Unveiling a Cybersecurity Crisis: Calif. Professors Call for an End to Surveillance Software

The UC Faculty vs. IT Leaders: A Cybersecurity Controversy

An ongoing conflict is emerging between University of California (UC) professors and the system's IT leaders over a cybersecurity surveillance software program known as Trellix. Faculty members argue that the program is overly intrusive and poses a risk of warrantless surveillance.

Professors across the state are being asked to install Trellix, a software designed to monitor computers for potential threats. However, this program also provides access to UC information technology officers on what professors are doing on their devices. This has raised concerns about privacy and academic freedom.

In an October memo, UC faculty union leaders called for a halt to the program’s rollout, stating that it creates "the distinct risk of warrantless governmental access to sensitive academic materials." According to the memo, once installed, Trellix EDR software grants unrestricted administrative or root-level access to faculty computers, allowing for unchecked monitoring, extraction, alteration, and even deletion of files without user consent or notification.

This intrusion into the privacy of faculty members is seen as a threat to the core principles of the university's educational and research missions. Chris Hoofnagle, faculty director of the Berkeley Center for Law and Technology, acknowledged that computer security often involves a balance between different values and risks. He noted that while most faculty would benefit from Trellix due to its ability to protect against malware, the main issue lies in the software granting administrators remote access to faculty computers at the root level.

Tensions between UC faculty and administrators have been escalating for over a year due to this controversy. A May 2024 letter from Kyaw Tha Paw U, the former chair of the University Committee on Academic Computing and Communications, highlighted concerns about Trellix's capabilities, including tracking website browsing, deleting files, and remotely shutting down devices without saving work in progress.

Other concerns include the potential requirement for personal devices used for academic purposes to utilize the program. There were also worries about difficulties in forwarding university emails to non-university accounts and possible penalties for faculty with extramural grants or those serving as department chairs if their subordinates fail to comply with the mandate.

A UC Berkeley Information Security Office FAQs page claims that Trellix does not track personal browsing habits, private files, or non-work-related activities. However, a May 2025 academic senate resolution indicated that faculty remain unconvinced by these assurances. The resolution demanded the immediate suspension of Trellix or any similarly invasive monitoring software on faculty and researcher computer systems. It also called for a transparent and inclusive evaluation process involving faculty representation to ensure the safeguarding of privacy, academic freedom, and research integrity.

Currently, reports from the Daily Californian and Science’s news site suggest variations in policies related to Trellix's roll-out across different universities within the UC system. The College Fix reached out to the University of California Office of the President and Van Williams, UC’s Vice President of Information Technology Services and Chief Information Officer, regarding these policy differences but did not receive a response.

Bill Budington, a senior staff technologist at the Electronic Frontiers Foundation, a digital privacy watchdog organization, stated that while it is the university's prerogative to secure devices it issues, concerns about administration and possibly governmental access to faculty research materials raise legitimate privacy and academic freedom issues. He added that the software is being mandated even for employee-owned devices that connect to the university network, which he views as an overstep.

Over the past several months, university and Trellix representatives have defended the implementation of Trellix while downplaying the privacy and surveillance concerns. Kyle Gibson, a UC Berkeley spokesperson, told the Daily Californian that Trellix stores only about 10 minutes of system activity data locally on the device and denied claims that the program monitors all activities performed using a device. Megan Haley, a Trellix representative, told the publication that the company only discloses user information when required by law or the federal government.

MORE: Plagiarism expert warns of AI false positives following Adelphi University lawsuit