Western Sydney University (WSU) has been warned it may be in breach of its data safety obligations by the university watchdog after thousands of students and graduates received scam emails claiming their qualifications had been stripped.
Please login below to view content or subscribe now.
What’s in a name? To Gallaudet University, quite a lot.
When the Gallaudet chapter of Students for Justice in Palestine protested the war in Gaza, Gallaudet moved swiftly to silence the group, neutering the SJP chapter’s social media presence and sending a campus-wide email condemning the group’s rhetoric. While they initially succeeded, swift action by FIRE and the social media company Meta ensured that free speech — and proper application of trademark law — won the day.
The leadup to last spring’s commencement ceremonies was a tense time at Gallaudet. Gallaudet SJP put up stickers across campus containing the phrase “from the river to the sea.” Many of these placements could fairly be considered vandalism by the university — and thus not protected by First Amendment principles. But rather than focus on where the stickers were placed, or where written materials should be placed, Gallaudet took a more troubling approach.
On May 22, the university released a video “community statement . . . affirming our values and addressing recent concerns.” In it, Provost Khadijat Rashid and President Roberta Cordano noted that the phrase “from the river to the sea” is “associated with rhetoric that promotes violence and hatred” and is “considered hate speech.”
Instead of specifying that the underlying speech is protected but the methods used (i.e., unauthorized stickering on university property) in communicating that speech were unacceptable, Gallaudet conflated the two, stating, “Antisemitism has no place at Gallaudet. These acts of vandalism are not protected speech.”
As FIRE has thoroughly explained, simply repeating the “river to the sea” slogan during a peaceful protest in the United States most certainly is protected speech, regardless of the dispute over whether it is also antisemitic. Gallaudet, which tells its community members it believes in “the principles of freedom of expression and open dialogue without fear of censorship or retaliation,” therefore promises to protect such speech in its own policies. Yet after threatening protected speech, Gallaudet’s leaders went on a curious digression:
We also want to address a source of confusion. A social media account [on Instagram] with the handle @sjpgallaudet uses the university’s name in its profile. This account does not represent a university-sanctioned student organization. The use of “Gallaudet” in this context is unauthorized, and the university filed a trademark infringement complaint [with Meta]. The social media handle has now been removed.
Trademark law (and corresponding Meta guidance) does allow parties with marks — such as distinctive names, logos, or even sounds, textures, or colors — to protect their creative works from infringers. But Gallaudet was stretching trademark law far beyond its bounds. In order to bring a trademark claim, rights holders generally need to show that other parties using their marks will cause confusion among consumers as to who is generating the content. In other words, Gallaudet can protect itself against would-be infringers who want to use its name to fool folks into thinking the infringer represents Gallaudet in some way. Posers beware, says the law.
But few if any social media users would think that a student group — especially one with a clear advocacy posture like SJP — represents a university just because the group references the name of the school where it operates. If someone actually exists who would assume Gallaudet officially sponsors the @sjpgallaudet Instagram handle, they would surely be dissuaded by the prominent message on the account saying: “GALLAUDET UNIVERSITY SHUTS DOWN STUDENTS FOR JUSTICE.” No likelihood of confusion, no trademark infringement.
Intellectual property rights cannot and should not be used to make unpopular speech go away.
FIRE made this simple point to Gallaudet in a June 3 letter, while also taking the time to carefully explain that “from the river to the sea” is protected by the university’s free speech promises. We received no reply, just crickets.
Fortunately, Meta proved significantly more helpful. On July 29, FIRE contacted Meta, urging the company to reinstate the @sjpgallaudet account. On Aug. 26, Meta wrote to FIRE explaining that, upon further review, its legal teams had determined that the account does not violate trademark guidelines, and reinstated it. Meta deserves praise in this case for thoroughly reassessing its earlier trademark determination and changing its decision accordingly.
While the phrase may offend some listeners, feeling offended is hardly adequate cause to circumvent First Amendment protections for freedom of speech.
