Re: Gmail for students and IMAP

["McClenon, Braden" <mcclenbw () ONEONTA EDU>]

I agree, but when a corporate provider tries to not paint themselves in
that corner we assume those shady characters are up to no good and are
using their fancy lawyer speak to trick us all in to a false sense of
security/privacy.  They may very well be too...  :)

Plus, "while engaged in any activity which is a necessary incident to
the rendition of his service or to the protection of the rights or
property of the provider of that service" is a bit more elaborate than
"in the course of their duties". Unless of course there is a another
document outlining those duties which can be referenced.

I just think when drafting such a policy you have to step back look at
it in the same paranoid none-trusting manner we look at corporate EULAs
and policy statements.  We shouldn't assume good will is always on our
side.

Brady McClenon
Senior Server Administrator
SUNY Oneonta
607-436-3203



> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
> Sent: Thursday, July 30, 2009 1:36 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Gmail for students and IMAP
>
> On Thu, 30 Jul 2009 08:36:41 EDT, "McClenon, Braden" said:
> > "should be kept as private as possible" and "will not read email
> > unless necessary in the course of their duties" don't give me much
> > reassurance of privacy.  Seems like that wording gives a lot of
> latitude...
>
> To: All-user
> Subject: Repeated email crashes
>
> I'm sorry, we have a user's piece of mail that keeps crashing our mail
> server, but we can't do anything about it because we promised we'd
> never read your mail, no matter what. So we'll have to deal with
> repeated crashes till that user does something about that e-mail,
since
> we can't identify it for certain without reading it.
>               The Mail Sysadmin
>
> You *don't* want to policy yourself into a situation like that - which
> is why even the federal wiretap and ECPA statutes specifically say
that
> service providers are allowed to look if needed:
>
> 18 USC 2511 (2)(a)(i):
> (i) It shall not be unlawful under this chapter for an operator of a
> switchboard, or an officer, employee, or agent of a provider of wire
or
> electronic communication service, whose facilities are used in the
> transmission of a wire or electronic communication, to intercept,
> disclose, or use that communication in the normal course of his
> employment while engaged in any activity which is a necessary incident
> to the rendition of his service or to the protection of the rights or
> property of the provider of that service, except that a provider of
> wire communication service to the public shall not utilize service
> observing or random monitoring except for mechanical or service
quality
> control checks.
>
> You *really* want to make sure you retain the right to deal with e-
> mails that hose up your server. Trust me on this one. ;)
>
> Our local stance: we don't guarantee privacy, but we *do* guarantee
> confidentiality (unless legal considerations force us to do
otherwise).