Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Going Google" Exposes Students' Email

Posted by kdawson on from the visibility-in-the-clouds dept.

A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"

6 of 244 comments (clear)

  1. Google: Lowering standards for the rest of us by GradiusCVK · · Score: 4, Insightful

    We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.'

    Look, I think we can all agree that if there were some major security breach like this for which we were responsible and we sat around for 3 days before doing anything, then unilaterally suspended a bunch of accounts before finally fixing the problem, we'd be fired.

    On the other hand, if I were the head of IT at some place and we've decided to migrate everything to some giant, well-liked third party with a reputation for excellence, it'd be really easy to say, "That's just how tech is, it's hard to do right even for Google, get used to it. Oh, and while you're looking for ways to prevent such a 'catastrophe' from ever happening again, consider boosting the IT budget, will ya?"

    I'll bet that IT manager is pretty happy right now, student complaints aside.

    1. Re:Google: Lowering standards for the rest of us by JasterBobaMereel · · Score: 4, Insightful

      The current IT guy is laughing .... it is out of his hands and he cannot do anything about it and everyone knows this ...the person who outsourced it to Google however .....!

      --
      Puteulanus fenestra mortis
  2. Re:methinks he doth protest too much by gbjbaanb · · Score: 4, Insightful

    Most people don't keep that on their email accounts...

    Most people don't keep that *what* on their email accounts?

    Private stuff?
    Passwords?
    User ids?
    $25,000,000 money-making invitations?
    Shakespeare quotes?

    I know one fact about email which makes it an incredibly important security risk - the 'I forgot my password' link. Log on to a site you think the user uses, click that 'forgot' link, read his new password a few moments later. erm.. profit.

    That said, this is google mail we're talking about, the one that bills itself as "store everything on us" we're safe and you'll never lose an email again thanks to our massive storage, indexing and searching facilities. So, for some people email is downloaded immediately and never stored on the server, for many many others, it stays right on the server.

    I'd have cancelled the account, the way it was handled is not acceptable, even a free service has reasonable expectations of security. To let it linger for 3 days... that's simply not good enough.

  3. Re:Someone has high demands. by Trogre · · Score: 5, Insightful

    I'm sorry, perhaps you missed the part where students could read each others emails.

    Microsoft participation is not required in this case.

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  4. Re:Still more secure than most school systems by betterunixthanunix · · Score: 4, Insightful

    Google docs is another liability, when it comes to security. A while back, Columbia experienced a major data leak -- tens of thousands of social security numbers, names, dates of birth, etc. (everything you need to open a bank account) -- all because someone was using Google docs. Frankly, if you want the same level of document/email integration, there are a lot of free-libre and proprietary packages that will do that; MS Office, or KOffice+Kontact, for example. Being willing to put up with a slightly less convenient, but far more secure (in terms of data) method is all it really takes.

    --
    Palm trees and 8
  5. Re:3 Days Turnaround by Bender0x7D1 · · Score: 4, Insightful

    No offense, but from a privacy perspective there is nothing "less bad" about seeing "just" the contents of old mailboxes.

    If I have nude photos, love letters, an email from porn-porn-porn.com, or just something I don't want someone else to read in my old mailboxes, how is someone else being able to see them not horribly bad even if they are over 90 days, (or whatever), old?

    --
    Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.