IN THE MATTER OF THE GRIEVANCE OF PROFESSOR []

To: Principal Heather Munroe-Blum
cc: Professor [], Grievor
     Professor [], Respondent

The Hearing Committee of the Committee on Staff Grievances and Disciplinary Procedures charged with hearing the grievance of Professor [] (Department of [] February [],2008, from [] [] and on [], February [], 2008, from 1[] [] Present were:

The Hearing Committee
Professor [], Chair
Professor []
Professor []

Professor [](Grievor)
[] (Grievor's Advisor)
Professor [] (Respondent)
[], (Respondent's Advisor)
[], Secretary

The Following witnesses gave testimony:

For the Grievor:
[]

For the Respondent:
[]

This Administrative grievance concerns the Respondent's action in accessing a computer file of the Grievor without informing the Grievor. The Grievor considers the action of the Respondent improper and the remedy [] seeks is a determination as to whether the Respondent acted improperly in accessing [] computer file.

Statement of the Grievor

In [] 2007 Professor [] contacted a Montreal newspaper reporter to publicize what [] saw as an affront to academic integrity on the part of the University in an alleged case of plagiarism in one of his courses. Unfortunately, [] disclosed the names of the individuals involved.

Professor [] then detailed particulars of the issue on [] personal McGill-hosted website as well as a chronology of [] efforts to have the University do something about the alleged plagiarism.

In [] 2007, [] contacted a national newspaper reporter and provided the reporter with the URL to [] website.

The national newspaper reporter then contacted the Respondent to request an interview on the subject of student plagiarism and provided the Respondent with the Grievor's website URL.

The Respondent then tried to access the Grievor's website and [] discovered the Grievor had removed the contents of the website and archived them []

The Respondent ordered the System Manager of [] to provide [] with a copy of the contents of the archived files and to keep the request confidential. The Grievor's Advisor stated that they had interpreted the Code of Conduct for Users of McGill Computing Facilities, the Companion Document and the McGill Computing Facilities Management Guidelines as all indicating that the Respondent would have required permission from a Guidance Panel prior to accessing the Grievor's web contents and, as [] did not obtain this permission, the Respondent wrongly accessed the Grievor's file.

Statement of the Respondent

In [] 2007, following a request from a national newspaper reporter, the Respondent said that [] became aware of a website posted by the Grievor in which plagiarism issues at McGill were discussed; in particular the reporter provided the Respondent and the Director of the University Relations Office with the URL of the website.

The Respondent stated that [] action in accessing the Grievor's archived computer file was prompted by [] concern that the Grievor may again have violated student privacy as had previously occurred with the Montreal reporter in [] 2007.

When [] tried to access the website, [] discovered that its contents had been removed. Given the Grievor's past history of violation of students' privacy, the Respondent stated that [] became concerned and believed [] had reasonable grounds to suspect that the site may have contained nominative information relating to and therefore a breach of University policies concerning privacy rights.

The Respondent explained why [] did not advise the Grievor of [] intent to access the file:

1. if [] advised the Grievor of [] intention to access the now archived website contents, the Grievor would make it more difficult to access the website, alter its contents or even render it impossible to access;
2. the contents of the file constituted a public website;
3. a user's file at McGill may be accessed without notification if misconduct is suspected;
4. no file on McGill's computer network is absolutely "private".

[] emphasized that [] had not been aware that a back up file (such as the archived file) could not be deleted by the Grievor; [] had learned of this only during the presentation of the Grievor's advisor.

[] stressed that [] considered [] intention to access the archived file in the light of the policies set out in the Code of Conduct for Users of McGill Computing Facilities, its Companion Document and Management Guidelines and [] sought help from [] to determine if [] action would violate any policies outlined in the above documents. With the advice of [] subsequently confirmed in writing from the [], [] determined that accessing the archived file without the owner's permission would not be in violation of policies and practices. The Respondent confirmed that when [] asked th System Manager to provide him with a copy of the contents of the archived website, [] had advised [] to keep the matter confidential. However, the Respondent explained that at [], [] apoligized to the Grievor for not having informed [] after the fact that [] had accessed [] file and [] reiterated [] apology at the hearing.

[] as a witness on behalf of the Respondent, that the action of the Respondent was indeed not in violation of policy set out in the three documents mentioned above.

