AIM conversations can be read by schools. . .legal?

How far are private institutions (i.e. Liberty Univesity) allowed to go into the lives/conversations of it’s students? My friend was called into the Dean of Womens office b/c her AIM conversations with me were “unaccectable” and “lewd”. So is it really allowed for the IT guys at that school to be reading the conversations on AIM, much less even being able to read them? Is there a way around it?

Sure, it’s allowed. It’s their network and they have the right to do whatever they want with it. Normally there are guidelines about what they will monitor, but ultimately, they can do what they want.

Actually, it may not even have been IT. If a second student saw the messages over the shoulder of your friend, they could report her under their sexual harassment guidelines. And once reported, IT has an obligation to check out the charges.

There’s an easy way around it: don’t send lewd messages.

darn it all

Was this on one of the school’s computers (in like a computer lab or something) or was she using her own computer in her dorm room?

This was her own computer that i built for her.

The university is well within their rights to monitor traffic on their network. If they installed some sort of spyware on her machine itself, you might have a case for invasion of privacy but they almost certainly did not do that. It’s likely they simply monitored traffic on the network they own.

IANAL, but I am a network security guy and privacy advocate. IMO, if you use unsecured communications on someone else’s network, you have no expectation of privacy.

Something similar happened to me and a friend a while back. We were using email, and had an on-going flamewar raging for several weeks. We were still friends, but whenever we sat down at a computer each of us came up with a couple new and creative insults and emailed them to the other person. We didn’t think anyone would ever see them.

However, apparently the people in the Computer Services Division (CSD) had nothing better to do than to read other people’s email, and when they found ours they told the chair of our department (Math, Statistics & Computer Science), who promised them that he’d discipline us.

He proceeded to give us a two hour lecture on the use of encryption. It was great. By the end of his talk, we had our email apps set up to use PGP, and so we could continue our flamewar without CSD being able to read a word of it.

To that end, go get Trillian Basic ( ) for both you and her. It has a “SecureIM” feature that, when enabled, will encrypt your IM conversation and thus prevent bored IT assholes from reading your personal and private communications.

That is, if you’re both using Windows. I know that there are some encryption plugins for Gaim on the Linux side of things, but I don’t know of anything universal just yet.

I’ll also reccomend Zone Lab’s IMSecure

I’ve used it and it’s REALLY good…almost invisible to you if you set it up right. The free version works fine. the features it’s “missing” are minimal.

trillian is cool, but I just never got the “swing” of the interface. I LIKE AIM’s interface…IMSecure lets me keep it.

Both you and your friend will need it installed for it to protect you.

The only potential downside of that is that the university may take exception to your encrypted AIM traffic - they may not be able to read it, but may still make attempts to block it (I am not sure what the logistics are of identifying encrypted AIM messages would be, however).

It’s vaguely similar to company staff who think they can surf at leisure using anonymiser services; an IT department may take the use of anonymisers just as seriously as looking at the sites without concealment. It’s probably worth checking your institution or employers’ IT policies for acceptable usage.

The lastest version of AIM also supports encryption.

Looks like you have a purchase a Verisign ticket to use AIM’s encryption. That’s unfortunate.

What about phone conversations that are carried out on the dormroom phones? Are those allowed to be monitored even though she bought her own cordless phone?

This seems to be an egregious invasion of privacy to me. I can’t imagine how they could justify reading her personal communications…would they open and read her regular, “snail” mail, too? I can see if she was using a school computer, or accessing forbidden internet sites, but email and instant messages? I can’t say I’m surprised that a school like “Liberty” University (how ironic) would do this, but it sems to me that there should be limits as to how much IT departments can pry. In some Christian schools, just being gay will get you expelled. Imagine being outed to your family and being expelled just for a stupid email or something. This seriously is treading upon free speech territory, if you ask me.

It may be her computer, but it’s the school’s network. They have every right to monitor it to whatever degeree they see fit. No doubt, she and all other students signed a form to this effect. Sorry you don’t like it, but that’s the way it is. The same is true for companies that allow their employees to have internet acess. It’s no diferent. has a free encryption deal for use with the latest AIM.

A key legal principle in the US is “expectation of privacy”. If you put up a billboard, you can expect others to read it and you must assume responsibility for what ensues. Phone conversations do have such an expectation. Hence laws on phone tapping. (But note that your employer can still listen in on your phone calls from work “for quality control” if they tell you ahead of time. Your expectation of privacy has been voided by such a statement.)

Regarding email, IM and such, non-computer people are very naive about how little (read “none”) privacy these communications have. They are not all that different from billboards. So the expectation of privacy is small. Courts seem to be ruling along these lines.


I would argue that it is very different. At work, your employer is supplying the computer, etc. and paying you to work. In colleges, you pay and live at the school. What legitimate interest is their for a college to spy on its students? On the other hand, I can easily see why an employer might want to control such activities.

Why doesn’t such an “expectation of privacy” apply to emails? And especially IMs? I had no idea someone could see the IM messages sent across a network.

My opinion is that the school has every right to monitor network traffic…my concern is the extent to which they apparently do so.

Well, to take an extreme case. suppose an Arabic student is sharing his newly-learned knowledge of chemical warfare, due to his studies at this university, with his buddy Achmed, who then goes on to build a nerve gas bomb that kills tens of thousands. If this fact is later discovered, do you not think the university could be held partly responsible?

I can say as a system admin/analyst the ONLY time I was ever called into investigate was if someone complained. Our software had monitors that looked for certain things but we never took the time to review them.

This is no different than reading people’s snail mail, or listening in on their phone conversations. Does the post office have the right to open your mail at random? No. Does the Phone company have the right to listen in on your phone calls? No. So the " it’s their system" arguement holds no water by precedent.

If thay had a warrant, then that’s another matter entirely.

For now, just get an ecrypted IM like trillian like other’s have suggested.