Last year, the University of California, Berkeley, announced that it was publishing a transparency report detailing government requests for data, similar to what tech companies including Google and Facebook have been doing for years.“We believe that you should know as much as possible about the requests we receive,” UC Berkeley said on its website, noting that it would release a transparency report every six months. In 2015, the university received a total of 32 requests for student and faculty data, either for internal investigations, court cases, or from government and law enforcement agencies.
Extrapolating that number across the country isn’t easy, however, because other universities haven’t followed suit. That means we really don’t have a good idea of how often the government is asking for student data, according to Joel Reidenberg, director of Fordham’s Center on Law and Information Policy.
“It makes it very difficult to have effective oversight of the government if we don’t know what the government is doing,” Reidenberg told NBC News.
Like internet companies, universities are responsible for storing and protecting vast amounts of information. They function as internet service providers, with the smartphones, tablets and personal computers of up to tens of thousands of students connected to their network.
Want to know what a student ate for dinner? Many of them swipe university-issued cards to pay for meals and enter buildings. Financial information, health records and even class assignments are stored in college databases. It’s even possible for a university to know where a student has traveled on campus by looking at which Wi-Fi transmitters they have connected to, Reidenberg said.
Most people don’t do much to protect their privacy. A Pew Research Center poll from 2014 found that 91 percent of U.S. adults had not recently taken any measures to avoid having their internet or cellphone use tracked. Now imagine 18-year-old students living on their own for the very first time.
“They’re constantly being asked for information,” Fred Cate, an internet privacy expert and law professor at Indiana University, told NBC News. And most of them aren’t too discerning about whom they share that information with, according to Cate.
“I could ask a college student outside my window for their credit card information and they would probably give it to me,” he said.
Not only do students hand over a lot of data, they also have habits that make them look suspicious.
“Students look a lot like terrorists,” Cate said. They are constantly changing addresses, travel erratically and live in groups. Especially for foreign students, that lifestyle could put them on the radar of law enforcement.
Students are somewhat protected by the Family Educational Rights and Privacy Act (FERPA), passed in 1978, which prevents institutions from disclosing private records. Because the law has been around for nearly four decades, many in higher education take student privacy for granted, Cate said.
But new technology and broader surveillance powers granted by the Patriot Act allow the government to get around some of these protections, he said. Once hit with a Foreign Intelligence Surveillance Act (FISA) request, universities have few choices but to hand over data.
“I would never recommend that a college or university not comply with the law,” Tracy Mitrano, academic dean of the University of Massachusetts Cybersecurity Programs, told NBC News. But they should be clear to the public about how much data they are sharing, she said, and spend more time updating and defining their privacy policies.If more schools are going to follow UC Berkeley’s example, the pressure will probably have to come from students and parents, Cate said, because universities don’t want to rock the boat.
“Remember, the federal government pays for the vast amount of students to be here [at Berkeley],” he said, citing student loans and grants, as well as research funds. Public universities might be more inclined than private institutions to release transparency reports because they are legally required to share that information if asked, according to Cate.
Universities also have to worry about how they share data with the public, said Brenda Leong, director of operations for the Future of Privacy Forum.
“By being too transparent, you could impede on students’ individual rights,” she told NBC News.
Sharing information that could be used to identify students would be a bad idea, Leong said, but simply divulging the number of requests received and granted by a university would be a step in the right direction.
“At least it would give the public, students and parents an idea of the scope of what’s going on,” she said.
But for now, online privacy is likely to be low on the priority lists of most college-bound teens.
“Parents tend to have bigger concerns when it comes to higher education, like how much it costs and whether their son or daughter is passing,” Cate said. “Most of us never think we could be the targets of government surveillance.”
This story originally appeared on NBCNews.com.