The Respondent's Advisor stated that the Respondent sought advice from [] as to [] authority under the rules to access the file without the owner's permission. The Respondent's Advisor drew to the Hearing Committee's attention that the reference to a Guidance Panel in the Management Guidelines is for System Managers and [] as is evident from reading the document. Moreover, the System Manager when required to act on the authority of a senior administrator (who does not have to consult a Guidance Panel) is not obliged to seek permission from a Guidance Panel as [] would were s/he acting on her or his own volition.

The Respondent's Advisor further argued that: a) the file in question was not private since it had been posted as a public website; b) the Grievor's website was unethical since it appears to have been passed off as part of the official McGill University website (using the design of the McGill homepage).

[] also stated that given the Grievor's past history of violation of students' rights and University policies, and the disabling of the website at a critical point in the Respondent's efforts to investigate its contents, the Respondent had every right to suspect misconduct on the part of the Grievor in use of the McGill Computing Facilities, and as had the right, and more importantly, the responsibility to access the file.

The Hearing Committee saw its task as having to determine:

1. did the Respondent have reasonable grounds to suspect the Grievor of misconduct in the use of the McGill Computing Facilities (MCF)?
2. is it ever appropriate to access a file of a user of the MCF without obtaining the user's permission? and, if it is,
3. did the Respondent follow appropriate procedures in accessing the Grievor's file?

In arriving at answers to the above questions, the Hearing Committee examined the case taking into account: the University's mission and the policies and governance that guide its mission; privacy expectations associated with files stored on the MCF; and the Respondent's responsibilities to the University as a member of the upper administration []

Sources used by the Hearing Committee in its task were the Charter of Student Rights, the Code of Conduct for Users of McGill Computing Facilities, its Companion Document, and the McGill Computing Facilities Management Guidelines, and all written and oral material presented by the parties and their witnesses.

In determining if the Respondent had reasonable grounds to suspect the Grievor of misconduct in the use of the MCF, the Hearing Committee examined the role of the MCF in the functioning of the University and the policies that govern the users of the MCF. As stated in the introduction to the Code of Conduct for Users of the McGill Computing Facilities: "McGill Computing Facilities (MCF) are intended to support the academic mission and the administrative functions of the University. This code of conduct states the principles regarding the use of the MCF. They complement and supplement rather than replace other policies concerning appropriate conduct of staff and students." The Companion Document elaborates on this: "the policies and mores controlling acceptable actions at McGill are implicitly extended to cover the use of the MCF." Here we see that all University policies concerning appropriate conduct of staff and students must also be obeyed when using the MCF, in addition of course to those provided in the latter document. Clearly, therefore, any use of the MCF in a manner that would violate any University policy governing the conduct of academic staff would violate correct usage of the MCF.

In [] 2007, when the Respondent was contacted by a national newspaper reporter and provided with the website's URL, the Respondent, given the previous disclosure to the Montreal newspaper, was justifiably concerned that the website might also contain nominative information. When the Respondent discovered that the Grievor had removed its contents, particularly the timing of the disabling, [] fears were enhanced that the site contained something the Grievor did not wish the Respondent to see. The Hearing Committee accepted that the Respondent had reasonable grounds to suspect the Grievor of misconduct in the use of the MCF.

The Respondent indicated that the fact that the website was no longer active did not mean that there was now no danger -- its contents had already been read and possibly even printed out by "the public". The Respondent said that [] needed to know what the public knew.

The question may be asked as to why the Respondent did not ask the Grievor for a copy of the contents of the (disabled) website. Based on material submitted by [], the Respondent claimed [] was concerned that the Grievor would alter the contents or simply destroy the contents altogether, if [] were to make such a request. The Hearing Committee accepted that the explanation was plausible as it appeared that an atmosphere of mistrust had developed by then between the Respondent and the Grievor. In determining if it is ever appropriate to access a file of a user of the MCF without obtaining the user's permission, the Hearing Committee was guided by Section 9 of the Code of Conduct for Users of the McGill Computing Facilities: "Users have a right to privacy. The level of privacy does not exceed however that of reasonable expectation.... Users should further recognize that, as specified in the relevant administrative policies at McGill, authorized McGill personnel have the obligation to take reasonable and appropriate steps to ensure the integrity of MCF and to ensure that the code is observed". The Hearing Committee agreed that it is unreasonable in certain cases to expect privacy, i.e. a file not to be accessed without the owner's permission. The right to privacy is premised on compliance with the Code itself and on compliance with all other McGill policies also when using the MCF. Failure to comply would therefore negate any privileges specified in the Code. An analogy can be made to the common and accepted practice of the University accessing users' files without the users' permission when the University is at risk of legal liability due to suspected financial misconduct on the part of the users. Thus, there is an example of an accepted practice in the University of routinely accessing files without the owner's permission in a particular type of circumstance and the motivation to access the Grievor's file in this hearing is no different -- the University was, or might have been, at risk.

