As blog readers will know, we presented a discussion of a cybersecurity approach being pushed by UC that would seem to entail separate devices for UC business on which an "endpoint detection and response" piece of software would be installed.* There are concerns about what would be detected and whether the system that was supposed to provide protection could itself be backed.
Apparently, the systemwide Academic Senate was not convinced and passed the resolution below which had been put on its June 12th agenda by petition:**
ACTION REQUESTED: The Assembly considers approval of the resolution.
RESOLUTION
WHEREAS, academic freedom, privacy, and autonomy are foundational principles upon which the integrity and excellence of scholarship, research, and teaching at the University of California depend;
WHEREAS, the deployment of Trellix monitoring software permits extensive surveillance capabilities, including scanning all accessed and executed files, logging detailed metadata (such as filenames, paths, alleged threat names, and hashes), quarantining files, and potentially uploading files deemed suspicious, thus severely compromising faculty privacy and autonomy;
WHEREAS, Trellix’s predecessor, FireEye, was hacked in 2020 in the SolarWinds cyberattack, which was determined by intelligence agencies to be carried out by Russian state-sponsored hackers and exposed over 250 federal agencies, including the Departments of State, Treasury, Commerce, Energy, and Homeland Security, as well as the National Institutes of Health;
WHEREAS, the data collected from faculty computers through Trellix software could become accessible to government agencies without a warrant, due to Trellix’s membership in the Joint Cyber Defense Collaborative—a joint task force comprising private companies and the federal Cybersecurity and Infrastructure Security Agency—that explicitly engages in “rapid bilateral and multilateral threat information sharing;”
WHEREAS, the unchecked capacity of such software to monitor, upload, and alter files without explicit consent poses a significant threat to intellectual freedom, confidentiality of sensitive research data, and the ethical standards expected within our scholarly community; BE IT THEREFORE RESOLVED, that the Assembly of the Academic Senate of the University of California, demands the immediate suspension of the implementation and use of Trellix or any similarly invasive monitoring software on faculty and researcher computer systems;
BE IT FURTHER RESOLVED, that any future monitoring software considered for deployment must undergo a transparent and inclusive evaluation process involving faculty representation to ensure the safeguarding of privacy, academic freedom, and research integrity.
Source: https://senate.universityofcalifornia.edu/_files/assembly/assembly-agenda-6-12-25.pdf (p. 54).
====
*https://uclafacultyassociation.blogspot.com/2025/06/panel-on-uc-endpoint-detection-and.html.
**Note: The systemwide Senate seems to have had a lot of business put on the agenda by petition. One interpretation of this development would be that the Senate - in its regular processes - has not been especially attuned to faculty concerns. Just saying...
No comments:
Post a Comment