June 26, 2025

President Michael V. Drake
Office of the President
University of California
1111 Franklin St., 12th Floor
Oakland, CA 94607
michael.drake@ucop.edu

[Delivered via Email]

Dear President Drake:

As you are aware, over the past several months, the Council of UC Faculty Associations (CUCFA), has mobilized in opposition to the rushed and threatening implementation of your cybersecurity mandate. Under our leadership, hundreds of faculty members systemwide have voiced serious and well-founded concerns regarding the mandatory deployment of Trellix through several petitions. The Berkeley Division of the Academic Senate has formally requested a pause in implementation. Similarly, the Representative Assemblies at UC Irvine and UC Santa Barbara have passed resolutions calling for an immediate halt, while UC Riverside’s Senate Executive Council also called for a freeze on the rollout. On June 12, 2025, the systemwide Representative Assembly of the UC Senate approved a resolution reflecting this same position. And, as of last Friday, June 20, you have received another petition signed by over 1,000 members to halt and exclude the implementation of any EDR-technology solution in order to explore existing technologies that give equal weight to security and academic freedom.

Despite your repeated refusals to heed the concerns of faculty, we have taken notice of CIO Williams’ desire to engage with these concerns, and, in particular, to understand your mandate as a “work in progress” by no means tied to the current EDR-centered technology (Trellix). Given this opening, CUCFA respectfully proposes a summer-long pause in the implementation of the mandate and the immediate constitution of a working group explicitly tasked with exploring non-EDR cybersecurity solutions.

Given its documentable leadership role in building faculty awareness and opposition to EDR technology, CUCFA believes it deserves a prominent place at the table, and thereby proposes the constitution of a working group of fourteen members, seven of them chosen by UCOP among administrators and experts who have participated actively in the implementation of the current EDR solution (Trellix), and seven chosen by CUCFA leadership among the many who have distinguished themselves in informing the faculty about the risks involved with EDR technology and the advantages of available alternatives. 

In addition, CUCFA requests that, regardless of the working group’s determinations, these be subject to a process of approval in accordance with AAUP’s recommendations regarding Academic Freedom and Electronic Communications.

In particular, we request that:

1) UCOP recognizes the issue as an academic/curriculum issue, such that the Academic Senate has decision-making authority rather than a merely advisory role.

2) Any further policy changes related to cybersecurity issues require a majority vote of approval from every ladder-rank faculty member in the UC system. 

3) Any future working group on cybersecurity should include representatives elected by the Academic Senate, rather than faculty cherry-picked by the administration.

4) Any working group member should be given some form of teaching release.

Sincerely,

Council of University of California Faculty Associations (CUCFA)

cc: Provost & Executive VP, Academic Affairs Katherine Newman
Vice President of Information Technology Services and Chief Information Officer Van Williams