In determining if appropriate procedures were followed in accessing the Grievor's file, the Hearing Committee was guided mostly by the contents of the McGill Computing Facilities Management Guidelines. Section 1.1 of the document essentially describes how the management is comprised:

1. "... system managers", "sysops", "systems programmers", "operators", "network managers", "hardware and software support and repair personnel", stating that "all such people are referred to in the document as "System Managers,... " and
2. "... University administrators to whom such people report (Deans, Directors, Chairs, V.P.'s)."

Section 1.2 states that there is a hierarchy in the management, which begins with the Principal at the top and descends downward to the V.P.'s, next to the Deans, next to the Directors and Chairs and finally to the System Managers. The Hearing Committee interprets hierarchy as having its usual meaning, i.e. a person at a given position in the hierarchy has the power to authorize an action to be taken by or against a person further down the chain but not above.

Section 2.1.4 states that "System Managers must respect privacy as specified in the MCF Code of Conduct unless otherwise allowed by this policy. Under normal conditions, access to user data other than for backup and routine maintenance must be only with the explicit approval of the owner". The Hearing Committee has hitherto presented its conclusion that conditions were not normal, i.e. there were reasonable grounds to believe that the Code of Conduct may have been violated.

Section 2.1.3 states that the management must "Take reasonable steps to ensure that users do not act in violation of the Code of Conduct", The person in management who became aware of the possible violation of the Code of Conduct (by the Grievor) was the Respondent, with authority and responsibility [] in the University Administrator's component of the management hierarchy. In the Management Guidelines II document, there is no clause suggesting the Respondent would need authorization from : further up in the management hierarchy in order to access the Grievor's file in question. Indeed the Management Guidelines, particularly section 2.1.3, would suggest that [] was obliged to initiate an investigation of the file in this situation. Moreover, the Respondent needed help from the System Manager, in this case, to access the file.

Section 3.1 states that "... System Managers are empowered to take certain actions. As described in the sections that follow, these actions generally can be taken under certain circumstances and with due regard to the MCF users as a whole and individual users". The "sections that follow" (i.e. 3.2, 3.3, 3.3.1,3.3.2,3.3.3,3.3.4,3.3.5,3.3.6 and 3.3.7) are therefore, according to the document, for System Managers taking action on their own volition. A Guidance Panel is mentioned in 3.2, 3.3.5 and 3.3.6, and since these sections pertain to System Managers acting on their own volition, the Guidance Panel applies to System Managers acting on their own volition. This is further substantiated in 4.1 which states that "A guidance panel will exist to rule on the appropriateness of actions taken by System Managers." There appears to be no evidence in the document that actions of anybody other than those of a System Manager acting of his own volition require approval of a Guidance Panel, and indeed if a System Manager were acting of her or his own volition s/he may obtain approval for her or his action from a person further up in the hierarchy (3.2, 3.3.4, 3.3.5) rather than from a Guidance Panel.

The key point is that the action in this case was taken by the Respondent, who was and is a member of the upper administration and from the reading of the contents of the "Management Guidelines" clearly did not require approval of a Guidance Panel, and the System Manager, acting on the orders of an upper administrator and not of [] own volition, did not require approval of a Guidance Panel.

The Hearing Committee concluded that the Respondent's action was in accordance with University Policy (approved by Senate and the Board of Governors). The Hearing Committee, additionally, strongly suggests that a revision of the current Code governing the use of the MCF be undertaken immediately. The members believed that the technological advances made since the enactment of the current Policy in 1994 more than warrant this action.

On behalf of the Senate Committee on
Staff Grievances and Disciplinary Procedures

[], Chair
March 11, 2008