Re: Gmail for students and IMAP

["James M. Dutcher - Assoc of IS/IT & CIO" <james.dutcher () SUNYORANGE EDU>]

Ummmm...I believe I mentioned that....you cut off my email after the "(but" in your reply

Regardless if email is internally or externally hosted, it is always subject to inspection (both with/without 
permission). 

I know of a good many higher ed orgs where they host email internally AND the primary email sys admin habitually 
inspects their co-workers and managers emails.....and why do they do this....because they can....

Jim
James M. Dutcher - Assoc.VP IS/IT & CIO - SUNY Orange

-----Original Message-----
From:         John Kristoff <jtk () DEPAUL EDU>

Date:         Wed, 29 Jul 2009 20:19:32 
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Gmail for students and IMAP


On Wed, Jul 29, 2009 at 10:13:40AM -0400, James M. Dutcher - Assoc. VP IS/IT & CIO wrote:
> Our Gmail setup is as such there is no advertising, hence no snooping (but

There is most certianly snooping going on, you should bank on that.
This isn't the first R&E IT response that insinuates that because
Google doesn't resell addresses, share with third parties and apply
targetted advertising everything must be A-OK.  Maybe, maybe not.

Google uses all that email.  They may not use it for direct advertising,
but they use it.  Search for:

  Google reserves the right, but shall have no obligation, to

You'll find a few policies including one for Google Mail that applies
to the student email outsourced to Google in my experience.  Pay
particular attention to where it says:

  "pre-screen, flag, filter, refuse, modify or move"

You'll also find this:

  "Google maintains and processes your Gmail account and its contents
  to provide the Gmail service to you and to improve our services"

Its automated and perhaps even innocuous taken one user at a time, but
consider why Google and these other providers provide this service for
free.  Why would they do that?  There are all sorts of ways to build
a business around this flow of meta data and the email content that does
not result in direct marketing and advertising.

Should you worry?  I don't know.  You might be worried that someone
at Google can potentially look at all this stuff.  You might be
worried that Google could get owned.  You might be worried that policies
and/or ownership could change without warning.  You might just be
paranoid.

Should you use them anyway?  Maybe, but I would recommend you give
people an opt-out.  I'd be curious if its written into your agreement
that you can't do that.  Can people say whether or not this is in their
agreements?   I've been told by two institutions you can't opt out of
theirs so I'm curious if thats them being lazy, annoyed with me or if
its part of the agreement.

Finally you should realize that they are getting a much better deal
than you are in the long run.  They absolutely *love* that you're
letting them do this for free.

John