Revised to make sense
The phrase should have been, "people should know that their admins can see literally every site they visit from university-owned infrastructure...." This should be made perfectly clear to all students, faculty and staff when the acceptable use documents were handed to them during orientation or on-boarding. We would like to think that schools have a much broader range of what constitutes acceptable use, but they still have an obligation to provide basic security across their networks in addition to the IT services needed by the organization.
To the point, though, I have yet to run into one that actually does a good job with any of this. My experience has been that machines intended to be used as kiosks are left logged in with admin privileges, AV and antimalware packages are absent, network defenses are... well, the setup described in the story is hardy amazing. In as much as we complain about government screw-ups in IT projects, school administrators seem to be less capable in this regard.