Slashdot Mirror
Yale Switching To Gmail, Not Without Opposition
PwnSnake writes "While it makes sense for small (and large) corporations to move to Gmail, something seems amiss when a top private university decides to hand everything over to Google. Although most in that community seem to welcome the change, several organizations on campus have joined forces to call for a transparent process and get students and faculty thinking about the downsides of the switch. The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
Anyone ignorant of the possible problems of things like this need to become educated.
Ugh, idiots.
When I was with their dept of psychiatry at the med school, they had terrible problems with constantly infected and reinfecting machines, both theirs and customers'. They had good admins, but couldn't keep up. With email farmed out, perhaps they can tackle the problem now.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Government mail, now with 100% legal links to the NSA.
You would think Yale having all the Skull and Bones types someone would know about not trusting mail servers.
After China are the terms "off-site" and Google "maintain it" of any real use to US academia?
Domestic spying is now "Benign Information Gathering"
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
I get this impression sometimes that people think 100% availability via "cloud" distributed computing is an invention of this century. The only thing that's new is assuming that all but a few large corporations are sufficiently competent to do something that local IT was expected to do: then with expensive, hard-to-replace machines.
If you bothered to read the second link (like that'd happen but whatever), it isn't as much a staunch "we never want to use Gmail" as a request for more transparency/information about what the agreements and options being discussed/setup by Yale's IT administration and Google. It includes requests for more information on such things as where the data is going to be stored, why Google is 'generously' providing this service free of charge and without advertisements (i.e., how much privacy/rights do you have with your e-mails), what happens if Google changes their mind down the road and wants to start charging Yale, and a few other similar concerns.
You don't like your email being read by someone else? Then why are you sending it as a postcard? And if you don't care about that then who cares if Google reads it and sells the information to advertisers?
FireGPG and others make encrypting webmail easy, and PGP/GPG and SMIME have been integrated into most mail clients for years.
Deleted
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
Outside of that, many people like to protect their own privacy.
I work at a large University considering the same thing. I like the idea. A couple of points.
* Just forwarding is not the same as having a hosted solution. Branding is important, and Colleges/Universities don't want to give that up.
* The answer to people's privacy concerns is the same as it's ever been. Privacy is the end-user's responsibility. SMTP has never been, and will never be, a private communication protocol. Recall the recent survey indicating that some 30% of sysadmins admit to violating people's privacy. Encrypt your messages, if that's important to you.
* Show me a privately hosted email solution that allows you to easily manage multiple gigabytes of storage per user.
* Email is a commodity. It's uninteresting, from a competitive practices point of view - but everyone must have it. The easier and cheaper, the better.
* You can continue using pretty much any email client you like.
... and on "why offer it for free".
Google's reasons for offering Google Apps for Education as a free service are their own. But we can guess.
1: Many university students are going to become high fliers in business. Giving them warm-and-fuzzy feelings about Google Apps is building the long term market for Google Apps.
2: Education is a "good cause". Maybe someone in Google just likes the idea of helping good causes. Or more cynically, it's good PR.
They mine it for ad targeting. And that's all.
I think the main things they get out of it is PR, and graduates with a positive experience of Google Apps.
The IT dept will have a budget. That budget is set by whoever controls the finances. If the person controlling the finances thinks you are only worth 40Mb of storage, then that's all the IT dept will give you.
If you want more, then bitch to whomever controls the finances. There is almost certainly no point bitching to IT because they can only go to the finance people and say give us more money. The people controlling the money aren't feeling the pain so why should they spend the money?
BTW, this isn't just for IT. This is any organisation, government or private.
Deleted
Back in the 90's, it made sense for Universities to create a mail service -- many students had no other access to email in those days. But why today, when there are so many free email options? There is really no good reason for Colleges to be in this business, and it totally makes sense to turn it over to Google or some other company that will do it for free. We did a study at our University and found the cost savings to be in the range of $500,000 per year, which actually is money that some people felt they could use elsewhere :) (This argument may not apply to University employees, such as faculty -- it may be prudent to provide an in-house or contracted email service for this small group, but at a fraction of the cost required for the entire student body)
Anyone ignorant of the possible problems of things like this need to become educated.
Ugh, idiots.
Google Apps for Education currently provides e-mail services to more than 2,000 colleges and universities, including Brown, Northwestern, Cornell, Notre Dame and Georgetown.
Perhaps you believe that the decision makers at these universities are not educated? Perhaps You are not?
Comments like the one above, offered without any supporting evidence or even arguement and that receieve a 4 for insightful really highlight the weakness of this forum.
Ugh, IDIOT,
It's pretty easy to create a robust mail server cluster.
It's significantly more difficult to do it at the price Google is offering.
If you're just going to assume everyone is lying, then you'd better never buy anything from anyone.
