A Plea for Privacy

With the introduction of electronic access cards in 1992, it became possible for the administration to track electronically every keycard swipe made at the University. In the split second between swiping your card at a dorm entrance, vending machine or library photocopier and getting a pleasing green light, your ID is checked against records, and the time and location of your swipe is recorded. Of course, the records are kept confidential, and unless the Harvard Police or Ad Board has good reason to believe that you've broken a major rule or committed a crime, nobody will ever know that you swiped into someone else's dorm that night you'd rather forget.

Were anybody to suggest that the date be publically accessible, there would be, no doubt, a huge outcry from the student body. What right does anybody have to know where you've been in the past week, where you visit or what dining hall you eat at?

If you check your e-mail by telnet-ing into the Harvard Computer system (, where and when you checked becomes public knowledge for about a week (the records are cleared at 3.00 a.m. every Monday). If you check your e-mail from someone else's room, that person's name is listed; otherwise a quick glance will tell you which building the terminal was in.

Most people at Harvard know that you can "finger" someone to see when they were last logged on. Many also know that you can type "nofinger" at the prompt to disable this information, and many have decided to do so. What many people don't know (but your average CS50 graduate can tell you) is that this does nothing to deter someone who wishes to know where you last logged on. The command "last " will list without complaint the whereabouts of any student who regularly checks e-mail from a terminal in the past week. The command "finger | grep " (or, "who | grep " will supply the data that "nofinger" is supposed to disable.

These commands are widely known and used by computer literate students at Harvard. I e-mailed the Harvard Computer Security Group about this last year, and received a terse reply that should I feel that someone is invading my privacy, I should consult my Senior Tutor.

Leaving aside that fact that I can't know who has "finger"ed or "last"ed me and thus have no basis for complaint, the idea that privacy should be protected only when someone feels in personal danger is rubbish. They also remarked that to disable the "last" command, or the "finger | grep " loophole would "significantly reduce the functionality of the computer systems". This is also rubbish, again as any CS50 graduate can tell you: a few keystrokes will remove the last command from/usr/bin or make is accessible only to the administration.

You may have thought little about the enormous amounts of data that are collected and made public to the school about you, and you may not be bothered by the fact since you feel you have nothing to hide. But do you send all your mail on postcards? Conduct all your telephone conversations on speakerphone? Leave a note on the door when you leave your room giving your exact destination? Of course not. We all have a reasonable expectation of privacy on campus, a privacy that in most other respects is kept sacred.


Some people find finger a useful tool; those in the know use it to "talk" friends across campus, to see if someone's read their mail or just to keep tabs on their friends. Some people have what the computer literate refer to as a "stalk script" to let them know when their friends are logged on. That's fine, but the choice to make that information public should be the student's and not the University's. To protect the computer illiterate (an endangered, Luddite few), incoming first-year accounts should all be set inaccessible unless explicitly changed by the user.

I suggest that "finger" provide only a person's real name, his or her ".plan" file and where the person is logged on only if the person is currently at the terminal. Computer stalking is, unfortunately, not rare. I know at least three students who have felt that someone was keeping track of their movements with commands such as "last," "who" and "finger," but felt that they had insufficient grounds for a formal complaint to the administration. And there is a growing risk as e-mail becomes ever more prevalent that the information found with these seemingly innocuous commands be used in a crime, whether it be theft or sexual assault.

Harvard Security right now has a very limited ability to respond to computer stalking, since valid and not valid uses are indistinguishable by automatic checks. Please e-mail Harvard Computer Security ( and ask them why they haven't followed the lead of many other campuses including Cornell and Brown (which display only a person's address, telephone number and ".plan" file when you finger them) in disabling or altering UNIX commands to protect the privacy of Harvard students. Even if the expectation of privacy in the real world is diminishing every day, let us take a small stand for the antiquated notion that nobody should be able to figure out where you are and when.

Simon J. DeDeo '99 is an astronomy and astrophysics concentrator Mather House

Recommended Articles