Educause Security Discussion mailing list archives
Re: Gmail for students and IMAP
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Thu, 30 Jul 2009 09:03:48 -0400
I constantly remind people not to put anything in an email that they wouldn't be willing to put on a postcard - that's what encryption is for. At least we make the effort to keep it private, and we really do follow this policy - no one accesses email without GC approval. Take it for what it's worth. Joel --On Thursday, July 30, 2009 8:36 AM -0400 "McClenon, Braden" <mcclenbw () ONEONTA EDU> wrote:
"should be kept as private as possible" and "will not read email unless necessary in the course of their duties" don't give me much reassurance of privacy. Seems like that wording gives a lot of latitude... Brady McClenon Senior Server Administrator SUNY Oneonta 607-436-3203-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Wednesday, July 29, 2009 10:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Gmail for students and IMAP Yes, we do .. the only exceptions are for LE, Subpoenas and if askedtolook for technical reasons (the student thinks something is broken) Policy Text The following lists the acceptable use and security measures that one must exercise when using Columbia University's email. 1. Messages sent and received via Columbia's email system should be kept as private as possible by senders and recipients, as well as by Columbia University Information Technology (CUIT). The University and its email system administrators will not read email unless necessary in the course of their duties (e.g., including investigation, inappropriate contents or as directed by Office of the General Counsel, and will release email as required byanexecuted subpoena valid in the State of New York). ...<http://www.columbia.edu/cu/administration/policylibrary/policies/cuit/00bb9c6718c92f6e011933c4b6b30008.html?base=category> Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Thursday, July 30, 2009 1:38 AM +0000 "James M. Dutcher - AssocofIS/IT & CIO" <james.dutcher () sunyorange edu> wrote: > On a related note...especially for schools who host their email internally...does your school have as part of its policies, to ensure that all email > correspondence is kept private? Not subject to inspection? > > (I think that I'm stirring the pot now...my apologies, but amcuriousto know what other security folk think of this in terms of their student, faculty and > employee expectations as well as how you all address this with them) > > > James M. Dutcher - Assoc.VP IS/IT & CIO - SUNY Orange > > -----Original Message----- > From: "James M. Dutcher - Assoc of IS/IT & CIO" <james.dutcher () sunyorange edu> > > Date: Thu, 30 Jul 2009 01:27:43 > To: The EDUCAUSE Security Constituent Group Listserv<SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Gmail for students and IMAP > > > Ummmm...I believe I mentioned that....you cut off my email after the "(but" in your reply > > Regardless if email is internally or externally hosted, it is always subject to inspection (both with/without permission). > > I know of a good many higher ed orgs where they host emailinternallyAND the primary email sys admin habitually inspects their co-workers and managers > emails.....and why do they do this....because they can.... > > Jim > James M. Dutcher - Assoc.VP IS/IT & CIO - SUNY Orange > > -----Original Message----- > From: John Kristoff <jtk () DEPAUL EDU> > > Date: Wed, 29 Jul 2009 20:19:32 > To: <SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Gmail for students and IMAP > > > On Wed, Jul 29, 2009 at 10:13:40AM -0400, James M. Dutcher - Assoc. VP IS/IT & CIO wrote: >> Our Gmail setup is as such there is no advertising, hence no snooping (but > > There is most certianly snooping going on, you should bank on that. > This isn't the first R&E IT response that insinuates that because > Google doesn't resell addresses, share with third parties and apply > targetted advertising everything must be A-OK. Maybe, maybe not. > > Google uses all that email. They may not use it for direct advertising, > but they use it. Search for: > > Google reserves the right, but shall have no obligation, to > > You'll find a few policies including one for Google Mail thatapplies> to the student email outsourced to Google in my experience. Pay > particular attention to where it says: > > "pre-screen, flag, filter, refuse, modify or move" > > You'll also find this: > > "Google maintains and processes your Gmail account and itscontents> to provide the Gmail service to you and to improve our services" > > Its automated and perhaps even innocuous taken one user at a time, but > consider why Google and these other providers provide this service for > free. Why would they do that? There are all sorts of ways to build > a business around this flow of meta data and the email content that does > not result in direct marketing and advertising. > > Should you worry? I don't know. You might be worried that someone > at Google can potentially look at all this stuff. You might be > worried that Google could get owned. You might be worried that policies > and/or ownership could change without warning. You might just be > paranoid. > > Should you use them anyway? Maybe, but I would recommend you give > people an opt-out. I'd be curious if its written into youragreement> that you can't do that. Can people say whether or not this is in their > agreements? I've been told by two institutions you can't opt outof> theirs so I'm curious if thats them being lazy, annoyed with me orif> its part of the agreement. > > Finally you should realize that they are getting a much better deal > than you are in the long run. They absolutely *love* that you're > letting them do this for free. > > John Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Re: Gmail for students and IMAP, (continued)
- Re: Gmail for students and IMAP John Kristoff (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Mike Porter (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 29)
- Re: Gmail for students and IMAP Cal Frye (Jul 29)
- Re: Gmail for students and IMAP Michael Sinatra (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 30)
- Re: Gmail for students and IMAP Willis Marti (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 30)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 30)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Michael Sinatra (Jul 30)
- Re: Gmail for students and IMAP Theresa Rowe (Aug 05)