I'm an IT manager at a major University.
okay... so the thing is, everyone loves gmail. They love it because it's a pretty, intuitive interface, they have good spam filtering, it's free, plenty of storage, hugely distributed servers for good and reliable performance, nifty features, lots of happy fun time. Why *wouldn't* you switch your whole IT mail system to gmail?
You wouldn't do it because google's entire business model is based on profiting from the content of your data. Mining that
data for targeted advertising (yes, even if they're not displaying ads in your gmail, they are mining your data for useful stuff to sell to advertisers), gleaning useful tidbits about your behavior and buying practices, etc., etc. They *own*
the content of your email.
If you are working on potentially profitable research, you'd be insane to collaborate on it through google.
If you are handling privacy-sensitive data (such as student records), you'd be insane to communicate that data
through google.
If you are handling any other sensitive information (like passwords to financial accounts, potentially embarrassing
internal memos, career- or relationship- destroying office gossip), you'd be insane to communicate it through google.
GOOGLE READS YOUR EMAIL. When you sign up with google, you AGREE TO LET THEM DO IT FOR FUN AND PROFIT.
They are providing this service for free -- if something goes wrong and they lose a bunch of your data, they'll have
a minor public relations black eye and move on. You'll be out a bunch of valuable data. You can't fire anyone,
you can't take tangible measures to make sure it doesn't happen again (or that it doesn't happen in the first place), etc.
There are lots of reasons NOT to take your IT mail to google. It's mostly about data security, privacy, and accountability.
You are surrendering all of that when you go to google. If those things aren't important to you, then by all means, switch to google.
And I'm not saying this just because I'm not anxious to have my job outsourced. I'm saying it because after 20 years of
being responsible for this sort of data, giving it to google is one of the worst things you could do with it. It's not all about "Easy interface, low cost", but unfortunately anyone who ISN'T responsible for managing the data only sees those two things.
Oh, yeah... and universities don't generally prioritize storage/systems/personnel for student email. TFA talks about saving 12 TB of space, which these days I could install new (and reliably) for well under $10k, if someone was willing to spend the money on it.
If google provided free software to run a webmail system locally, now THAT's something I could get behind. THAT is what
Universities should be trying to get google to provide. Let them provide the interface, and let your local guys set it up and manage the data, keep the storage servers local.
YMMV, especially if your local IT guys just suck. :)
I work for a higher-ed institution, and we recently provided a university-sponsored GMail option. We heard this issue about sending private data via GMail, from some folks in our health departments.
Our response was: why are you emailing anything with private data in it!?
Email of any kind, whether run locally at the department level, institution-wide at the central IT level, or outsourced to someplace like Google ... Email is an inherently insecure transport method. You don't send private data over the Internet. Period.
So, let me amend your statement:
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using email, because it involves sending privileged information over the Internet.
Kids these days. When I was at school, everyone used Pine and we were content.
Another reason they offer it free is the same reason Microsoft gives their software away to educational institutions: The student is much more likely to continue to use the product after they graduate.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
I'd pretty much agree with this. The trend of University outsourcing is the result of symptoms caused by bad management. As you describe, the management will have become bloated and influenced by consultants with deep conflicts of interest.
The money is being wasted on these managers and consultants, and that is where the budget cuts need to be made - not in actually providing services to students. Also, a couple of excellent IT admins and some commodity hardware is cheaper than a dozen pen-pushers!
(Also, I probably wouldn't recommend VMS as a mail system today. While it's still incredibly robust, and until 4 years ago I was collecting mail from an AlphaServer which, IIRC, *never* crashed while deployed, Fiorina had already dealt HP a death blow in enterprise innovation.)
3: It's a tax write off. They are donating services/products.
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
The GP didn't say "uptime", he said "reliable". Those two words are not the same.
If the users aren't checking their email because the interface blows, then it's not a reliable way to get a message from A to B, no matter how many nines are in the uptime. Schools and universities have a choice right now: either offer something reasonably close to the state-of-the-art interface, or watch professors collect their students' gmail addresses at the start of the semester and having a TA create a mailing list. A five-nines mail server is great...if people use it.
"Reliable" is a people-problem. "Uptime" is a technical solution. The latter is only a small piece in the puzzle of the former.
Opt-out? It's a private email service. You can opt out by not using it. Forward the mail to some other email account.
That like saying, I want to opt-out of Starbucks coffee.
Email is an inherently insecure transport method.
This statement was true in the mid 90's. It is no longer universally true.
Using techniques such as opportunistic SMTP over TLS, a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user. This setup is more common than you think, especially in universities. I would estimate that about half of all US universities already deploy SMTPS. Email traveling over SSL/TLS is not that bad from a security point of view -- the only way to intercept it is to compromise a mail server or one of the end users' machines, and if a hacker has that level of access, you have much bigger problems than email.
