Privacy is fundamental to the University of California, Berkeley. It underpins academic and intellectual freedoms, which are key to the University mission. The UC Electronic Communications Policy (ECP) establishes policy on allowable use and privacy of electronic communications, and also clarifies limits on privacy protections.
Like any other large organization, UC Berkeley sometimes receives requests for account information or access to the content of an account from internal and external entities such as University or external counsel, Audit, Investigations, Human Resources, department management, law enforcement, and federal officials. What do we do when this happens?
The University does not examine or disclose electronic communications records without the holder's consent, except under the limited circumstances defined in the UC Electronic Communications Policy.
CATEGORIES OF REQUESTS
The requests we receive for access to student, faculty, and staff email accounts fall into several categories:
- Consensual: Some access requests have the person's consent. Most consensual access is for legal defense involving active employees.
- Non-consensual: UCB sometimes gets requests from government, law enforcement, or an internal source asking for access regardless of the record holders knowledge or consent. When required by law or UC policy to comply with such a request, we will do so.
- ECP Not Applicable: In this category, when an account holder has separated from the University, or the account does not belong to an individual (such as an automated response inbox for a University business function), consent is not required by the ECP. In these cases, the campus still seeks to maintain the privacy of the community by making relevant persons aware of the need to access a resource and by reviewing only the minimum amount of information necessary to perform a specific action, when feasible.
- System Administrator Access Requests: There are certain instances when system administrators can access an account. Examples include when a user is actively compromised by phishing and the account must be disabled and then re-enabled by the administrator to restore secure service, or when a supervisor requests a vacation message set from a user's account (staff or faculty). If there is a problem with file ownership or permissions, IT Policy allows for administrators to log into an account to change ownership of a file or document. In all these cases, system administrators remain bound by the principle of least perusal -- fixing a technical issue does not open up the content of electronic communication to inspection beyond the minimum necessary to resolve the technical problem at hand. In some cases, system administrators are authorized to access a user's account to delete a message accidentally sent to the wrong person, the reasoning being that the bulk of ownership of a message belongs to the sender, and this type of request is typically initiated by the author of the accidentally transmitted communication.
NON-CONSENSUAL ACCESS PROCESS
The Policy states that the University permits the examination or disclosure of electronic communications records without the consent of the holder of such records only when:
- Required by and consistent with law;
- there is substantiated reason to believe that violations of law or of specific University policies have taken place;
- there are compelling circumstances; or
- under time-dependent, critical operational circumstances.
Requests for Non-Consensual Access require completion of the following approval form: Campus Approval of Non-Consensual Access to Electronic Communication Records (PDF).
The form must be signed by the organizational head of a department or unit. Once the Privacy Office receives the form, we confirm that it meets the standards of the ECP. This means that the reason for access meets one of criteria listed above and access will be "limited to the least perusal of contents and the least action necessary to resolve the situation," also known as "least privileges." Non-consensual access requests must be approved by the Campus Privacy Officer, the AVC-CIO, and sometimes Campus Counsel or Academic Senate Chair. After approvals are obtained, the form is sent to the email administrator for bMail, who manages the requests.
Our Commitment to You
We believe that you should know as much as possible about the requests we receive. That is why we've committed to sharing this Transparency Report and updating it at least every six months.
The data in this document covers formal requests for non-consensual access, as well as requests from those who asked about access, but did not submit a formal request.
Scope of this Report
The scope of this Transparency Report is for all bConnected requests except National Security Letter, or via a subpoena with a gag order. The report is similarly silent on requests that may be being fulfilled outside of the University process, such as vendors being served with National Security Letters or subpoenas subject to gag orders. The University will have no knowledge of requests for information from law enforcement that are delivered directly to vendors, including Google under those terms. We recommend you read Google's Transparency Report for more information on how Google handles these requests.
Information provided in this transparency report does not reflect security monitoring conducted by UC Berkeley's Information Security and Policy team or by the UC Office of the President under the Coordinated Monitoring and Threat Response Initiative. For more information, see the FAQ: Is my email accessed for security monitoring?
Also see the ECP Transparency Report, which includes requests for access to computing devices and other electronic communications not included in the bConnected report.