and I would have heard something if it was a lot,” he said.
In addition, most administrators in University Hall—including Kirby and Fox—use Macs and receive special security attention from HASCS.
“The University Hall machines have gone through a process of checking, they have a person over there who has worked through this with us on how they were used,” Steen said.
Steen said the Bugbear e-mails most likely came from machines belonging to deans’ assistants, many of whom use PCs.
He also said he would continue reviewing computer security policies.
“There’s going to be more discussion about what should and shouldn’t be sent over e-mail,” he said. “There’s common sense but there really ought to be some written comment to help guide people. There are guidelines in place and I think they need to be looked at in various offices that handle sensitive material.”
One other Bugbear-induced e-mail leak involving University Hall contained a note to Kirby from Harvard Magazine editor John Rosenberg. Rosenberg joked that Kirby had not done enough in a Lexington ballot initiative to raise property taxes for education. “I think you did not vote often enough; nor did I,” Rosenberg wrote. “We lost, 51.6%-48.4%…Layoffs are to begin almost immediately.”
In an e-mail, outgoing Dean of the College Harry R. Lewis ’68 offered his advice as a computer science professor: “Use a Mac. There are too few of them for people to bother writing viruses for!”
—Staff writer J. Hale Russell can be reached at jrussell@fas.harvard.edu.