Slashdot Mirror
Yale Switching To Gmail, Not Without Opposition
PwnSnake writes "While it makes sense for small (and large) corporations to move to Gmail, something seems amiss when a top private university decides to hand everything over to Google. Although most in that community seem to welcome the change, several organizations on campus have joined forces to call for a transparent process and get students and faculty thinking about the downsides of the switch. The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
Anyone ignorant of the possible problems of things like this need to become educated.
Ugh, idiots.
I was a grad student there, and most of the people I knew hated the Horde webmail interface. I practically never used it, since I've always set up IMAP.
My current university also outsources most of their student e-mail services to Google... again, I almost always access it through IMAP. The main downside I've run into is that the university version of Gmail doesn't have access to Labs features that you get with regular Gmail.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
God, I wish my university would do this. We have 40MB account limits and professors routinely send out 10MB worth of attachments. Sure, you can forward it all to gmail (and who doesn't), but don't forget to delete your mail off the university's shitty server once a week or you'll get everything bounced!
This game will waste your life. Don't clicky!
They're still more reliable than anything most other people can accomplish.
Whatever they decide to do, some people are going to complain. The gmail-based service lets people use POP and IMAP so they can use a different UI if they want. So you've got real flexibility, and a default UI that (in most people's opinions) doesn't suck. So... what was the problem again?
When I was with their dept of psychiatry at the med school, they had terrible problems with constantly infected and reinfecting machines, both theirs and customers'. They had good admins, but couldn't keep up. With email farmed out, perhaps they can tackle the problem now.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Harvard, just to spite Yale, has switched its mail system over to Yahoo! Mail. Also, 3 MIT students are currently being investigated for breaking into the accounts of the presidents of both universities and sending out notices to their entire university saying that the cafeteria systems at their universities had recently added a free bar.
I am officially gone from
My university is also switching to not just gmail, but integrating the other Google apps also.
If a man empties his purse into his head no man can take it from him. An investment in knowledge pays the best interest.
I too want to make a living astroturfing. Where do I apply?
Maybe someone better informed than I could say whether or not if using Gmail corporate services would also expose you to randomly-applied 'great ideas' such as the screwup that is Buzz?
I would hope not...
Yes, outsourcing your infrastructure to a private company is always "chillaxing". It keeps the costs down, users don't pick up on service quality and in-house experience and development is unwanted.
Government mail, now with 100% legal links to the NSA.
You would think Yale having all the Skull and Bones types someone would know about not trusting mail servers.
After China are the terms "off-site" and Google "maintain it" of any real use to US academia?
Domestic spying is now "Benign Information Gathering"
Besides, it's a deplorable state of affairs when a university can't muster the resources to at least operate an on-site forwarding mail server.
According to TFA, it's going to save 12GB of on site storage per student. If I was a university IT manager and a corporation offered me that *for free*, I'd bite their hand off.
Whoever you are, why spend money when there's an alternative?
At least, they should openly specify the reasons why they chose Google.
The largest prime factor of my UID is 263267.
It's a service. Just like the phone company, janitorial services, accounting, and insurance.
The students and faculty don't clamor for input and transparency on which payroll company the university uses to issue paychecks and work/study payments, and there's something they use every day. Sounds to me like this is a lesson to be learned for a bunch of college brats who can't adjust to change.
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
I get this impression sometimes that people think 100% availability via "cloud" distributed computing is an invention of this century. The only thing that's new is assuming that all but a few large corporations are sufficiently competent to do something that local IT was expected to do: then with expensive, hard-to-replace machines.
Anyone ignorant of the possible problems of things like this need to become educated.
Go on, give us a few. Avoid ones that are easily mitigated.
It's not free. As you point out, Google is a corporation and they don't do things unless they expect to get something out of it. What Google is getting is a LOT of information about Yale students, staff and faculty.
You don't like your email being read by someone else? Then why are you sending it as a postcard? And if you don't care about that then who cares if Google reads it and sells the information to advertisers?
FireGPG and others make encrypting webmail easy, and PGP/GPG and SMIME have been integrated into most mail clients for years.
Deleted
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
Outside of that, many people like to protect their own privacy.
I work at a large University considering the same thing. I like the idea. A couple of points.
* Just forwarding is not the same as having a hosted solution. Branding is important, and Colleges/Universities don't want to give that up.
* The answer to people's privacy concerns is the same as it's ever been. Privacy is the end-user's responsibility. SMTP has never been, and will never be, a private communication protocol. Recall the recent survey indicating that some 30% of sysadmins admit to violating people's privacy. Encrypt your messages, if that's important to you.
* Show me a privately hosted email solution that allows you to easily manage multiple gigabytes of storage per user.
* Email is a commodity. It's uninteresting, from a competitive practices point of view - but everyone must have it. The easier and cheaper, the better.
* You can continue using pretty much any email client you like.
Not the only university to do this. My university in Dublin (Trinity College) also switched to gmail and it was met with overwhelming support from students and staff alike. POP, IMAP or web interface that most were used to and that new users welcomed, reduced spam (95% of college mail being spam and exchange filters not catching more than 50% of it), higher level of storage, easier external access, bigger attachments. Overall it was an easy transition and a reduced workload for the syadmins. The only initial problem was different passwords for network access and email, which DOES make a difference for less technical students such as those in arts and letters faculties. Overall it was a step forward with a positive reception from staff, students and sysadmins. Good luck to Yale and let's give it 6 months or so, then poll each of those groups to see if they prefer the gmail way or the old way.
You're just making up what Google does with that data.
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762
Here's the thing : As a student or faculity of the university, there is a reasonable expectation of privacy in things like email. Email has become the major communications tool of this era. By switching to a 3rd party service like Google, that expectation of privacy goes out the window. If two faculity are working on a research project, there is no gaurentee that Google won't have one of their 'snafu's again where they expose your private email to others or the world. Remeber, research is what really powers the dollars for schools like Yale -- and an issue with exposed or leaked emails could cause the university millions.
Giving this up to a 3rd party runs into the "your data" vs. "my data" type of senerio. Your shit vs. my stuff in the words of George Carlin. If there is a privacy breech, and you run the email server, you know who to contact, you make the correction immediatly, and you deal with it. When a 3rd party company like Google has an issue, they "look into it", and rarely take the same steps to correct the issue. We've already seen that once when email was being delivered to students that the wrong university!
Yet, they are saving a dollar. It makes some IT manager's issues go away for not having to run yet another critical service.
If only the service came with some sort of assurances about privacy.
Oh, here they are:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762
Anybody sending that type of data should not be using email, period. It doesn't matter if you're hosting it locally or in the cloud, it is an insecure transport.
They mine it for ad targeting. And that's all.
I think the main things they get out of it is PR, and graduates with a positive experience of Google Apps.
The IT dept will have a budget. That budget is set by whoever controls the finances. If the person controlling the finances thinks you are only worth 40Mb of storage, then that's all the IT dept will give you.
If you want more, then bitch to whomever controls the finances. There is almost certainly no point bitching to IT because they can only go to the finance people and say give us more money. The people controlling the money aren't feeling the pain so why should they spend the money?
BTW, this isn't just for IT. This is any organisation, government or private.
Deleted
You can go to Yale, or you can NOT go to Yale.
Send your spendthrift head of state this
Back in the 90's, it made sense for Universities to create a mail service -- many students had no other access to email in those days. But why today, when there are so many free email options? There is really no good reason for Colleges to be in this business, and it totally makes sense to turn it over to Google or some other company that will do it for free. We did a study at our University and found the cost savings to be in the range of $500,000 per year, which actually is money that some people felt they could use elsewhere :) (This argument may not apply to University employees, such as faculty -- it may be prudent to provide an in-house or contracted email service for this small group, but at a fraction of the cost required for the entire student body)
I think you misunderstand what a monopoly is. Or you're being wilfully broad with the word.
