Delay the UC cybersecurity mandate

The University of California is requiring all employees to comply with the cybersecurity mandate issued last year by the University of California Office of the President (UCOP). Deadlines vary across UC campuses, but all require compliance at some point within the coming weeks, before the end of spring 2025. This mandate requires that all University devices that connect to certain UC resources install a series of software packages (also referred to as “toolsets”). Crucially, depending on campus policies, this could include even personal devices not purchased with University funds. Failure to comply could entail denial of access to University resources and tools we need to do our jobs. Much depends on the variation in how campuses appear to interpret and implement UCOP’s mandate.

We recognize the importance of digitally securing data for our students, patients, and scholarly data, especially given that UC has been subject to hacks and breaches of digital security. However, faculty on all campuses, along with local senates and faculty associations, the University Committee on Academic Computing and Communications (UCACC) and the UC-wide Senate have repeatedly raised grave concerns about the implementation timeline and the chosen software. Many questions remain around invasions of privacy and academic freedom, as well as the reliability, compatibility with research protocols, and spyware characteristics of the software. For a summary of all these concerns, please click here.

Despite the many attempts to obtain answers to these questions, UCOP has repeatedly dismissed inquiries and requests for transparency. 

We demand a delay in the implementation of this mandate until the end of Fall 2025. We also demand that each campus create a Senate-approved software use policy defining what chosen software solutions can do, allowable uses, and how UC will detect, remedy, and deter abuses of the software. 

Please read and sign this brief petition to delay the implementation of this dangerous software on all computers, including personal ones, that we use to access all UC administrative systems. 

❧

Whereas faculty across all campuses, computer science experts from within our system, the University Committee on Academic Computing and Communications (UCAC), and the system-wide Senate at its January 17, 2025 session have repeatedly raised questions about the rushed implementation of the cybersecurity plan, its reliability, its compatibility with research protocols, and the surveillance characteristics of the chosen Endpoint Detection and Response software; and 

Whereas UCOP promised to respond to these concerns, but never did;

We the undersigned Senate faculty of the University of California of the University of California, call for a delay in the implementation of the cybersecurity mandate and the creation of transparent, accountable use policies clarifying software capabilities, allowable uses, and abuse mitigation methods.