BY STEVEN LUBET

It probably should have occurred to me sooner that my university filters outgoing email for various terms of service violations such as catfishing and pornography. Never could I have imagined, however, that a third-party vendor had been empowered to “quarantine” outgoing faculty email based on its content, without ever informing the sender. But that is exactly what happened to me earlier this year, when a company called Proofpoint decided to blockade 88 of my emails, pitching a controversial article to a bunch of editors, with no notice to me. The result was the burial of my writing on a time-sensitive subject, which I only discovered by accident, and by then it was too late.

In early October, I wrote an oped about Zoom’s refusal to provide a platform for Leila Khaled’s presentation at San Francisco State University. My viewpoint was critical of Zoom (and other networking platforms) for violating the academic freedom of the webinar’s sponsors, SFSU’S Arab and Muslim Ethnicities and Diaspora Studies Department (AMED). I was also critical of AMED’s disingenuous description of Khaled as simply a “feminist, militant, and leader,” which elided her past as a two-time airplane hijacker, and her leadership role in the Popular Front for the Liberation of Palestine. My bottom line was that academic freedom is best protected by a reciprocal commitment to candor and honesty. Believing that this perspective could reach a general audience, I sent the 800 word piece to an editor at a popular mainstream journal, with whom I have published before.

Receiving no response after a few days, I sent her a reminder. And then another one two days later. Editors do not like to be pestered, so I figured she was uninterested and I submitted the piece to the next name on my list. Again, no answer to my initial email and a couple of follow-ups. That pattern was repeated over the next several weeks, as all of my usual outlets seemed to be ignoring me. After eventually exhausting all of my personal contacts, which were pretty good at journals everyone would recognize, I began submitting the piece cold, to editors whose email addresses had been given to me by colleagues. Still, not a single message in return.

I probably should have suspected a delivery problem sooner than I did, but none of my emails had bounced, and it was October of a presidential election year. The more reasonable supposition – to me, at the time – was that the opinion editors were all busy with election news and therefore uninterested in academic controversies (admittedly, to the unlikely point of disregarding me completely).

It was only at the very end of the month that I tried sending the piece to some friends and family, none of whom received it, nor was it caught in their spam folders. Only then did I realize that the issue was more likely technical than editorial, so I contacted the excellent IT department at the Northwestern Pritzker School of Law.

Our IT people were able to identify the basic problem within hours. My emails with the article pitch (and only those emails) had been blocked “for some reason” related to something problematic in the content.

I nearly hit the roof. “That article was about academic freedom,” I sputtered into the phone. “How can that possibly be problematic at a university?” Given the subject matter, it was hard to avoid imagining a conspiracy aimed at quashing discussion of free speech for Palestinians, as improbable as that seemed.  And why didn’t anyone tell me that my messages were being quarantined in the first place? My IT friend agreed that it was troubling, though mostly because of the no-notice issue, and he promised to investigate further.

We soon got this answer from Proofpoint:

The problem was that one of the many URLs in the message mapped to a domain that was flagged due to being abused in a past spam campaign that hit our spamtraps in volume. Upon manual review the domain in question has been identified as legitimate and is being removed from our definitions.

Proofpoint offered to release the 88 sequestered emails, but it was too late by then to publish the piece, and suddenly receiving three or four old emails would only have confused, and perhaps alienated, my various editors.

There was a longer explanation, of course, which I learned when I “escalated” to the head of email services for the main university. The apologies were profuse, and I was told that many hours had been spent devising a solution that would prevent any recurrence. “In the future,” I was assured, there will be “daily review of email quarantine queues for messages that should not have been quarantined, and release or return a message when appropriate.”

The story has a reasonably satisfying ending. It was too late to publish my article in a general circulation journal, but a more focused version was posted on the Academe Blog, so I was at least able to make my argument to a faculty audience if not to the broader public. The IT people at Northwestern took the problem seriously and spent considerable time adopting a protocol that should keep it from happening again.

On the other hand, Proofpoint no doubt has contracts with other universities, and its algorithm is still lurking on outgoing servers, ready to quarantine, without notice or “manual review,” any faculty emails innocently including URLs it suspects of having been “abused in a past spam campaign.” My article pitch had twenty URLs in it. Which one, you are probably asking, was responsible for the quarantine? It was PFLP.ps – the official website of the Popular Front for the Liberation of Palestine (for whom I have no sympathy, but felt obligated to link).

But forget about the obvious conspiracy theories, if you can. (I have been reliably informed that any URL can be taken over by spammers, and Proofpoint did immediately identify PFLP.ps as legitimate). The real problem is that Proofpoint is evidently continuing to rely on an algorithm that traps outgoing faculty email without notice, while universities will do nothing about it until there is a complaint from someone who realizes what is happening.

According to James Grimmelmann, the Tessler Family Professor of Digital and Information Law at Cornell Tech and Cornell Law School, it is “entirely possible to configure email systems to notify senders when emails are trapped.” And of course, “It is not acceptable in a university setting to silently delete faculty correspondence. They [IT departments] have legitimate security and operational concerns, but as the technical experts, it is their job and not yours to design a system that meets their concerns while respecting fundamental academic principles.” The time to raise this with your own employer is before your outgoing emails have disappeared into the void.

Steven Lubet is Williams Memorial Professor and Director of the Bartlit Center for Trial Advocacy at Northwestern University Pritzker School of Law