There is nothing to stop anyone else offering a competing service. To be able to offer it free, they'd probably need to be another giant corporation - but MS, Yahoo, IBM could all do this if they wanted to.
There is no lock-in on Google's side.
Google's IMAP implementation is horrible, to the point of only barely being usable. I get frequent IMAP errors regarding folders not being found, even when the folders are being reported by the server -- and I am not the only one. Google has been aware of these problems for years now and done absolutely nothing about it.
Of course, my main objective to universities switching to Google has nothing to do with functionality. GMail is proprietary software, and universities should not be locking themselves into solutions provided by specific corporations. Hey, maybe I am just too much of a free software guy, but if nobody voices the concern...
Palm trees and 8
Whoever was quoted on the 12GB storage savings per student was making up information. I would like an explanation of how 2GB email quota per student -- not measured usage -- becomes 12GB of storage; even including tape backups. If this statistic is true, the storage architecture for Yale email has been designed by an incompetent idiot. Explains why Yale has to outsource email.
Every mans' island needs an ocean; choose your ocean carefully.
Horde is pure, utter shite, obviously written by weekend PHP developers with short attention spans, and wouldn't know a decently-designed user interface if it jumped up and bit them in the face.
The university I went to used (and probably still does) use it. It's a pain to use, and a pain to administer.
What's so hard about writing a decent Web email client anyway?
Not sure what your expectations are, or what the policy of your school is, but in any sort of litigation or suspicion of academic malfeasance, or even internal disputes within departments it's been my experience that just as in most corporations your university email is fair game and not covered by anything like the protections of third-party email or regular mail.
Lots of colleges and universities are switching over to Google. The reasons are pretty straightforward: Google offers more storage space than most higher ed IT departments could reasonably afford and the move relieves them of the need to administer an email server. See this article for an overview. Even Hope, in Taco's home town, switched over a couple years back and I know they've been pretty happy with it.
No statement is true, not even this one.
It's pretty easy to create a robust mail server cluster.
It's significantly more difficult to do it at the price Google is offering.
Company-internal mail that needs to remain confidential needs not be encrypted -- as long as the company's mail servers remain within the company. Move your mail to google, and suddenly google knows you're getting a rise before you know it. Oh well, some people will call it a good thing if they're getting job offers before they learn that they're going to get laid off. Too bad though that the job offers will be for male escorts or something, as google also knows the reason why you're about to get laid off.
What kind of sadist sends 10MB attachments?
Anybody doing research.
Seriously, I've had 30MB attachments show up. 10MB is nothing when you're talking about a research paper written in MS Word.
Before you tell us how they should be using a magical free alternative to Word that produces tiny files yet has all the same capabilities, these papers have to be read by management types at the sponsoring organizations (often the Federal government) so sending them anything other than a Word document is out.
Putting moderation advice in your
I'm an IT manager at a major University.
okay... so the thing is, everyone loves gmail. They love it because it's a pretty, intuitive interface, they have good spam filtering, it's free, plenty of storage, hugely distributed servers for good and reliable performance, nifty features, lots of happy fun time. Why *wouldn't* you switch your whole IT mail system to gmail?
You wouldn't do it because google's entire business model is based on profiting from the content of your data. Mining that
data for targeted advertising (yes, even if they're not displaying ads in your gmail, they are mining your data for useful stuff to sell to advertisers), gleaning useful tidbits about your behavior and buying practices, etc., etc. They *own*
the content of your email.
If you are working on potentially profitable research, you'd be insane to collaborate on it through google.
If you are handling privacy-sensitive data (such as student records), you'd be insane to communicate that data
through google.
If you are handling any other sensitive information (like passwords to financial accounts, potentially embarrassing
internal memos, career- or relationship- destroying office gossip), you'd be insane to communicate it through google.
GOOGLE READS YOUR EMAIL. When you sign up with google, you AGREE TO LET THEM DO IT FOR FUN AND PROFIT.
They are providing this service for free -- if something goes wrong and they lose a bunch of your data, they'll have
a minor public relations black eye and move on. You'll be out a bunch of valuable data. You can't fire anyone,
you can't take tangible measures to make sure it doesn't happen again (or that it doesn't happen in the first place), etc.
There are lots of reasons NOT to take your IT mail to google. It's mostly about data security, privacy, and accountability.
You are surrendering all of that when you go to google. If those things aren't important to you, then by all means, switch to google.
And I'm not saying this just because I'm not anxious to have my job outsourced. I'm saying it because after 20 years of
being responsible for this sort of data, giving it to google is one of the worst things you could do with it. It's not all about "Easy interface, low cost", but unfortunately anyone who ISN'T responsible for managing the data only sees those two things.
Oh, yeah... and universities don't generally prioritize storage/systems/personnel for student email. TFA talks about saving 12 TB of space, which these days I could install new (and reliably) for well under $10k, if someone was willing to spend the money on it.
If google provided free software to run a webmail system locally, now THAT's something I could get behind. THAT is what
Universities should be trying to get google to provide. Let them provide the interface, and let your local guys set it up and manage the data, keep the storage servers local.
YMMV, especially if your local IT guys just suck. :)
All of the issues they're clamoring over are completely non-unique. The simple fact that Google is giving Yale their Google Mail service for free is an advantage that cannot be glossed over in one sentence (as these authors did) for the following reasons:
This doesn't include the fact that no system, regardless of how well it's put together, is immune to the occassional outage. One can argue that administrators don't have much control over fixing an outage on Google's turf, but they have shown consistently that they can get everything back in working order extremely quickly. Plus, being able to manage millions of accounts (which include calendaring and contact storage for almost every account) while retaining extremely reliable levels of uptime is impressive.
I think the only reason why large-scale corporations haven't considered doing the same is to retain compliance. (Legal would never allow it).
As opposed to now, when your choices for email are 1) Yale's in-house email 2) n/a
Except that in both cases, there's nothing to stop you using any of the other webmail services, either free or paid.
I work for a higher-ed institution, and we recently provided a university-sponsored GMail option. We heard this issue about sending private data via GMail, from some folks in our health departments.
Our response was: why are you emailing anything with private data in it!?
Email of any kind, whether run locally at the department level, institution-wide at the central IT level, or outsourced to someplace like Google ... Email is an inherently insecure transport method. You don't send private data over the Internet. Period.
So, let me amend your statement:
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using email, because it involves sending privileged information over the Internet.
It's called outsourcing, contractors and management.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
Of course when it's time to look for a solution, the contractors love to propose their 'appliances' and 'do-it-all software' with 'vendors' and 'partners' because their contracting companies are being sponsored by those companies. That's why we have Exchange with Quest Extensions ($25000/server for a piece of software that only SHOWS the flow of e-mail on a pretty screen), NetApp storage at $5/GB/year, PeopleSoft, Microsoft SMS/WSUS with Quest Extensions (so you can attempt to use WSUS on a Mac bound to Active Directory and Novell Linux bound to Active Directory - Solaris and Debian what's that), some random companies DHCP server appliances - $2500 for a piece of hardware that only does DHCP based on the open source dhcpd, a paid version of SysLog (the actual open source syslog-ng software) with licensing based on logs per hour.
Management thinks that this is normal and the way to do business. Of course their overhead is so large that hardly anybody uses their services as it is cheaper to get your own sysadmin and invest in hardware. So University IT supports about 20 of the smallest departments - those that are too small to pay for a single sysadmin, they need about 200 people to do that job (the other 100 are in networking, server admins and telephone)
Custom electronics and digital signage for your business: www.evcircuits.com
1) GMail. 2) n.a.
3) Chose another university.
