Univ. of California Faculty Push Back Against Big Brother Cybersecurity Mandate

Posted2 months agoActive2 months ago

bikenaga

22 points

8 comments

science.orgTechstory

heatednegative

Debate

40/100

CybersecurityUniversity PoliticsSurveillanceData Security

Key topics

Cybersecurity

University Politics

Surveillance

Data Security

University of California faculty are resisting a new cybersecurity mandate that they see as overly intrusive and threatening academic freedom, sparking debate about the balance between security and autonomy.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

32m

Peak period

30-32h

Avg / period

1.6

Key moments

01Story posted
Oct 24, 2025 at 1:46 PM EDT
2 months ago
Step 01
02First comment
Oct 24, 2025 at 2:18 PM EDT
32m after posting
Step 02
03Peak activity
3 comments in 30-32h
Hottest window of the conversation
Step 03
04Latest activity
Oct 25, 2025 at 8:35 PM EDT
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (8 comments)

Showing 8 comments

pletsch

2 months ago

3 replies

The article says Trellix but the same could be written about any EDR from a capability standpoint. To add to the staff's point about giving root access, and while that's more on Microsoft needing to get vendors out of the kernel, it shouldn't be a compromise users have to make.

With that said, I find myself agreeing with the mandate, if you're using university resources, they have a responsibility to protect those resources and EDR is table stakes these days.. but they also need to be providing any devices required for the job, allowing BYOD for restricted data makes an already tough environment to secure harder than it needs to be.

mindslight

2 months ago

1 reply

If top-down surveillance spyware has become "table stakes", then it's time to flip the table.

asacrowflies

2 months ago

Light it on fire afterwards

musicale

2 months ago

Intrusive, malware-like "security" software running on user devices introduces undesirable security and privacy risks.

Moreover, universities should avoid the chilling effects of intrusive monitoring of faculty and student devices, as well as the potential legal liability.

A better solution is resource access revocation upon detection of bad behavior, with an administrative escalation path to manage false positives.

jltsiren

2 months ago

There is a complicating factor. Universities are not your average top-down hierarchies. While some aspects of the work do belong to the employer, other aspects are yours (or you PI's), and they may follow you to your next job. While administrative matters and sensitive data tend to belong to the university, everything you create as an academic is usually yours.

It's pretty common, particularly among researchers who do not handle sensitive data, to have a burner laptop for accessing university resources and personal devices for the actual work. Many people also use personal email addresses for work. Work email rarely survives changes in employment, making it too short-lived for many purposes.

musicale

2 months ago

At many universities faculty and students ignore the locked-down IT network and use a guest network instead, or their smartphones.

Unfortunately there may not be an easy way to access databases and other paid resources (e.g. via library login, which would seem reasonable.) The good news is that in many fields much of the material that used to be paywalled (e.g. journal papers) is now available under open access. (But not legal databases like Lexis etc. and some other resources.)

pmdulaney

2 months ago

I wonder if science.org has taken a position on whether or not the mandate is a good idea.

musicale

2 months ago

The disconnect between university IT departments and faculty experts - in security, reliability, privacy, law, etc. - at the same university (or within the same system such as UC) is embarrassing.

View full discussion on Hacker News

ID: 45697165Type: storyLast synced: 11/20/2025, 2:30:18 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN