http://www.splc.org/newsflash.asp?id=1621 By Moriah Balingit SPLC staff writer Copyright 2007 Student Press Law Center October 5, 2007 OREGON -- When Western Oregon University student journalist Blair Loving opened up a mysteriously placed file on the university's public server last June, he thought he would find information about the College of Education. Instead, he uncovered a file containing the names, Social Security numbers, grade point averages and other sensitive information of former students. Loving's decision to download the file so that the campus newspaper, the Western Oregon Journal, could report on the security breach nearly ended his tenure as a student and led to the dismissal of the paper's adviser, Susan Wickstrom, for allegedly mishandling a copy of the file and for failing to advise the students about the university's computer policies. Loving learned at a disciplinary hearing Sept. 28 that he would not be expelled, but the infraction will remain on his record. Wickstrom was informed in August that her contract would not be renewed. "I worked there for seven years ...and I really feel like I had an excellent relationship with the students," Wickstrom said. "So I was really shocked and stunned to not have my contract renewed." Additionally, during the course of the university's investigation into the breach, computer technicians conducted a nighttime search of newsroom computers without informing newsroom staff, a move that has angered Wickstrom and other press advocates. Stumbling on a story Loving said he discovered the file while in the library on June 6, the Wednesday before finals week. He took it to Editor in Chief Gerry Blakney, who copied the information onto a disc and gave it to Wickstrom. Blakney and Loving then reported the breach to the university, which launched an investigation. Vice President for Student Affairs Gary Dukes said the students whose information was in the file were informed immediately. He added that the file got out onto the server as the result of a "mechanics issue." Though the paper's final publication date had already passed, editors at the Journal decided that the story was too important to hold until the following school year. So the week after Loving discovered the file, the paper published a four-page special edition with an article that detailed Loving's discovery of the security breach. The article did not include any student's private information. The paper also reported that the university was pursuing disciplinary action against Loving for violating the university's computer policy. During the course of the university's investigation, the director of University Computing informed Wickstrom that computer technicians had been let into the newsroom after hours to search newsroom computers. She was outraged. Neither she nor anyone on staff had been consulted or informed that the search was going to occur, she said. "Nobody knew about it," she said. "I feel like the newsroom should have been protected by federal and state law." Legal protections Duane Bosworth, a Portland, Ore.-based attorney who specializes in media law, said Oregon has the broadest shield law in the nation, which heavily restricts when law enforcement can perform searches of newsrooms. The federal Privacy Protection Act provides similar protection. "It's protective of all unpublished information period ... and it goes without saying that it includes information on computers," he said. "People think they can just barge into any sort of student setting." Professor Kyu Ho Youm, a communication law professor at the University of Oregon School of Journalism and Communication, said the physical intrusion of university administrators could create a "chilling effect." "The university administrators should give the students the benefit of the doubt instead of sending someone to search the newsroom without any sort of warning," he said. University reaction Two months after the university's investigation into the breach, university officials informed Wickstrom that her contract would not be renewed. In a letter addressed to Wickstrom, Dukes cited her failure to remind students of computer policies and mishandling of the disc that contained the information as reasons for her dismissal. The letter said that she left the disc in her unlocked office and later allowed it to be taken off campus. Loving was found in violation of the university's policy regarding computer use, which prohibits "accessing clearly confidential files that may be inadvertently publicly readable." After a disciplinary hearing on Sept. 28, Loving told The Oregonian that he would not be expelled, but he has to publish an article in the Journal about the importance of computer policies and create a proposal to help students understand the computer policy. Dukes said the newspaper would not be compelled to publish the article that Loving writes. When Loving was contacted by the Student Press Law Center, he said his attorney asked him not to comment. Wickstrom called the punishment "Soviet" and said she felt the university was overreacting, especially since Loving informed the university of the breach so promptly. "I feel that the university was fortunate that the person who opened [the file] told them right away rather than using the identities to buy meth," she said. But Dukes said that students are not supposed to download files containing confidential information, even if they accidentally make it onto the public server. "It's a violation to download information that you're not supposed to have access to," he said. "That's the bottom line and that's the issue." Although Dukes could not comment on Wickstrom's case directly, he said that if a newspaper adviser became aware that a student journalist possessed a file that contained confidential information, the adviser should "be informing those students of the policy ...and advise them to be getting rid of that file or turn it over." Wickstrom said she had about an average knowledge of university policy. But knowing the policy better would not have changed her actions, she said. "I thought my major responsibility was to protect the students' right to gather information and their responsibility to seek the truth even if it revealed a university weakness," she said. "I didn't think that the information was in danger of being leaked from our newsroom or anything like that." College Media Advisers and the Society of Professional Journalists have launched investigations into Wickstrom's dismissal. "It's just shocking," said Kathy Lawrence, the CMA's chairwoman of adviser advocacy. "As far as I can tell all she did was act like an adviser." __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Mon Oct 08 2007 - 01:26:03 PDT