Seriously. The university chose the food management company, the cleaning contractors, and the security guard service. They also chose the e-mail contractors.
Like the undergrads care about e-mail privacy while they're simultaneously posting their frat party pictures to FB.
Put identity in the browser.
I'd imagine lots of organisations are using email where their clients only communicate with the mail server using SSL (either via webmail or SSL encryption of standard transports like IMAP and SMTP or MAPI).
Those organisations may well treat their internal email as being secure. I believe there are plenty of hospitals use email to send patient information between DRs and staff. I'd expect they only do so because they consider their internal email to be secure.
If they switch to Gmail for the Horde servers it will ONLY affect their student population and few outlying departments. The main e-mail and calendaring system at Yale is Exchange. This switch, if it happens, is probably one to free up resources.
All university email addresses through Gmail also have .edu addresses.
* Google could change privacy settings in the future. Imagine that external parties could buy lists of "names" or "grades".
As with any contract, if a company decides to change its policies, you can renegotiate or go with another. Other companies (aka Microsoft et al) will have migration solutions.
* Once hooked, it is difficult to switch back. Once, the IT culture has been outsourced, also the IT talent has disappeared and higher education becomes dependent on external companies.
You outsource phone, mail, construction, and other services. Once it is outsourced, it will actually be fairly easy to migrate to another solution. Plus, with the savings from getting rid of parts of the IT staff and infrastructure costs, you'll be able to afford consultations with more money on top.
* There is a lot of research and confidential information going over email. If I were a researcher working in a cutting edge field, I would be worried to have information about the projects safe.
There is a lot of confidential information going through the snail mail system, cell phone towers, and the regular phone system. All in all, seeing incompetence of a lot of university IT staffs, I would trust a company whose core business is to keep your information safe more than the local IT staff.
* Google delivers now. Will it in 10 years? What happens if Sergey and Larry have moved on completely and accountants eying primarily the stock market have taken over? It might become more expensive for a university in the future. Or, due to lack of other possibilities, one is forced to accept a partner which is less careful about privacy settings.
Again, like any utility, there are options.
* A lot of students and faculty already use gmail now. But they do not have to. If somebody wants, it is possible to have all benefits from external email providers. Why force it?
Cost savings that can be applied elsewhere, .edu address associated with your gmail, the ability to migrate seamlessly from your .edu address to a alumni address.
* Some redundancy is nice. Its can be beneficial to have different email addresses and use them for different things. If one provider does not deliver, one can use an other one. Being forced to use an external email provider leave less options and adds more dependencies.
Being forced to have all of your information going through the university mail servers provides the same issue. I've seen outages at the university level that would shame a corporation. Outages do happen, but a company like Google has the expertise and resources to resolve it quickly.
I came, I saw, She conquered.
I work for a higher-ed institution that's in the Big Ten. We recently provided GMail on campus, to all faculty, students, and staff. It was a remarkably easy transition for us to make. Here's how we did it:
Opt-in.
Really, that was it. We said, "Here's the GMail system that we arranged through Google and the University. If you want to move to GMail, please do - here's a link to make that happen. If you prefer to remain on the existing University email system, that's fine, we aren't taking that away and we're still committed in supporting the University system."
It's worked out well. As of last week, our overall adoption rate is 26% across faculty and staff (I don't have the student numbers) with several colleges and departments already at 100%. Overall, students opted in very quickly. Our outliers have been staff and faculty - this is likely because moving to GMail is a change, and change can be scary. (Note you can use the web interface, or access GMail using POP/IMAP.)
It's not entirely opt-in, though. Incoming students are not given an option - they'll be issued a University GMail account by default. The goal is that over the next 4 years, we'll gradually have all student accounts move to GMail automatically. (But as I said, students tended to opt-in very quickly.)
If the schools email system failed to properly send your class assignments and you didnt receive emails properly,
you should have contacted the university and appealed your grade. At the very least the university would have
allowed you to retake the class without cost or GPA penalty. You couldnt have been the only person in school this happened to.
You may still be able to appeal if nothing else to just get the F removed from your transcript(I assume to retook the course).
If you kept your emails since then you can print out your email directory where the old emails are missing.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
I'd pretty much agree with this. The trend of University outsourcing is the result of symptoms caused by bad management. As you describe, the management will have become bloated and influenced by consultants with deep conflicts of interest.
The money is being wasted on these managers and consultants, and that is where the budget cuts need to be made - not in actually providing services to students. Also, a couple of excellent IT admins and some commodity hardware is cheaper than a dozen pen-pushers!
(Also, I probably wouldn't recommend VMS as a mail system today. While it's still incredibly robust, and until 4 years ago I was collecting mail from an AlphaServer which, IIRC, *never* crashed while deployed, Fiorina had already dealt HP a death blow in enterprise innovation.)
If you're just forwarding mail, you're going to have constant support issues because of SPF causing student's mail to end up in the spam bucket.
You'll need a couple of members of staff to deal with those queries, and all the other queries from people who say someone sent an email but it didn't arrive. Two staff members plus their associated costs will set the university back $100k a piece. If you want to support your forwarding mail server 24x7 that's going to need 4 staff.
Now your small amount of hardware and associated costs sets the school back $0.5 million a year. Does it still seem like such good value?
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
The GP didn't say "uptime", he said "reliable". Those two words are not the same.
If the users aren't checking their email because the interface blows, then it's not a reliable way to get a message from A to B, no matter how many nines are in the uptime. Schools and universities have a choice right now: either offer something reasonably close to the state-of-the-art interface, or watch professors collect their students' gmail addresses at the start of the semester and having a TA create a mailing list. A five-nines mail server is great...if people use it.
"Reliable" is a people-problem. "Uptime" is a technical solution. The latter is only a small piece in the puzzle of the former.
Are you quite mad? I seriously hope you don't really have a job in IT. Email was invented by academics as a means to share information with other academics. Telling them not to use it is the most ridiculous thing I have ever heard.
Departments with sensitive information should be using mail clients with GPG, and running their own PKI, but at least by running your own email servers you have more control (eg limit logins to campus IP addresses and provide VPN for remote login).
Phillip.
Property for sale in Nice, France
I bet Yale's medical school would fall under HIPAA rules and would need to protect medical records of folks they work with. I would also bet Google's privacy rules and data handling are not HIPAA compliant.
Anyone using unencrypted email is saying, "I don't care if the entire Internet reads my email messages." ... whether they know it or not.
Damping absorbs vibrations. Dampening is caused by moisture.
A state-of-the-art interface is a modern IMAP mail client. GMail is a horrible bodge, although if you want to make do with using HTML to access mail, don't complain about the principle when your actual problem is the particular web interface(s) chosen. There are dozens of alternatives to choose from, your administrator could install several, and you even have the option of implementing/deploying an independent front end yourself, which merely talks IMAP to your chosen server.
Personally, I /hate/ complex JavaScript as an approach to application delivery: it is slow, it is bloated, nothing works quite as you expect, and it is not as integrated as a native interface. If I want a web front end, it is because I want something extremely lightweight for temporary access, often from a restricted connection - although I'd still rather have the option that allows me to download and read off-line.
I know it's bad form to reply to your own post, but I'd like to pre-apologise for suggesting you shouldn't work in IT. You are entitled to your own opinions. I strongly disagree, however, that simply dismissing email as insecure is an excuse for not properly mitigating risks for those that do use email to send private information.
Phillip.
Property for sale in Nice, France
I can see an enormous upside to this, namely Google apps. Sharing documents makes the coursework and administration so much easier. I wish we had it at the school I teach at.
Artificial Intelligence stands no chance against Natural Stupidity
It does not involve sending data over the internet when it's only intra-institution within an institution that runs its own mail servers. Even with HIPAA, it still makes perfect sense for co-workers to email each other at their work addresses. And this is in fact the rule that many hospitals (and research universities use): privileged information may only be sent to email addresses within the institution.
Really? So if I run an email server that doesn't route outside of the local network and is encrypted on the local network is that more insecure than any other form of communication? Paper can be misdelivered, conversations can be overheard, etc.
You may as well ask them to install and run their own, personal cold fusion reactors in their offices. Most people will just get angry walk away at the mere suggestion that you make their computing environment less convenient. Professors are not exceptional in the above regard.
Damping absorbs vibrations. Dampening is caused by moisture.
Opt-out? It's a private email service. You can opt out by not using it. Forward the mail to some other email account.
That like saying, I want to opt-out of Starbucks coffee.
Assuming that Yale isn't blocking access for other mail services, I fail to see how this is any different. Use the yale.edu account for school related matters, and get your own account for private messages.
Of course, this also means that Yale's IT organization has taken into account the implications outsourcing has on the school's intellectual property, etc. As part of the RFP and selection process, these items should be taken into account to ensure the outsourcer's offering has sufficient controls. This is really no different than any large organization choosing to select Exchange, Notes, GroupWise, or outsourcing the service through any number of third party providers. *I do recognize that Google Buzz does change the thought process for GMail users. Of course, that is also a contract issue with Google-as-outsourcer (i.e. privacy and intellectual property protections should be built into the contract, and the outsourcer is obliged to ensure their offering meets the contract specifications).
Email is an inherently insecure transport method.
This statement was true in the mid 90's. It is no longer universally true.
Using techniques such as opportunistic SMTP over TLS, a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user. This setup is more common than you think, especially in universities. I would estimate that about half of all US universities already deploy SMTPS. Email traveling over SSL/TLS is not that bad from a security point of view -- the only way to intercept it is to compromise a mail server or one of the end users' machines, and if a hacker has that level of access, you have much bigger problems than email.
SMTPS will not encrypt the link between the MUA and the MTA. For that, the end user needs to explicitly configure IMAPS or POP3S. However, this link is one of the easiest links in the chain to secure, even without cryptography. Ethernet switches (not hubs) and physical access control will prevent the vast majority of local sniffing attacks, and WPA2 is good enough for WiFi links.
You don't send private data over the Internet. Period.
I disagree with this statement. At the very least, it is almost impossible to function in modern society without sending private data over the Internet in some form. For example, if you never send your credit card number over the internet, then e-commerce is almost impossible, and if a merchant subscribed to this philosophy, he would not remain in business. As another example, you almost certainly had to send your slashdot password over the internet in order to log in, and you probably consider it to be private (if not, feel free to tell me what it is).
I agree that you should never send unencrypted private data over the Internet, but I would stop well short of recommending a complete ban on sending even encrypted private data, which is what you seem to be saying.
"Perhaps you believe that the decision makers at these universities are not educated? Perhaps You are not?"
The decision makers are often not technical people and are either unwilling or unable to grasp the complexities of such issues.
I'm always glad when a large institution or company publically chooses something other than Microsoft Exchange.
Sadly, people are going to use email inappropriately and there's nothing the university can do about it except punish those who's actions result in major breaches or scandals.
Also, I'm a gmail user (since 2004) and I do not consider it any less secure than any other public email service. Running your own smtp server is the most secure option but that seems like overkill. If I want secure mail I use gpg.
Damping absorbs vibrations. Dampening is caused by moisture.
When one of the top public universities already switched?
Email at UVa: Account Choices
Account choices:
- Students: Microsoft Live and/or Gmail
- Alumni: Gmail
- Faculty/Staff/Special cases: Exchange and/or CMS (former mail system)
It's probably cheaper to outsource e-mail providers, but UVA still maintains control of the @virginia.edu domain and forwards e-mail to Live or G-mail.
Reliable e-mail is not that hard, especially if you don't have to deal with "enterprise" software.
Running a IMAP/webmail interface for students and grads is not that difficult, nor that expensive, nor that energy intensive. Dovecote, sendmail/postfix, and Squirrelmail/Roundcube run without problems on any decent POSIX system (Linux, BSD, Solaris). Attend a LISA conference or two, or go back into the archives, and you'll find plenty of examples of people running mail for thousands of users on a few moderately-sized machines.
Don't paint mail as "hard" just because people can't run Exchange properly.
Um even the nature of sending an e-mail may represent private information. Your services for students with disabilities for example, by nature of saying 'you have a meeting with so and so in our office every thursday this term' is letting the cat out of the bag so to speak. Or a 'You have a meeting with prof A at 3 pm. Signature: Prof A, lead researcher diabetes lab' or similar.
If you think people, on average, outside the engineering and comp sci departments have the technical skill to transmit drafts of papers, meeting with potential subject schedules etc. over something other than e-mail, you're grossly misinformed. The problem we have had at the last two universities I've been at is that people just used gmail because IT worked hard to keep our internal mail so secure you couldn't send .pdf and .zip attachments.
That said, I'm not sure any inherent problem with Google (or Sun or whomever) doing your e-mail. Someone is running your e-mail, your internal guys have a lot of trouble keeping e-mail sufficiently up to date for people to actually use it (especially in the era of shrinking budgets). These big outfits can aggregate the costs of backups, UI design etc over dozens of institutions. Admittedly they're marginally more likely than your internal guys to have a market to sell any of the private data too, but I don't see that as a huge gain in risk. Your contract with them should specify the service they provide limits what they can do with your e-mail data, and if they violate that it's a breech of contract issue. You're probably better with them running it in a decent fashion with half decent contract than your students using gmail for everything, with no contract about what they can, or cannot do with private data.
The solution is always to hire more managers. Heh.
Damping absorbs vibrations. Dampening is caused by moisture.
Yes, that is useful. According to Google, their black information sucking hole is of no harm to your privacy.
Departments with sensitive information should be using mail clients with GPG, and running their own PKI, but at least by running your own email servers you have more control (eg limit logins to campus IP addresses and provide VPN for remote login).
Actually, the rule is that departments that need to send/share things like PHI data need to de-identify the data before sharing. If a researcher at one university wants to share PHI data with a researcher at another university, you are supposed to de-identify that data first.
If you're working on the same grant together that requires both researchers have full access to the PHI data, then there are other rules about access, transport, etc. Using GPG or other encryption over email doesn't really make the grade here. Email + attachments is not a file transfer protocol, anyway. You should use other, more secure methods to share that data with the grant partner researcher.
By the way, I liked your suggestion that departments should be "running their own PKI." That made me laugh, thanks.
A state-of-the-art interface is a modern IMAP mail client.
Let me guess, Pine?
Our University is looking at switching, and a bunch of students have opted to move early, since Google's offering the services whether we switch entirely or not.
Our contract says they give us free service, and explicitly says they do *NOT* mine our emails for anything, ever.
"You know, Hobbes, some days even my lucky rocketship underpants don't help" -- Calvin
As noted above, e-mail itself is not HIPAA compliant.
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
I'm usually using one of Outlook 2007, Apple Mail or SquirrelMail. I used to use Pine from time to time but it's been a while. It's great to have so many options. I do send and read mails by default in plaintext, though I will view the HTML part if the sender is trusted (i.e. if I'm particularly bored and want to read some solicited marketing communication).
Do I fit into the stereotype you predicted?
Really? I thought it was mostly html, xml, binaries and javascript ;)
Damping absorbs vibrations. Dampening is caused by moisture.
That's just simply not true. Set up a LOCAL mail server, then the data never even goes on the Internet, you fool!
Wow, your users and researchers must never have to work with others outside the institution. That's amazing.
Hmmm, I've never heard of this other email system called Without Opposition. Is that supposed to imply that it's so good it'll generate no opposition? But I guess Gmail proved them wrong in this case.
Figure out the "real cost" of maintaining a separate, local mail system in addition to Gmail. Hardware, software, maintenance, and the salaries and benefits of any staff needed just to maintain the local system. Then give people the option of using the local one instead of gmail, and charge them their share of the total cost minus whatever Google is charging per Gmail account. Since most people will go with Gmail, the local accounts will likely end up being absurdly expensive. But if you REALLY want one, its there for you.
there is a reasonable expectation of privacy in things like email.
You wouldn't think that expectation was so reasonable if you knew how email worked...
Can you be Even More Awesome?!
And Oh Auntie M, there's no place like home. No place like home. BTW, the rest of us live in the real world.
-- I ignore anonymous replies to my comments and postings.
Neither is a file server or a database until you put in the proper controls, security, and encryption. I would imagine a secure email server with proper controls and data protections would be compliant as well.
AND every department now has to hire/contract/support/pay for their own mail server.
The email costs for every university/hospital just went up 10 fold.
Brilliant way to drive more jobs into the economy, though!
There are two types of people in the world: Those who crave closure
This is why things like secure e-mail were created, in many cases you something like port authority (now websense, unfortunately the page has been redirected but not setup) that scans outbound email for confidential information and if found, sends an email with a link to the sender so that they can fill out a few questions for the recipient to answer. Only if all questions are answered corectly, will the https connection allow viewing of the message...
Never seen that. At least not with patient identifiable info. You can use certain services to notify you that you have a secure message that is stored on a separate server (not an email server). Banks seem fond of this approach although it's rather clumsy.
And do read up on exactly what Google does with any email. It's NOT Echelon folks.
Faster! Faster! Faster would be better!
But that doesn't address whether another organization should have access to this data in the first place which is the heart of this issue. Hosting conveniences aside, the best counterargument to using any other hosted service will be close examination of the consequences of one's chosen hoster(s) (and whomever the hoster(s) deems worthy) having access to one's data. Eben Moglen's Talk on "Freedom in the Cloud" seems remarkably apropos here.
Digital Citizen
Still a bad policy unless you lock down exactly where you can send ANY email. Do you think any random doc or tech is going to know the implications of sending confidential information to doctorno@spiffyhospital.org vs. doctorno@yahoo.com? Ain't gonna happen.
If anyone actually does that, I'd love to see the audit trail. It's simply too dangerous to let happen.
Faster! Faster! Faster would be better!
GMail is a horrible bodge [...]
Subjective. I had my own mail server. I ditched it years ago for GMail, because in my own subjective view there wasn't an SMTP/POP/IMAP client with as useful a user interface.
Maybe nowadays there are better local mail applications available - but I have absolutely no complaints about GMail from a usability perspective.
Wish I could mod this up. An excellent response to the baffling attitudes towards email I've seen at a number of university IT departments (similar to grandparent).
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
Outside of that, many people like to protect their own privacy.
Sure, and the campus sys admin is completely reliable. Of course, he has been screened and he has signed an agreement to become a true email-man. Give me a brake. Email privacy is almost always based on people's decency. When I was the sys admin of the dept I worked, I developed a skill to NOT look into other people's emails, to shy away when passwords are typed and certainly NOT to gove anyone access to the user data, etc... I'm not so sure everyone is like that.
The argument that Google would be less discrete with your data than some other provider is flimsy.
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Don't they have a CS department? You know most of the UNIX tools which are in use are actually invented/developed by the students studying in that particular university.
A prestigious university like Yale can't implement their own webmail/imap system and relies on Google handing all the student data at first place. Hopefully they didn't pay for such an unjustified publicity boost for Google.
I can't really believe a prestigious university like Yale or any other university can't really fix things themselves. Really mysterious to begin with... OK; 40 MB is stupid because e-mail isn't used in its original intent anymore... Why not fix it instead of handing the entire thing to Google?
Yale is internationally known for their law school... That is the funniest part when you know gmail isn't really that "free" if you actually think about the rights you give to Google and your private mail.
My university is switching to Live@edu.
Bear in mind that Google runs Gmail so they can read your emails automatically and profile you. That's why Gmail is offered for free.
Think about that. Google has profiling data on Ivy League students, many of whom will grow up to be business leaders and political figures. (Ford, Clinton and both Bushes went to Yale.) That data will be politically valuable in the future.
Google has the information to figure out a GMail user's social network. They can tell who responds to whom, and how fast, which allows figuring out the social hierarchy. Google can easily detect discussions of criminal activity and drugs. They have real name data, so they can correlate mail accounts with other information, like criminal records. So they're acquiring the data that will tell them where pressure should be applied to coerce people.
For most people, that data is barely worth collecting. But for Yale students, it's golden.
My current university uses Gmail, but operates a separate legacy system. If I remember correctly, human subjects researchers use the legacy system to make appointments with subjects. This information is not secret, since anyone can stand outside the lab and see who goes in, but it is still forbidden for the researcher to share the information with Google.
Disclaimer: Not a human subjects researcher.
Simon's Rock College
By the way, I liked your suggestion that departments should be "running their own PKI." That made me laugh, thanks.
Yes, departments as in plural. A simple set-up would be one Uni to volounteer to run a key server which then use the default used by collaborating Universities. It's really NOT that hard.
Phillip.
Property for sale in Nice, France
Using techniques such as opportunistic SMTP over TLS [wikipedia.org], a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user.
That definitely helps, but on the other hand you don't know all of what happens to email in transit. If I send you an email, I might know that my server is pretty secure, but I don't really know how many servers the mail will be routed though, what the security policies might be on those servers, or even whether they might be compromised. And then I don't know whether you're using encryption for SMTP/IMAP on your client end.
So while I might say you can secure email within your organization pretty well, once it's going over the Internet, email isn't very secure-- not unless you're using something like GPG.
The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
the difference is that they won't have to manage / maintain campus mail servers. they won't have to field support calls related to email problems.
Gmail's fallback HTML mode (for browsers with javascript disabled) runs nicely.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
> Our contract says they give us free service, and explicitly says they do *NOT* mine our emails for anything, ever.
Interesting! Kinda invalidates a lot of the naysayers. Although they'll probably just say it's Google lying.
Why shouldn't we expect them to? Those who handle confidential information are expected to learn how to properly handle it, whether that means "don't leave a briefcase full of sensitive documents unattended" or "don't send same said documents in electronic form unencrypted on the Internet." If you're not concerned with how to handle confidential information, and, well, keep it confidential, you shouldn't be handling it at all. We wouldn't accept "I don't know how to use the snail mail system" for a doctor sending such information on a postcard rather than in a sealed envelope. If you're handling sensitive information, especially your customers' sensitive information, you make damn sure whatever you're planning to do with it will keep it secure. I think doctors who learn complex medical procedures can handle learning how and when to encrypt an email.
To fight the war on terror, stop being afraid.
(Running a PKI)
It's really NOT that hard.
The technical side of running a PKI is not hard at all.
The process side of things - making it auditably secure - is really quite hard. You've got the crown jewels -- the CA private key -- on a server. How do you make that absolutely safe? Bearing in mind that there are corruptible humans in the equation.
Point taken on privacy policies, although getting caught violating it would be a huge PR no-no.
And even if it does just update some stats, the question is which stats?
Google does let you look at what they know about you:
https://www.google.com/dashboard/?hl=en
http://www.google.com/ads/preferences/view
Whoever was quoted on the 12GB storage savings per student was making up information. I would like an explanation of how 2GB email quota per student -- not measured usage -- becomes 12GB of storage; even including tape backups. If this statistic is true, the storage architecture for Yale email has been designed by an incompetent idiot. Explains why Yale has to outsource email.
I can provide you that explanation without compromising my contract; disclaimer, I'm a senior working for Yale ITS. Yale provides 2GB email inboxes, but keeps 7 days worth of daily (I believe midnight) backups. That way when someone goes over their 2GB quota and corrupts their inbox, and loses their mail, they've got 7 days to let us know and we can still restore 95% of their email. Better if our webmail service could simply bounce the excess email rather than corrupting the inbox, but c'est la vie. The 12GB of storage, I'm assuming, is the average; 7 times the average inbox size per student. Uncertain if the number is made up, or was discussed in the one meeting I wasn't present for, but it's a reasonable number either way. I suspect it came from the other meeting, because the people who originally spoke to the news aren't creative or intelligent enough to make it up.
I'm not even sure why people think that the University NEEDS to host students' email accounts any longer. Seriously, it made sense in the 1990s when not everyone even knew what email was. But today? There are better things that schools can do with their resources. Running a multi-tens-of-thousands of accounts email server is NOT trivial, especially if the users are expecting backups and redundancy.
Setting up a vanity forwarding service for students is nice, a good way to allow them to create a filterable identity and give the faculty a known way for communicating with the students. And yes, having a faculty mail service makes a ton of sense for business-critical email as well as protected private communications. But students don't need the mail to actually be hosted locally any more and most probably prefer it not be.
There most certainly isn't a -right- to such services.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
They are providing this service for free
Wrong. Google hosted mail (which I use for my company) is not free. You pay Google to have access to an smtp server that accepts your domain, and have user accounts...
If you don't want Google to be able to see email then encrypt it. You say you are "insane" to send student records over gmail, but why are you not equally "insane" to send it from any other server when it may travel the whole internet to reach a student, or even if the student address is local they are just forwarding to GMail anyway?
There's no issue with email that is not just as much a problem if you have local email servers vs. using Google, only managing email servers is one of the suckier aspects of being an SA and definitely a thing worth strong consideration of outsourcing... if not Google, then someone else.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Sorry, I didn't realize before I posted that in fact the university is getting the service for free (lucky bastards).
The rest of my post stands though, there's no problem with email that isn't a problem no matter who hosts it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'd pretty much agree with this. The trend of University outsourcing is the result of symptoms caused by bad management. As you describe, the management will have become bloated and influenced by consultants with deep conflicts of interest.
At the university where I work, they outsource our Web paystubs. They outsource our W-2s. I mean, how hard is it to write an application that generates W-2s from payroll information? For that matter, why can't the ERP system they paid hundreds of millions of dollars for do those simple things? Such things are incomprehensible and very frustrating to technical professionals.
Nitpick: SMTP with opportunistic TLS is *not* SMTPS. The latter is on port 465 and is like HTTPS where you start encrypted. Opportunistic TLS starts out unencrypted but at some point STARTTLS is issued and the connection switches to encrypted at that point. If not, it continues in the clear. This way, both encrypted and non-encrypted communication are supported over the same socket.
this is my sig
...at least for the arts and sciences college. Like a good Slashdotter, I'm in engineering, which hosts their own mail (we even get a proper mailspool on our Unix home-directory). We have Pine or IMAP, or basically whatever we want.
Meanwhile "they" have Live Hotmail. I feel just terrible for them, and I'm embarrassed we're even doing such a thing.
In short, Yale - it could be worse.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
In tech, the first decade is always free.
One of the things to consider is that Google's service is not available in all countries. Some countries block Gmail. This would be a downside for those international students.
This is happening at my university (University of Colorado), except that we selected Microsoft. Both Microsoft and Google offer this service free of charge. I'm not entirely sure why Microsoft won the contract, but I know that the person in charge of the selection process is actually a big Linux/FOSS fan, so there must have been some compelling reason.
Frankly, it can't happen soon enough. The university is not in the business of running email - they're in the business of providing education. If email services that are higher in quality can be offered for a lower cost, it just makes sense. Privacy, ownership, and other details are dealt through during the negotiating process. As with the power company, the phone company, or the cable company, the university has a binding contract that prevents things like Google/Microsoft unilaterally shutting off service. Additionally, the service will be advertisement free.
FireGPG and others make encrypting webmail easy, and PGP/GPG and SMIME have been integrated into most mail clients for years.
Does FireGPG make it easy to create a public key for my non-technical, non-paranoid friend? Does it make it easy for me to set up his mail client to automatically decrypt mail?
Because he is not going to do that. And without him doing that, there is no decryption. And without decryption it's a waste of my time to encrypt.
So while I might say you can secure email within your organization pretty well, once it's going over the Internet, email isn't very secure-- not unless you're using something like GPG.
Considering this originated in discussing a university's email system, this applies here. You can, if (hypothetically) sending from one @yale.edu address to another @yale.edu address, be certain, as long as the IT staff has done their job enforcing the use of SMTPS/IMAPS/POPS/HTTPS, that the e-mail is secure end-to-end from prying eyes.
With such a setup, you'd only have to trust yourself, the server administrative staff (likely a small number of people), and the person you addressed the e-mail to. All of whom could be, fairly easily, held accountable if something goes badly wrong.
There is nothing as "free", especially on Internet. There is always a hidden cost. I am not saying "Google is evil", I just say nothing is free and one should always consider this before making arrangements.
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
The university that I work at switched from it's own e-mail system to Gmail. You really have to ask who you find more competent and trustworthy, google or your own IT staff. I wasn't at all involved in that switch, don't know how the decision was made, and haven't seen any stats from the university's own e-mail system. Since the migration though, mail service has been down once in about 2 years, while it was more like once every 2 months with the university mail system. I suspect the university's system was also much less secure.
I suppose gmail does represent a much bigger target than "yale-mail."
If sender rewriting works for the university then great - but in most likelihood they need the round the clock support for the mail server, so there's not much cost savings.
If it doesn't work, then the burden is on the recipient, as the SPF rules aren't dictated by the University, but by the originating domain of the sender.
Even Google Apps' business price of $50/user/year compares well to the cost of doing it in-house.
Have you looked at that? It's clearly not exhaustive. There is tons of data from the correlation of my various Google cookies during general web surfing which isn't listed or even vaguely alluded to. The Dashboard page just lists a bunch of things that were always available by going to the respective Google service sites. It takes a smattering of info from each, and puts them together in one place to assuage the sporadically paranoid.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
I'd mod you up if I could. You said it very succinctly.
This is all just my personal opinion.
You can know quite a bit, if you take the time to look.
You can find out how many servers your outbound mail always goes through by sending a message to yourself at an external email address and looking at the headers.
You can find out whether the recipient organisation handles its own email by looking up the MX records and then checking the IPs for each server to see whose address space they're in.
You can find out whether your correspondent is using SMTPS or STARTTLS, and whether there's an unbroken encrypted chain, by looking at the headers of messages you receive from him or her.
About the only thing you can't always find out on your own is whether he/she is using SSL for IMAP. Though if you're familiar with the institution, you could always ask. Or if it's a large organisation with a public web page for mail configuration details, you could try yourself and see if unencrypted IMAP/POP sessions are entertained, and the same for their webmail. If not, then you can probably rest assured on that score too.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
You'd think so, but it doesn't translate to the real world. If you were a large organization with a large, well supported IS staff that had the ability to lock down systems and force good practices then maybe. Otherwise, not so much. I recently asked one of the older docs at my hospital if they had looked at a flow diagram that I had sent as a pdf attachment. He noted that 'he had problems with his email'. Since he had managed to look at one previously, I asked him what the difference was. The answer - his son was home last time.
So I faxed it over.
Faster! Faster! Faster would be better!
Apple Mail on Macs, Thunderbird on Windows and Linux, and Profimail on phones.
Any one of these runs circles around gmail (or any web mail interface) in terms of productivity when dealing with large amounts of mail. And they all support offline use, which is essential for people who don't spend all day sitting at the same desk.
Though I do use Pine on occasion, mainly when suffering from truly bad connectivity, like Cambodian dialup.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
There are issues that need to be considered, and risks that need to be accepted when contemplating a migration over to using Gmail.
1/ a large organisation currently using MS Exchange will most likely end up needing to replace their existing server(s) with potentially more servers in order to go with a gmail solution - especially if a single-sign-on solution is wanted.
2/ internet bandwidth costs will dramatically increase.
3/ there is presently no easy way to walk away from using gmail if a decision is made at a later date to move away from gmail.
Google normally charges $50 per user per year for this service.
If they are giving it away for free, they are getting something that they consider to be worth the same amount.
It could be that they're lying, it could be that they have thought of something that you and I haven't yet, and it could be that the goodwill/marketing angle that you've been pushing is actually worth $1,000,000 per year to them in the case of Yale. Personally, I find that last one very hard to believe. I lean towards "something that you and I haven't yet thought of".
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
Have they never heard of incremental backups?
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
Who said they were using gmail? If you read the article, you will see they are to supply email service and other on-line tools (using their technology). Basically they outsource the service to Google. This can be done without compromising the privacy of the information provided they identify and mitigate the risks adequately. This is nothing new.
Views expressed do not necessarily reflect those of the author.
SUNY Buffalo did the same thing starting this past August. Oh Gods, it broke EVERYTHING. The Law School in particular sends out torrents of daily emails, all of which go to different people, different classes, &c. When we switched to Gmail, every single one of the recipient lists had to be recreated by hand. It took two months. I, for one, wish Yale the best of luck in dealing with the shitstorm they're about to unleash.
I've got users that want to send single images larger than 40MB (and it works with no problems within the company). Then they try to send them to people on accounts that limit them to attachments smaller than 3MB. That's why I still have to use FTP, the stupidity of client companies outsourcing email based on price alone with no regard to details.
Outsourcing email creates problems outside of the control of both parties. We couldn't even get a job offer out to one person for nearly a week since their University email had been outsourced to hotmail and they mucked up some DNS settings and wouldn't fix it for a week (I got it there in time by changing the "hosts" file on my server).
It's problems arising where the square peg of research and business communication is bashed into the round hole of low budget personal email.
(Disclaimer: I work for a large US University, and I work on the team that provides student email, so I think I can speak with authority on this issue)
In the early 90's, students couldn't really have been expected to have an email address, so departments like CS and Math departments set up their own email servers for communication with students and with faculty in other universities. Registrars and student affairs departments wanted other ways to communicate with students, so they created centralized email systems for students. These days, schools are realizing that instead of providing a service to students that they want to use, the "official" school email system goes largely unused by a large population of the students, and a great number of students forward their email to their personal Gmail, Live, or Yahoo accounts, or they only check it at the beginning and end of the semester.
2 years ago, we were one of the first large Universities to outsource our email to Google Apps for Education. We in IT loved it, since it saved us a ton of money that we were going to have to spend to upgrade the student email system from the archaic, home-grown patchwork that was the old system. A lot of students liked it as well, but again, a lot of them forwarded their email to their personal accounts or just don't check it. Surveys of our students overwhelmingly show that students would prefer to just us their "regular" email accounts instead of forwarding, and another survey showed that a significant portion of the professors simply pass around a sheet for student to write their personal email addresses on anyway, or use our Blackboard online course management software to send messages to the class.
In this day and age, it is a pretty safe bet that incoming freshman already have an email account that they use frequently, running an email system is expensive and unpopular with students, and outsourcing has headaches that aren't apparent from the outset (or the outside looking in). We are starting a project to simply allow students to choose their personal email address as their "official" email account and slowly phase out Google Apps (nothing against Google Apps, it's a great service and we love you guys!).
Our CIO put it this way: I already have a joe.smith4324@gooyalivemail.com email address, I don't have a joe.smith@mybank.com email or a joe.smith@theelectricco.com or a joe.smith@myinsurancecompany.com, so why do I need a joe.smith23@my.school.edu???
Incremental backups typically back up any file that has changed since the last backup. With email mailboxes that would usually be all of them, so you end up with an incremental backup about the same size as a full backup.
They have the choice of spending money or restricting the students to fit a backup system probably from a decade ago.
Though I do use Pine on occasion, mainly when suffering from truly bad connectivity, like Cambodian dialup.
Understood! Take a close relation, an agricultural engineer whose interest is irrigation planning in developing countries.
There are whole research groups where work means being as far as can be imagined from a decent water supply, let alone a stable 'net connection. It is entirely against the spirit of academia to optimise for the best connected with the beefiest machines and the least need for privacy, while handing over a chunk of the responsibility for reliable contact in a remote location to a third party.
If students really want GMail, that is hardly a problem: let them spend five minutes setting up such an account, then provide a forwarding mechanism from the university system or even allow a preferred alternative contact address in the event that you do not care to always keep records.
That works fine all the way up until any kind of private information gets sent outside of the organization. Of course, you can assure your users that email within the organization is safe while educating them that email outside the organization isn't safe. Hopefully they'll understand the difference, remember the distinction clearly, and follow whatever guidelines you've set up.
Of course, if you've ever worked a helpdesk position, you probably don't have a lot of faith in normal users' ability to understand the difference, remember distinctions clearly, and follow whatever guidelines their IT staff puts forward.
You can find out how many servers your outbound mail always goes through by sending a message to yourself at an external email address and looking at the headers.
Of course, most of the things you mention could change at any time without you knowing about it. Things like whether your recipient uses SSL for IMAP can vary from user to user-- a user may not configure their client to use SSL even if it's available. You can check to see where their email is going from looking at MX records, yes, but you can't be sure where that email finally gets routed. Email gets routed within organizations and sometimes even outside organizations. Email sent to my gmail address gets routed to another mail service, but you wouldn't know that by looking at MX records.
And ignoring all of those limitations, I'd still wonder if you're actually willing to do such investigations for every email recipient you send to.
Try a half million accounts.
Now deal with a stream of name changes. People get married and want their email changed.
People's accounts get guessed and spam flows out of them, major ISP blocks the school.
Even with clustered servers, there may be single points of failure further along the line (one time power went out, and our central upc failed to connect).
Most email software begins to become stressed in terms of access time once you reach a certain amount of accounts. You often need to modify default install scenarios to less commonly known setups to support greater than average number of user accounts. This requires either very experienced email admins or pricey support contracts with the software makers.
Integration with other systems, mobile devices, etc... is constantly being asked for, and constantly changing. Keeping the UI modern, mobile device support up to date, spam filtration accurate, is much easier for a company that specializes in it.
Just a few things that come to mind off the top of my head.
... it's also vulnerable to MITM. There's no verification of the cert, the servers blindly trust each other.
(Yes it's possible to set up verification, but nobody actually does for external hosts)
Surely Google would lose some big existing or potential accounts if they were caught.
I’m old enough to remember 16K of memory being described as “whopping”
Still a bad policy unless you lock down exactly where you can send ANY email. Do you think any random doc or tech is going to know the implications of sending confidential information to doctorno@spiffyhospital.org vs. doctorno@yahoo.com? Ain't gonna happen.
Does happen. Every single day. Thousands of employees at large institutions. The secret is something called "mandatory compliance training".
My university provided me with a typical student mailbox of 50MB (which was increased to 300MB in 2007). It had a clunky web interface, no filters and no support for IMAP or POP for that matter. So the problem is inevitable, you are out of space all the time.
It wasn't a bigger deal back in undergrad days. But once I joined back as a postgrad, I had to use the official university account frequently to correspond with students, counter-parts, administration and so on (mostly official work). I ended up FWD mail to my gmail, then set up gmail to send on behalf of my university account. Then I managed to access gmail with outllook using IMAP. Things are all good and organized, unless google IMAP runs into some sort of trouble.
But then again, I am wondering who communicates with e-mails these days.. apart from people working in office environments. I know some junior fellas in here who literally don't check their inboxes. They are happy to settle with FB, twitter, IM or text messages. Then I met someone the other day, she finds e-mail so old fashioned and irritating (and she went on complaining how hard it is to concentrate reading long ones and keep track of details.. sounds ADHD to me).
I am not lying here, my university implemented a "results over text message" system and was considering delivering news, event details and other important messages via text, as students don't check their inboxes frequent enough. I don't know, I find it ridiculous nevertheless!
Or using a structure like maildir in which only new/changed messages need to be backed up.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
The process side of [running a PKI] - making it auditably secure - is really quite hard. You've got the crown jewels -- the CA private key -- on a server. How do you make that absolutely safe? Bearing in mind that there are corruptible humans in the equation.
Actually, it's not that hard in practice. You have two keys. The top master key, the trust root, you keep on a normally-powered-down machine in a secured area, and that machine is to have no networking. The main purpose of the master key is to sign the production key, and that you leave in the charge of some techie who is good at being an officious prick. Every organization of any size has a few of those, and in this case their anal-retentive rule following is exactly what you want. Moreover, if they slip up you've still got the master key and can rebuild the whole system of trust without too much work.
If you recognize yourself in that description, I apologize and note that you'd do the job well.
"Little does he know, but there is no 'I' in 'Idiot'!"
You've tossed in the phrase "secured area" as if that in itself isn't a challenge. Who is allowed physical access to the secured area? And the rules that your nominated officious prick follows to the letter, who writes those rules? How do you *demonstrate* that they really are being followed to the letter?
The point is, the root CA private key is as valuable as all the information protected by the PKI. I hope you wouldn't say that keeping, say, diamonds locked up securely was cheap and easy. Yet the private key might well be more valuable.
Mitigation: you can't revoke stolen diamonds the way you can a key
Anti-mitigation: you might be able to steal a key without leaving a trace. If you steal a diamond, someone will notice the missing diamond.
By the way, I'd be terrible at it. "Yeah, I know I shouldn't, but it saves a walk up to the safe if I keep a copy of the private key on this USB stick in my desk".
I work at a medical device company and we frequently send hippa information through email. (I also see lot of people use their paper calenders on their desk for this information and well as postit notes)
It will be a cold day in hell before people start remembering to even lock their desktop when leaving for break / lunch. Hell, my old supervisor would call from lunch and ask people to run over to her unlocked laptop to check her outlook calender.
Unless you're referring to something like the Open University in the United Kingdom (also trying to make the move to GMail, though at least there is some objection), why would you need half a million accounts? If alumni get to keep their address for a while, surely require them to provide a forwarding mailbox?
If it is very difficult to change someone's name in a mail system, you are probably hiring the wrong staff. This is the sort of thing that happens so often that you should have scripted down to being able to type move_mailbox old_address new_address "New Name", or simply parsing the list of name change requests that comes from admin, with a dry run option to make sure it has been interpreted sanely.
Yes, account passwords do get guessed (do you have strong password enforcement?), and if the major ISP can automatically detect spam flowing from your systems, so can you. Looking at it the other way, I am far more likely to see spam from a free e-mail account than a university server with what is probably a compromised account, so it is clear that at least some administrators are doing a fine job.
As for central points of failure, it is good that you have identified one,... now, since lack of power affects the whole university, not just you, I'm assuming the University have dealt with it by having more than one local power alternative (assuming also you cannot afford to process mail across two sites).
E-mail software: did VAXclustering in the '80s, or cloud computing this decade, teach you nothing? Spread your load across cheap machines with (hopefully dynamic) splitting of responsibility for various accounts at different stages if necessary. And if you're surprised that you need to "modify default install scenarios to less commonly known setups", I just don't know what to say except that that's precisely what IT staff are supposed to be competent to do.
Integration? Anything specialist won't be supported by GMail either, and will be far harder to integrate.
Mobile devices? Support IMAP.
"Modern" UI? What does that even mean? If you mean HTML front-ends, there are dozens of open source IMAP front-ends from roundmail to zimbra you can install and keep up-to-date.
Finally, Google's spam filtration was nowhere near as good, when I used it, as the combination of SA tweaked with the training contributions of thousands of users, antivirus and a few sanity checks at the MX (tweakable by admin and users, not at the mercy of Google). The fact is, Google does not "specialise" in mail any more than you do: it is another finger in an ever-increasing number of pies.
In summary:
1. You are more competent, or have the potential to be more competent, than you seem to think you are;
2. Google are able, but not as competent as you seem to be hoping they are;
3. It's your mail - keep a hold of it.
Fascinating "Thread". I typically just read on Slashdot, but I can't help myself here. I consider myself an Internet Security nerd of sorts and I created a website that was meant to give everyone an choice when it comes to secure communications on the Internet. No, I'm not going to make this an advertisment, but I had not even considered medical researchers as potential users. What I created has all of the latest security features (like 2 Factor Authentication) built into an easy-to-use, free web application. My problem is getting people to go to the site. There is a lot of competition in the security space. So, all I'm saying here is that there is at least one free, easy option for protecting PHI. It is HIPAA compliant. It will be free for life for anyone that starts using it this year. If you are really interested, search Google for "private secure encrypted" and you will find the site somewhere on page 1.
they can champagne too
Ok, the Senior Sys Admin plans to quit without warning anyone, has a majority of his 'documentation' in his email folders, deletes all of his email months prior to quitting. Ask Google (nicely) to restore the email to that account on your Google Apps Premier business account, get thrown into lawyer land requiring legal documents to get to their backups of your own data, which may or may not exist (they exist but Google didn't obviously build the proper infrastructure to make it a simple process).
In a normal situation, you'd just pop in a few tapes or mount a few backup locations and run restores of the mail boxes. In this case, you are at their mercy, and have to jump through hoops over the course of months for access to stuff you need NOW.
This is my sig. There are many like it, but this one is mine.
I didn't make up anything. Google is a third party corporation. That is sufficient by itself. It's also got an interest in any data it collects. It doesn't matter at all what Google says they do with the data, nor even what they actually do with it.
Have you heard of SSL? If you're talking to an internal mail server using SSL it's secure. Generally when something gets sent outside it has to be anonymized very carefully anyway, but it happens a lot that you send someone else in the lab or hospital an e-mail with information that shouldn't go outside. Perhaps it's not the best practice, but it happens and it's not insecure so long as you're not using an external mail server.
"You don't send private data over the Internet."
If you're not sending private data to an external mail server you're not sending it over the Internet, are you?
Do you encrypt internal memos? Notes to your boss? Meeting agendas?
No. Because they don't get distributed to the outside.
The sysadmins are vetted just as well as any other employee. Yes, they might end up being a leak but at least they can be held accountable. There's also the issue of how your mail gets to Google. If it stays within your own network it's much more secure than if it goes flitting across the Internet.
"Give me a brake."
You can also decide whether or not to hire sys admins who can't spell.
For now. Any time I see someone using a definite I get nervous. As if the shareholders couldn't change rapidly at some point in the future.
Cool! Amazing Toys.
I almost never encrypt messages. I hardly ever have reason to. If it's really sensitive data like a password change, I do encrypt. Yes, even if it's internal. The odds are pretty good the Exchange server has been compromised, what with it being a Microsoft product and all.
Damping absorbs vibrations. Dampening is caused by moisture.