WiFi data surveillance: A threat to students’ privacy rights

Niko Malhotra

Last month, Dean of the College Marlene Sandstrom and Director of Campus Safety and Security (CSS) Dave Boyer revealed that they used WiFi data during the College’s investigation of the Feb. 26 Wood House party to track down those that attended the gathering. In doing so, the administration undermined the collective privacy rights of Williams students by abusing its power over WiFi data. This investigative overreach raises important concerns about the state of students’ privacy rights at the College and how the administration and CSS sought out the students who attended the large gathering. 

The first question students and community members should ask is: Why did Sandstrom and Boyer take over a month to reveal this information even though they were pressed by the Record at the time of the investigation? Their lack of transparency reveals the potentially insufficient justification and flawed basis for this breach of student privacy rights. When students use College WiFi, they expect a reasonable level of privacy. However, when the administration and CSS use WiFi access to track students’ locations, they threaten students’ autonomy and sense of personal safety. The College’s campus should not be converted into a surveillance state where students feel like they are being constantly watched or monitored through their use of personal technology. By accessing the WiFi data of potential Wood partygoers, the administration and CSS eroded the fundamental trust between themselves and the students, threatening cooperation on issues important to campus safety and public health. 

This sets a troubling precedent for future abuse of student privacy rights. It is entirely unclear whether the broad usage of WiFi data will be limited to tracking large gatherings in the COVID era or whether the data will be potentially utilized to identify students who commit other infractions such as vandalism or trespassing into closed campus buildings. The administration has not laid out the parameters for its usage of this power, and this uncertainty should worry all students who value their privacy rights on campus. Students intent on breaking the rules will likely now just turn off their WiFi when attending illicit gatherings, but students’ privacy rights will remain fundamentally challenged if they cannot assure their personal freedom and autonomy without undue interference from the administration and CSS.

The Office for Information Technology (OIT) has written privacy policy guidelines which state that “OIT respects and protects your privacy, but may be required to release information if we receive a legal subpoena or we are contacted by Senior Staff that you have violated College policy.” In both of these exceptions, there must be a pre-established suspicion of wrongdoing directed at specific individuals. Yet during the Wood investigation, CSS and the administration did not know the identities of those who attended and used WiFi data to seek out these individuals in direct contrast to when there is an established reasonable suspicion of wrongdoing as laid out in the OIT policy. 

Additionally, OIT’s policy on Emergency Access of Information says that the College can access information on College systems in exceptions that “may be required based on legal action (such as a court order), may involve the health and/or safety of an individual or group, or be prompted by urgent college business needs.” The potential COVID health consequences of the Wood gathering served as the justification for accessing WiFi data, but this data was not used for identifying individuals for potential quarantine or extra COVID testing. Rather it was used to enforce disciplinary consequences and the removal of students from campus. If the Wood gathering was truly an urgent health emergency, the WiFi data would be utilized for containing a possible outbreak rather than sending home over one hundred students, potentially seeding multiple outbreaks across the nation. 

CSS and the administration’s approach to the usage of WiFi was also applied in an inconsistent manner between the Wood and Gladden gatherings. While the potential for public health consequences was a reason for the emergency access of OIT data during the Wood situation, WiFi data was not accessed at the Gladden gathering even though there was at least one documented positive case, and it could have potentially identified close contacts who did not voluntarily come forward. This absence of WiFi data usage during a clear public health situation at Gladden demonstrates that the administration was intent on using WiFi data to punish students rather than to protect the public health of the campus community. The clear contrast between these two situations erodes the administration’s justification for accessing WiFi data and reveals how they stretched and abused OIT privacy policies during the Wood investigation. 

We cannot fall into the trap of thinking that only people breaking the rules should be concerned about the College’s use of WiFi data. This is not merely an investigative tool, but rather an attack on our basic collective privacy rights. Students must not trade freedom and privacy for security solely because of the unique circumstances of the pandemic, for we may never regain this important right. Therefore, it is essential that students demand change and transparency from the administration to limit the use of WiFi data for disciplinary purposes and bolster OIT privacy policies. Students cannot live in perpetual fear. We have the power to advocate for the fundamental freedoms integral to our role as responsible community members.

Niko Malhotra ’24 is from Falmouth, Maine.