Faculty senators raised concerns Friday about decisions that led officials to track community members’ locations without notifying them, revealing new details about the data collected throughout the fall using GW’s 6,000 Wi-Fi access points.
A Faculty Senate subcommittee leading the senate’s response said they couldn’t ascertain many details about the data collection effort, calling it an “extremely intrusive” initiative that provided “little” value. Faculty senators lauded transparency from Provost Chris Bracey and interim University President Mark Wrighton, who apologized earlier this month after becoming aware of the now-ended pilot project, but senators lambasted the lack of notice in the fall, with some viewing it as a mismatch between the academic and financial arms of the University.
Eric Grynaviski, the chair of the technology subcommittee of the senate’s educational policy and technology committee, told senators Friday that GW Information Technology conducted the project through a free trial with higher education software company Degree Analytics.
Grynaviski and other senators pinned the blame on GW’s hierarchy, noting that GWIT and the University’s data privacy and ethics office – which was launched in February 2019 – both fall under the purview of Chief Financial Officer Mark Diaz. It remains unclear if the data privacy office was aware of the project, and a University spokesperson has declined to comment on its involvement.
“It’s just been a puzzle to us to try to figure out why issues of compliance or the ethical obligations to notify people when you collect personal information about them, how this got through the process and then became like a semester-long secret program,” Grynaviski told senators. “We’re still just puzzled about this and we haven’t been able to find out sufficient information.”
Diaz did not immediately return a request for comment through a spokesperson.
Wrighton was not at GW during the pilot but said he learned about it from Bracey, who became aware of the initiative in January.
“We were overwhelmed and somewhat awed by the commitment to transparency and collaboration expressed by the president and provost as well as their concerns for students and their well-being,” Grynaviski said in an email after Friday’s senate meeting. “It is a wonderful sign for the future of GW. [Chief Technology Officer] Jared Johnson and his staff also went out of their way to answer hours of questions and make themselves available for followups.”
The subcommittee examined other schools’ IT structures, finding in its report that universities are “increasingly” forming executive committees with representatives from the provost’s, IT and president’s offices to discuss major decisions. But Grynaviski said GW is an outlier in its technology hierarchy with limited input from the University’s academic side.
“There’s no coordinated or organized infrastructure that would allow for the detection of problems or discussions about the usefulness of programs or for making sure that the educational or research mission of the University is guiding the technology enterprise,” Grynaviski said.
Officials reorganized GW’s technology offices in 2020 as part of efforts to cut costs during the pandemic and shift administrative functions to a shared-services model. Some technology functions previously managed through Libraries and Academic Innovation or individual schools – which both fall under the provost’s purview – were consolidated under Diaz, the CFO.
“If you asked me as someone who’s been actively involved in the IT effort for over 40 years at GW, this really started with the decision to shift academic IT out from under the provost and over to the shop of the CFO,” Phil Wirtz, a faculty senator and former chair of the senate’s education policy and technology committee, said.
Diaz and faculty have shared an adversarial relationship since his arrival at GW in 2018. Faculty mentioned Diaz 62 times in their responses to last year’s faculty-wide survey on University leadership but none did so in a positive light.
Jamie Cohen-Cole, a faculty senator and associate professor of American studies, introduced a resolution Friday that was referred to committee in response to the incident.
Grynaviski raised concerns about tables containing billions of timestamped data points with users’ individualized locations, device names and descriptors like gender, residence hall, dining plan type and if they were involved in Greek life.
“For the most part, it didn’t reveal anything that people would be surprised by – that students leave, for instance, on Thanksgiving,” he said.
Harald Griesshammer, a member of the education policy and technology committee and an associate professor of physics, called officials’ handling of the data “several momentous failures of judgment.” He said there was a “complete disconnect” between the University’s financial and academic arms, adding that multiple departments structured under the provost had declined to use the data.
“The registrar’s office declined and said the data is not useful, the libraries declined and said the data is not useful and added that collection of this data was unethical, several deans were furious when they found out about this effort,” Griesshammer said. “So everybody on the academic side was immediately noticing how damaging that was and how fraught this was.”
Grynaviski said officials identified a group of six people to determine how best to use the data but they had “difficulty doing so,” he said.
“There were costs to privacy, and these probably outweighed any gains to operations,” he said. “And we know that simply because there were no operational gains that were identified, at least to us.”
Grynaviski cautioned that he was not necessarily alleging “ill intent” by officials but said students may not want electronic location logs of their visits to counseling or the health center. The risks extend to prospective employees interviewing for positions at GW under the promise of confidentiality or people who participate in clinical research, he said.
Degree Analytics, the company GW partnered with to collect the data, published two statements last week that did not directly mention the project at GW but encouraged higher education leaders to better inform them on the nature of the data they collect and how it is used. GW’s own privacy policy states that any party acting on behalf of GW processing data from the community must make a privacy notice available.
Grynaviski noted that Degree Analytics has a privacy notice that recommends universities maintain transparency when they conduct such data collection efforts.
“It says that the University should clearly identify how student location data will be used to improve campus experiences, identify what data will not be used, provide an opportunity for opt outs and provide an opportunity for feedback for more information,” Grynaviski said. “And the University didn’t follow any of these principles.”
Erika Filter, Nikki Ghaemi, Caitlin Kitson, Ishani Chettri, Zachary Blackburn and Nicholas Pasion contributed reporting.