But Gallaudet, for its part, refuses to acknowledge its mistake or hostility toward student expression. This creates the troubling possibility that the university will again try to misuse trademark law to bully groups it doesn’t like, even if Meta is onto its shenanigans.
This is not the only time we’ve seen universities try to use their names to knock down perceived opponents. In July, FIRE blogged about a similar case involving Purdue University, where the independent student newspaper The Exponent published an editorial saying it would remove the names and images of pro-Palestinian activists from its website over concerns that the federal government would use them in its efforts targeting what the government called “pro-jihadist” speech.
In response, Purdue’s administration went on the offensive. The university told the publication, run by Purdue students since 1889, to stop using the name “Purdue” in its website address. Purdue also said it would stop circulating the paper and end preferential parking for its staff. As we noted at the time, Purdue’s decision made a mockery of trademark law and threatened independent journalism.
Purdue and Gallaudet surely won’t be the last higher-learning institutions to invoke trademarks to silence dissent. But FIRE will continue to call on universities to protect their marks in a way that respects the First Amendment.
Names are valuable to organizations, who have a right to protect their brands from abuse and safeguard consumers, donors, and passersby from confusion. Yet intellectual property rights cannot and should not be used to make unpopular speech go away.
A recent hack of Columbia University’s computer system compromised the personal information of hundreds of thousands of people, including students and applicants, new documents show. Over all, about 870,000 individuals were affected by the breach.
The university provided draft notices to officials in Maine and California that it intends to send to affected parties in their states, according to the state attorneys general’s websites. Both states require that their residents be swiftly informed of any breach that includes their data, according to Bloomberg, which reported on the notices.
The notices said a technical outage disrupted some of the university’s IT systems in June, which led university leaders to suspect a possible cybersecurity attack. An investigation revealed that a hacker had taken files from Columbia’s system in May.
The stolen data includes any personal information prospective students provided in their applications or current students gave Columbia over the course of their studies, including their contact details, Social Security numbers, birthdays, demographic information, academic history, financial aid information, insurance details and health information. No patient data from the Columbia University Irving Medical Center seems to have been compromised, according to the notices. The university encouraged those affected to monitor account statements and credit reports to keep an eye out for any fraudulent activity. It also offered them two years of free credit monitoring and identity restoration services from a financial and risk advisory firm.
“We have implemented a number of safeguards across our systems to enhance our security,” the letters read. “Moving forward, we will be examining what additional steps we can take and additional safeguards we can implement to prevent something like this from happening again.”
A public statement from the university’s Office of Public Affairs last week said that since June 24, Columbia has seen no evidence of any further unauthorized access to the university’s system. Starting Aug. 7, the university promised to begin notifying affected students, employees and applicants on a rolling basis via mail.
“We recognize the concern this matter may have raised and appreciate your ongoing patience during this challenging time,” the statement read. “Please know we are committed to supporting the University community.”
A Columbia official previously told Bloomberg that the hacker seemed to be trying to further a “political agenda.” The investigation into the matter also found that the hacker was “highly sophisticated” and “very targeted.”
The alleged hacker, who got in contact with Bloomberg, gave the news outlet 1.6 gigabytes of data, claiming it contained decades’ worth of applications to Columbia. That application data included New York City mayoral candidate Zohran Mamdani, who applied to Columbia but didn’t get in.
Bloomberg confirmed with eight Columbia students and alumni, who applied between 2019 and 2024, that the information about them contained in the data was accurate. They verified that details such as their university-issued ID codes, citizenship statuses and admissions decisions were all correct. The data provided to Bloomberg didn’t contain names, Social Security numbers or birth dates.
The person claiming to be the hacker, who didn’t provide their name, texted Bloomberg that the purpose of the stolen data was to prove the university continued affirmative action in admissions after the 2023 Supreme Court ruling against such practices. They claimed to have hacked about 460 gigabytes of data total from the university—including 1.8 million Social Security numbers of employees, students and their family members—after spending more than two months ensuring their access to Columbia’s computer systems.
