Educause Security Discussion mailing list archives
Re: Gmail for students and IMAP
From: "McClenon, Braden" <mcclenbw () ONEONTA EDU>
Date: Thu, 30 Jul 2009 14:47:04 -0400
I agree, but when a corporate provider tries to not paint themselves in that corner we assume those shady characters are up to no good and are using their fancy lawyer speak to trick us all in to a false sense of security/privacy. They may very well be too... :) Plus, "while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service" is a bit more elaborate than "in the course of their duties". Unless of course there is a another document outlining those duties which can be referenced. I just think when drafting such a policy you have to step back look at it in the same paranoid none-trusting manner we look at corporate EULAs and policy statements. We shouldn't assume good will is always on our side. Brady McClenon Senior Server Administrator SUNY Oneonta 607-436-3203
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Thursday, July 30, 2009 1:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Gmail for students and IMAP On Thu, 30 Jul 2009 08:36:41 EDT, "McClenon, Braden" said:"should be kept as private as possible" and "will not read email unless necessary in the course of their duties" don't give me much reassurance of privacy. Seems like that wording gives a lot oflatitude... To: All-user Subject: Repeated email crashes I'm sorry, we have a user's piece of mail that keeps crashing our mail server, but we can't do anything about it because we promised we'd never read your mail, no matter what. So we'll have to deal with repeated crashes till that user does something about that e-mail,
since
we can't identify it for certain without reading it. The Mail Sysadmin You *don't* want to policy yourself into a situation like that - which is why even the federal wiretap and ECPA statutes specifically say
that
service providers are allowed to look if needed: 18 USC 2511 (2)(a)(i): (i) It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire
or
electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service
quality
control checks. You *really* want to make sure you retain the right to deal with e- mails that hose up your server. Trust me on this one. ;) Our local stance: we don't guarantee privacy, but we *do* guarantee confidentiality (unless legal considerations force us to do
otherwise).
Current thread:
- Re: Gmail for students and IMAP, (continued)
- Re: Gmail for students and IMAP Cal Frye (Jul 29)
- Re: Gmail for students and IMAP Michael Sinatra (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 30)
- Re: Gmail for students and IMAP Willis Marti (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 30)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 30)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 30)
- Re: Gmail for students and IMAP McClenon, Braden (Jul 30)
- Re: Gmail for students and IMAP Michael Sinatra (Jul 30)
- Re: Gmail for students and IMAP Theresa Rowe (Aug 05)