Georgetown University clearly tries to project an image of robust cybersecurity through visible measures like Duo Mobile authentication, surveillance cameras and complex login protocols, ranging from programs that are restricted from SaxaNet access to the websites used for the admissions process. However, as the October data leak showed us, these security measures are not comprehensive in protecting our right to privacy. We are left with an uncomfortable realization that our university prioritizes surveillance over genuine data protection while failing to maintain even basic privacy safeguards.

While Georgetown mandates that we install multiple personal security measures, its own security webpage contains broken links and 404 errors. University Information Services (UIS) policies are unable to clearly delineate what student data is going where, often using roundabout language like saying that data is saved under “GU Policy” and not specifying what exactly this policy is. Our university defines privacy as “freedom from unauthorized disclosure of one’s personal data,” yet fails to give us basic transparency about how our information flows through its systems.

I’ve uncovered surprisingly simple yet far-reaching data vulnerabilities in my daily life, revealing just how exposed personal information can be. Our application photos and GOCard pictures are freely accessible to teaching assistants, residential assistants, professors and deans — often broadcasted or printed for “easy identification” or “name memorization” without our knowledge or consent. Past GOCard photos are also kept on file and cannot be purged until “after your affiliation with the university ends.” Georgetown’s Google Calendar settings broadcast our availability by default, letting other GUID holders search our names and view our schedules. As a student worker, I was surprised to find how easily basic login credentials could grant access to sensitive information, like faculty government IDs, addresses and private correspondence. This information was accessible to me without privacy training. Classroom recording policies present a non-negotiable consent framework, requiring students to waive rights regarding captured content as a condition of participation, essentially exchanging personal data for basic institutional participation. This ultimatum, which can go easily undetected, is present in many classrooms: “You acknowledge and agree that recording will proceed in reliance upon such grant and release and that you will claim no rights with regard to any such recording.”

This privacy-security paradox reaches into our personal lives. There are surveillance cameras inside Dahlgren Chapel, the Yarrow Mamout Masjid and the Dharmic Meditation Center. While Georgetown frames this as the protection of sacred spaces, it fundamentally misunderstands the nature of these environments. Sacred spaces are meant to be sanctuaries for students to practice their faith and engage in reflection without the psychological burden of constant monitoring. This surveillance is particularly concerning for religious minority students, who may already feel heightened scrutiny in practicing their faith on campus.

The irony is stark: While Georgetown Law Center’s Center on Privacy & Technology professes that “privacy is not a luxury” but “a fundamental right,” our main campus systematically diminishes these very rights.

Georgetown has established a veritable digital panopticon characterized by inconsistent measures: excessive monitoring in certain domains and significant vulnerabilities in others, all amid a persistent deficit of transparency. This approach not only compromises privacy rights but also fails to provide adequate security assurances. While tech giants undoubtedly pose a more existential threat to our data, Georgetown carries a unique ethical responsibility for our information. Our university’s mission to nurture and safeguard its students stands in stark contrast to its current practices. 

Change can and must begin here on our campus, where we have the power to align institutional practices with our proclaimed values. First, we need to understand our digital rights within the university system. Seek out UIS, the GOCard Office and the Admissions Office for explicit documentation about who has access to your personal information, including your photographs and demographic data. Check and restrict your Google Calendar sharing settings, review which third-party applications have access to your Georgetown credentials and stay alert about when classrooms are being recorded and what applications and programs are collecting your information.

Georgetown needs to be clear about where our personal information is going. Our personal information should only be accessible to those who truly need it. When it comes to recording us or using our photos, we should have the right to opt in, not just the ability to opt out. We deserve clear guidelines and options about surveillance in our personal spaces, especially where we live and worship. Anyone with access to our data should undergo mandatory privacy training.

We need comprehensive transparency measures from Georgetown. This could mean developing an accessible privacy dashboard showing real-time data collection practices, getting automated notifications when someone accesses our personal information or publishing regular security incident reports.

The right to privacy includes the right to know how your privacy is being compromised, which in today’s digital space is inevitable. However, Georgetown’s current system neither adequately protects students’ data nor fully informs them of its vulnerabilities. 

Until then, students should understand this reality: Your right to privacy exists, but only if you know where your information is going. Right now, too few of us do.

Christina Pan is a sophomore in the College of Arts & Sciences.