What is the ZotDefend spyware package? Why is it being required? Who controls the data it surveills? How did the University decide to purchase software with a checkered past?
Attend the Irvine divisional Senate meeting on May 1st at 3:30pm to demand answers to these questions and more! Register at this link.
Ask your Dean to use their power to exclude devices in your school.
Dear colleagues –
By now you may have heard that the University is requiring all computers to install the “ZotDefend” spyware package by May 15, 2025. These computer programs will need full control over your devices, have complete access to your personal information, and will communicate regularly with a centralized management server operated by a third party.
Significant questions have been raised about the provenance of this software and the process by which the University came to the decision to mandate its use. However, the University has repeatedly dismissed inquiries and requests for transparency.
We are particularly troubled by the “Trellix” component of the ZotDefend package. This software was previously known as “FireEye,” a program that enabled a massive hack of its customers, an attack so disastrous that the company was sold to a private equity firm and changed its name. The private equity firm still operates Trellix and has retained the same fundamental centralization feature that allowed the hack to be so damaging.
We urge you to join us on May 1st at 3:30pm, at the UC Irvine divisional Senate meeting, to discuss this software’s impact on cybersecurity and academic freedom. Foundational to this conversation is the need to ensure shared governance practices that protect our research and teaching. Please attend this meeting and demand answers to important questions such as:
– What was the process by which this particular program, and the alternative “Nessus” which has the same fundamental centralization, chosen? Was a competitive RFP issued? Why haven’t faculty been allowed to review the due diligence reports?
– Through what means will Deans and other unit heads determine what devices can be excluded from this requirement in order to secure intellectual property and protected information? Some schools allow personal laptops to be excluded. What determines this exclusion? What if any controls exist to safeguard HIPAA, assurances of confidentiality for human research participants, and intellectual property concerns?
– Why have Senate faculty requests for information been repeatedly ignored?
– Databases are presently used to undermine the safety and security of our students and colleagues. How is this software different? What safeguards exist against our data being acquired by an external agent if the present private equity owners divest?
– Trellix documents suggest that “snapshots” of computer memory can be sent to their servers when an event is detected. What is the complete scope of information on our computers that can be accessed by persons other than the user when employing the full capabilities of the Trellix software and other ZotDefend components?
We call on the University to adhere to the American Association of University Professors’ (AAUP) guidelines on Academic Freedom and Electronic Communications, which include guidance against pervasive surveillance of faculty personal communication and research material. This software, and the heavy-handed threats used to ensure its widespread adoption, are concerning violations of principle and basic labor standards.
In Solidarity,
The UC Irvine Faculty Association