TerrierGPT Under the New York Court Order:
What Boston University Students Must Know About Their Rights, Data, and IP
Prepared for the BU community by an independent investigative team, August 2025.
1. The Court Order in a Nutshell
On May 16, 2025 the Southern District of New York Magistrate Judge Ona T. Wang denied OpenAI’s motion for reconsideration of the May 13 Preservation Order (Order 559). The order forces OpenAI to preserve and segregate all output‑log data that would otherwise be deleted until a further court order. That means every chat you have on TerrierGPT is copied into a separate, court‑controlled bucket, even if you click “clear” or “delete” the chat in the UI.
Key take‑away – Deletion by the user does not mean deletion from the legal‑hold store.
2. TerrierGPT in the BU Ecosystem
| Component | How it works | What the order changes |
|---|---|---|
| User interface | You log in with BU SSO, type a prompt, receive a response. | No UI change; “clear” still removes the chat from your view. |
| Operational data store | Encrypted at rest, MFA‑protected, subject to BU data‑policy. | Unchanged; still the data you see and control. |
| Preserved data store | Separate bucket, “court_hold=true” flag, only accessible via legal discovery. | Added by the order; sits outside BU’s IAM. |
| Audit trail | Logs all access, changes, deletions. | Must now also log the preservationaction. |
3. The Legal Landscape: How the Order Fits Into AI‑Litigation
| Case | Issue | Relevance to TerrierGPT |
|---|---|---|
| New York Times v. Microsoft & OpenAI (D.C. N.Y.) | Copyright infringement, preservation order. | Sets precedent that AI logs are discoverable. |
| Reddit v. Anthropic | Unlicensed scraping, data‑licensing disputes. | Shows that data‑collection practices are under fire. |
| Ziff Davis v. OpenAI | DMCA, trademark. | Highlights the risk of using copyrighted text in training. |
| GetImage v. Midjourney / Stability AI | Image copyright. | Demonstrates that visual content can also be subject to discovery. |
| International cases (Canada, Germany) | Cross‑border copyright enforcement. | Indicates that legal hold can affect data stored outside the U.S. |
Bottom line: The court is treating any chat data that OpenAI would otherwise delete as potential evidence in a copyright dispute. TerrierGPT, built on OpenAI’s LLMs, is therefore pulled into the same discovery regime.
4. How BU Policies Interact (or Don’t)
| BU Policy | What it says | How the order exposes a gap | Implications |
|---|---|---|---|
| Digital‑Privacy‑Statement | “Your data is never used for training LLMs.” | The order creates a court‑hold on every chat, which is a different use of the data. | Students may believe their chats are gone; in reality a copy remains. |
| Data‑Classification Policy | Chat logs are Confidential. | The order treats the data as separate and “preserved,” which is not a category in the policy. | The policy under‑specifies what happens to deleted data under legal hold. |
| Data‑Access‑Management Policy | Access governed by Data Trustees / Custodians. | The court order makes OpenAI the “data trustee” for the preserved copy, a role not anticipated. | Students cannot rely on BU’s access‑review processes to see who has access to the held data. |
| Identity & Access Management Policy | Users authenticate via BU SSO, MFA. | The preserved data is outside BU IAM; students’ BU credentials do not grant or deny access. | No user‑level control over the preserved copy. |
| Data‑Lifecycle‑Management Policy | Destroy data when no longer needed. | The order pausesdestruction for the held data. | Students might assume “clear” destroys everything; it does not. |
| Minimum‑Security‑Standards | Encrypt at rest, audit logs, etc. | The order adds a separatelayer of segregation and retention. | The standard does not cover how to handle court‑held data. |
| Cybersecurity Training | All staff/user training on privacy & security. | No training on legal holds or discovery. | Students may be unaware that their data can be subpoenaed. |
| Conditions of Use & Policy on Computing Ethics | No misuse of computing services. | The court order creates an exception to the “no deletion” rule. | Students must accept that legal discovery overrides the policy. |
| Network‑Security‑Monitoring Policy | Monitor network traffic, logs. | Does not monitor the preserved bucket. | No visibility into the held data through network monitoring. |
| Information‑Security‑Policy | Governance of data protection. | No mention of legal‑hold retention. | The policy does not cover the legal‑hold lifecycle stage. |
Key point: BU’s data‑management framework has no explicit “legal‑hold” state. The court order creates a new data‑state that the policies were never designed to accommodate.