SMTPS will not encrypt the link between the MUA and the MTA. For that, the end user needs to explicitly configure IMAPS or POP3S. However, this link is one of the easiest links in the chain to secure, even without cryptography. Ethernet switches (not hubs) and physical access control will prevent the vast majority of local sniffing attacks, and WPA2 is good enough for WiFi links.
You don't send private data over the Internet. Period.
I disagree with this statement. At the very least, it is almost impossible to function in modern society without sending private data over the Internet in some form. For example, if you never send your credit card number over the internet, then e-commerce is almost impossible, and if a merchant subscribed to this philosophy, he would not remain in business. As another example, you almost certainly had to send your slashdot password over the internet in order to log in, and you probably consider it to be private (if not, feel free to tell me what it is).
I agree that you should never send unencrypted private data over the Internet, but I would stop well short of recommending a complete ban on sending even encrypted private data, which is what you seem to be saying.
When one of the top public universities already switched?
Email at UVa: Account Choices
Account choices:
- Students: Microsoft Live and/or Gmail
- Alumni: Gmail
- Faculty/Staff/Special cases: Exchange and/or CMS (former mail system)
It's probably cheaper to outsource e-mail providers, but UVA still maintains control of the @virginia.edu domain and forwards e-mail to Live or G-mail.
There are a number of good reasons for *not* hosting your own email.
None of this precludes the fact that there are compliance and privacy issues surrounding email. FERPA, HIPPA, GLB, SOX, and Privacy Act may all apply. It's not an easy decision. There are at least as many factors supporting retained hosting. Outsourcing student email hosting can make a lot of sense. I don't recommend outsourcing faculty/staff email for an educational institution, but there are certainly a lot of reasons to consider it.
Or maybe email should just work like a normal person would expect it to work?
Neither have I personally audited anything about my bank, Anonymous Coward. Yet I still trust it with all my money.
For anyone who prefers their email format in text as opposed to html or rich text, it still isn't bad. :) But I think I'll stick with a GUI.
What I don't understand is how the article poster could possibly make the statement that Google Mail is good for large corporations. If I were a large (or even small) corporation, I wouldn't want any of my email messages, many of which likely containing proprietary information, being stored on another corporations mail servers. That's not only giving you a fair chance to shoot yourself in the foot, it is like asking for a marksman to shoot you in the foot for you.
RIM's Blackberry is so popular because RIM can't tell what you are emailing. It doesn't store your email. Your company still uses its own mail servers, and anything that goes through RIM's servers is not staged, and is encrypted so only your company knows what your business is. Fat chance data mining Google will encrypt mail so that they can't tell what it says.
-- I ignore anonymous replies to my comments and postings.
GMail is a horrible bodge [...]
Subjective. I had my own mail server. I ditched it years ago for GMail, because in my own subjective view there wasn't an SMTP/POP/IMAP client with as useful a user interface.
Maybe nowadays there are better local mail applications available - but I have absolutely no complaints about GMail from a usability perspective.
Thank you for being pedantic - there's nothing wrong with sending a Word file over email. It has no major advantages or disadvantages these days for file size (older versions would store uncompressed images, which led to horrible file sizes - today you can tell it to only store the part you need, at the output resolution you need).
That's funny about your TA. He must be an idiot - unless you sent him a file which couldn't be read on his system at all. I can open an ascii file in Word just fine. I can even save to plain text. Personally, I pine for the days of Wordperfect, but I find Word to be useful for most professional documentation.
Is it just my observation, or are there way too many stupid people in the world?
I looked at that FAQ, and it says that Google employees will never have access to your email unless access is explicitly grated by your admin. It also says, in the same answer, that Google employees may delete things which violate their ToS, which seems to directly contradict this (how can they delete things without write access, how can they know it violates the ToS without read access?).
Last I checked, programs were way better at virus scanning than humans.
Using techniques such as opportunistic SMTP over TLS [wikipedia.org], a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user.
That definitely helps, but on the other hand you don't know all of what happens to email in transit. If I send you an email, I might know that my server is pretty secure, but I don't really know how many servers the mail will be routed though, what the security policies might be on those servers, or even whether they might be compromised. And then I don't know whether you're using encryption for SMTP/IMAP on your client end.
So while I might say you can secure email within your organization pretty well, once it's going over the Internet, email isn't very secure-- not unless you're using something like GPG.
The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
the difference is that they won't have to manage / maintain campus mail servers. they won't have to field support calls related to email problems.
Gmail does not implement IMAP standard correctly. ... Gmail sends the responses to some queries out of order - this behaviour is formally correct but is not what some IMAP clients expect.
So Gmail is correctly implemented but the clients aren't and you blame Gmail?