Scientists use email daily to communicate with colleagues and others, typically with the expectation that their messages won’t be seen by prying eyes. By now, we’re all familiar with and on guard against threats to our email accounts from phishing and hacking attempts. However, as some scientists—particularly those studying sensitive topics such as climate change or vaccines—unfortunately have learned, emails and other electronic messages they send and receive can also be subject to scrutiny through the use of aggressive open records requests, subpoenas, and leaks. Scientists’ increasing use of social media and other digital platforms both professionally and personally—and for some, their increased interest in advocacy and activism—has made them still more vulnerable to harassment and attacks.
To solve complex scientific issues and address critical societal challenges, scientists must feel comfortable openly collaborating with their peers. When scientists engaged in research or advocacy on issues viewed as controversial fall victim to invasive open records requests or hacking, frank conversations about their findings and methodologies become less frequent and scientific progress—along with science-informed public policy—is stymied. Thus, we all suffer when scientists are vulnerable online.
As an attorney at the Climate Science Legal Defense Fund, I counsel scientists on ways to strengthen their online privacy and follow their institutions’ policies for safeguarding communications. Hacking is the most invasive risk, but it’s not the only way that scientists’ data, research, and emails may be released publicly. My colleagues and I have seen scientists targeted with legal methods, most notably by groups and individuals using open records laws to seek thousands of emails.
These laws serve important purposes in support of transparency and in combating corruption, waste, and abuses of power by authorities, but they also can be weaponized and used to bully scientists. Invasive efforts are often used by fossil fuel–funded interests bent on undermining climate science or by others with antiscience agendas. Disingenuous and harassing public records requests for political purposes not only can be unsettling but also can seriously derail scientists’ work. Responding to these requests and their fallout often involves substantial time, money, and resources that could be better spent on vital research. Depending on the jurisdiction in which a scientist is located, available legal protections against illegitimate uses of open records laws can vary greatly.
Unfortunately, the more scientists speak out about issues that are important to them or their work, the greater their risk of harassment, particularly for female scientists and scientists of color. In addition to bogus open records requests, other forms of harassment, including death threats, trolling, and sexist abuse, are also on the rise. Given the scope of this issue and its implications for scientists’ safety and scientific progress, it is important that scientists be armed with information to protect themselves in the event they are targeted. The specifics of what scientists can or should do will depend on their location, specific goals, and the legal and practical issues they are facing both personally and professionally, but there are basic protective measures scientists can take across the board.
Keep Your Accounts Separate
With email, it is important to maintain a clear delineation between professional and personal accounts—this guidance also applies to using personal versus employer-provided cellphones and laptops. Separating accounts is especially important for government and publicly funded scientists, who are usually subject to strict guidelines regarding their involvement in activism or political activities while at work. Participating in these activities during work hours or on employer-issued devices can lead to serious professional, legal, and financial consequences, including being fired without severance.
In the United States, government and publicly funded scientists should also be mindful that their professional emails may be subject to disclosure under the federal Freedom of Information Act (FOIA) and equivalent state open records or “sunshine” laws. Avoiding the use of professional email accounts to discuss private details from their personal lives can reduce the potentially herculean task of combing through years of emails to determine which should be redacted. (There is also the risk that personal emails will be missed in the redaction process and inadvertently produced, or provided to whomever requested the records.)
Each state has different laws regarding which records are protected and which may be disclosed, so it’s important to understand the rules that apply in each state. Laws in some states, for example, Illinois and New Jersey, include a “deliberative process” exemption, which protects documents reflecting deliberations. Other states, such as Alabama and Arkansas, offer no statutory protections whatsoever for researchers.
For scientists at any institution, learning and following their employer’s email retention policy is also essential. These policies detail the length of time that professional emails and other records should be kept before they are destroyed. Deleting emails before the prescribed period—particularly to avoid being targeted by a FOIA request—is always inadvisable and can be cause for termination depending on the circumstances. (If litigation is in play, a “hold” is often placed on an employee’s ability to delete emails entirely.) Conversely, retaining emails well beyond the requirements of an employer’s policy is also inadvisable because it increases the potential burden of scrutinizing voluminous records to determine what should be fully produced, produced but redacted, or withheld from production entirely. If an institution has no such retention policy, some records retention is still prudent. Three years (i.e., the amount of time the Internal Revenue Service typically has for auditing a tax return) is a reasonable minimum.
Choose Your Words Carefully
In general, scientists should be careful about what they put in writing, including the content, tone, and subject matter of emails, social media, blog posts, and other digital communications, especially because records may remain on servers even after being deleted from an individual account. Personal opinions, attempts at humor, or other casual remarks, for example, whether related to scientific research or other topics, can easily be taken out of context and used to undermine credibility.
Scientists concerned with maintaining privacy and data security or whose work involves sensitive issues should consider conducting conversations in person or over the phone to minimize the chances that their words could be taken out of context. This point cannot be overstated for scientists studying issues such as climate change. The intent, of course, is not to evade transparency or hide research from the public eye but, rather, to mitigate attempts to misrepresent legitimate work or disparage credible scientists. I have seen climate scientists’ email conversations cherry-picked by bad actors who intentionally misconstrued the emails’ contents to confuse the public, sideline scientists’ research, and delay action on climate change.
Much of the same guidance that applies to email also applies to posting on social media. Be conscious of the audience and the content shared. Scientists should familiarize themselves with and follow their employers’ social media policies. It’s prudent to implement relevant privacy settings and understand those settings’ limitations: Posting “anonymously” does not guarantee anonymity, for example. As with email, scientists should separate their personal and professional social media accounts. Including disclaimers, such as “These are my personal views, not those of my employer” or “Title and affiliation for identification purposes only,” in profile information can help scientists accomplish this up front.
When scientists do receive harassing messages online, one way—often the best way—to handle them is to not respond at all. Usually, such messages are simply attempts to provoke or rattle scientists with “gotcha” questions or inflammatory statements. However, attackers may also be looking for ins to further harass or publicly malign scientists who engage with them. It’s good practice to archive messages and emails sent in bad faith, in case evidence of the harassment is needed later.
A Layer of Protection
At a time when unintended data breaches, purposeful hacking, and invasive open records requests abound, scientists must continually be mindful of how they can strengthen their data privacy and safeguard their online communications. Following best practices like those mentioned here won’t necessarily prevent harm in every instance, and it certainly won’t stop antiscience organizations and individuals from continuing their attacks. But they offer fundamental layers of protection, much like a vaccine or a home security system. These protections help ensure that scientists can focus their time, talent, and resources on conducting crucial research that helps all of us, whether it is aimed at solving the climate crisis, protecting against dangerous pathogens, or any number of other beneficial outcomes.
Rachael Lyle-Thompson (firstname.lastname@example.org), Climate Science Legal Defense Fund, New York, N.Y.