In 2002, the Stanford Student Computer and Network Privacy Project (SSCNPP) conducted a study examining student privacy issues at Stanford. The study examined how federal laws such as the Electronic Communications Privacy Act (ECPA) and Family Educational Rights and Privacy Act (FERPA), along with institutional policies such as Stanford’s Principles of Privacy and Stanford’s Computer and Network Usage Policy together impacted student privacy on campus. Their recommendation was that these documents needed to be updated to protect student privacy and that the information contained within these documents should be better propagated to educate students about their privacy. Despite making these recommendations nearly ten years ago, Stanford’s policy has changed very little to reflect the study’s findings.
Perhaps most disconcerting, the group found that it was possible using university-sanctioned programs such as Stanford Who to access such private student information as home and school street address, class schedule, e-mail activity logs, and physical location if the user was accessing a cluster computer. They raised concerns in the ambiguity of terms in both FERPA and ECPA that could be interpreted in such a way that was harmful to student privacy. As far as university policy, there were also concerns raised regarding system administrator power and the university’s Principles of Privacy, which has yet to be updated since 1984.