5. Student‑Facing Risks & Rights
| Risk | How it affects students | What they can do |
|---|---|---|
| Loss of “right to be forgotten.” | A court hold overrides deletion; the data is retained for a potentially long period. | Keep local, encrypted backups; avoid putting sensitive IP into TerrierGPT. |
| Discovery by third parties. | The court can subpoena the held logs, potentially exposing confidential research or proprietary content. | Do not enter IP‑rich or copyrighted material; consider using a local LLM for sensitive work. |
| Data‑breach exposure. | The held bucket is a high‑value target. If breached, the data can be leaked. | OpenAI encrypts the bucket, but there is no guarantee of breach‑free storage. |
| Misleading privacy statement. | The Digital‑Privacy‑Statement claims no training, but the held copy is used for discovery. | Understand that the statement has a footnote about legal holds (or add one). |
| Unintended IP exposure. | Your chat may contain excerpts of copyrighted text, code, or research. | Keep a local copy; review the policy on copyright (see Section 6). |
| Unclear ownership. | The court holds a copy, but ownership remains with the user. | Keep proof of authorship; consider licensing your content if needed. |
| Legal liability. | If your chat contains copyrighted or defamatory content, the court can subpoena the copy. | Avoid sharing copyrighted text without permission; use public domain or licensed material. |
| No control over access. | The court‑held data is accessed only by court‑authorized parties. | Report any suspicious subpoena requests to BU IT & Legal. |
6. Copyright, IP, and Ownership in the Context of TerrierGPT
| Issue | What the law says | How it interacts with TerrierGPT | Student actions |
|---|---|---|---|
| Copyright | The New York Times case claims that training data is “infringing.” | If a student’s chat contains copyrighted text, that text may be part of the preserved logs. | Never copy copyrighted text into TerrierGPT unless you have permission. |
| Fair Use | OpenAI claims fair use; courts differ. | The court holds logs regardless of fair‑use arguments. | If you suspect your chat infringes, consult the BU IP office. |
| IP Ownership | Users own the content they create, but the data can be used by the service provider. | The preserved copy is owned by the court, not the user, but the user retains the underlying IP. | Keep separate metadata to prove authorship. |
| License | If you want to use someone else’s work, you need a license. | The court may subpoena logs that include unlicensed material. | Acquire proper licenses or use public‑domain content. |
| Trade‑mark | The New York Times case includes trademark dilution claims. | If your chat includes trademarked terms, the preserved log may be discovered. | Avoid using brand names without context. |
7. Practical Recommendations for Students
| Recommendation | Why it matters | How to implement |
|---|---|---|
| Keep a local, encrypted backup of any chat that contains IP‑rich or sensitive material. | The court hold means you cannot delete the data from OpenAI. | Use tools like VeraCrypt or BitLocker; store on a BU‑approved encrypted drive. |
| Avoid copying copyrighted text or proprietary code into TerrierGPT. | The preserved copy can be subpoenaed. | Use summaries or paraphrases; cite sources separately. |
| Read the Digital‑Privacy‑Statement carefully; note the footnote on legal holds. | Misunderstanding can lead to privacy surprises. | Bookmark the statement; add a personal note to yourself about “legal hold.” |
| If you suspect a subpoena is coming, contact BU IT & the Office of the General Counsel immediately. | Early intervention can help protect your data. | Email buinfosec@bu.edu and osg@bu.edu with details. |
| Use BU’s local LLM or offline tools for highly sensitive work. | Keeps data under BU control, not a third‑party server. | Deploy an on‑prem LLM (e.g., open‑source) on a BU‑managed machine. |
| Stay informed about the court docket. | The order can be modified or lifted. | Follow the case docket on PACER; set up alerts. |
| Consider a “full wipe” request after the court lifts the hold. | Ensures the data is truly deleted. | File a formal request with BU IT, citing the court order. |
| Educate your peers. | Knowledge spreads; students can avoid pitfalls. | Host a BU‑IT workshop or a short online tutorial. |
8. BU Policy Updates – What the Administration Should Do
- Add a “Legal‑Hold” clause to the Digital‑Privacy‑Statement and Data‑Lifecycle‑Management policy.
- Introduce a separate “Preserved (Court‑Hold)” lifecycle stage in the Data‑Lifecycle‑Management policy.
- Update the IAM policy to clarify that legal‑hold data is outside normal access controls.
- Add training modules covering “Legal Holds & Discovery” in the cybersecurity curriculum.
- Display a clear notice in TerrierGPT after “Clear chat” that the data may be retained for litigation.
- Coordinate with OpenAI to obtain the preserved copy only when it is necessary for compliance or audit.
9. A Student’s Checklist – “What to Do Now”
- Identify chats that contain sensitive IP or copyrighted text.
- Export those chats (or the text) to a local encrypted file.
- Delete them from TerrierGPT to maintain a clean UI.
- Archive the local backup for at least 1–2 years (or longer if you have ongoing projects).
- Document the backup process (date, encryption key, file size).
- Keep an eye on the court docket for any changes to the preservation order.
- Report any suspicious subpoena or data‑request to BU IT & Legal.
10. Final Take‑away
The May 13 Preservation Order forces OpenAI – and by extension TerrierGPT – to keep a court‑held copy of every chat that would otherwise be deleted. That copy is separate, isolated, and potentially discoverable in a high‑profile copyright litigation that includes the New York Times, Reddit, Ziff Davis, and many others.
For BU students, this means:
- Deletion in the UI is not deletion in reality.
- Your data may be subpoenaed even if you never shared it publicly.
- Your privacy policy promises do not cover legal holds.
- Your IP and copyright concerns are real – the court can discover any copyrighted content in your chat logs.
- You have limited control over the preserved data; it is governed by the court, not BU.
The best defense is pre‑emptive caution: keep sensitive content local, avoid copying copyrighted material into TerrierGPT, and stay informed about the legal process. BU’s policies will need to evolve to include a clear “legal‑hold” lifecycle and to educate the community about the realities of AI‑driven discovery.
Remember: “When you delete a chat, you may still have a copy on a server you never see.”
Sources & Further Reading
- TerrierGPT
- Order 559 – May 16 2025
- New York Times v. Microsoft & OpenAI – MDL consolidation
- BU Policies:
- Digital‑Privacy‑Statement
- Data‑Classification Policy
- Data‑Access‑Management Policy
- Identity & Access Management
- Data‑Lifecycle‑Management Policy
- Minimum‑Security‑Standards
- Cybersecurity Training, Compliance & Remediation
- Conditions of Use & Computing Ethics
- Network‑Security‑Monitoring Policy
- Information‑Security‑Policy
- Safeguarding‑Information‑GLBA
- Acceptable‑Use‑of‑Computing‑Services‑Policy