ٺƵ

OPEN FORUM: Proposed Gmail service raises privacy issues

The proposal to put faculty and staff e-mail on Gmail is ill-considered.

The faculty letter (Committee on Information Technology, Dec. 10, 2009) brought up important points about security and privacy if we use Gmail. The administration’s reply (Frequently Asked Privacy and Security Questions, Jan. 5, 2010) confounds some distinct issues.

The reply emphasizes hacking, but there are two threats to privacy — intrusions by hackers, and data mining by Google. Requiring Google to provide the same level of security as it provides its own confidential communications might protect against some hackers, but it does not protect us against Google itself.

Even if Google agrees not to use individually identifiable information in its data mining, that is no guarantee of security. There have been cases where supposedly anonymized information has been “de- anonymized.”

When ٺƵ negotiates with Google over terms of service, how clever will ٺƵ’ negotiators be? Will they be able to foresee and block whatever innovative abuses Google may come up with in the future?

The reply emphasizes high-security information about student grades and the like. But there is a lot of lower-security information that needs to be kept private. The primary example is requests for review from journals and funding agencies.

‘Problems are irreversible’

The requests are invariably made by e-mail. What happens to anonymous review when a Google search for the title of the manuscript or grant turns up the names of the reviewers, or those who were asked to review it?

All of these problems are irreversible. If confidential information gets on the Internet, it will be there, somewhere, permanently. (In the case of social media, “there’s a permanence that people don’t understand.” Dateline, “Anti-Social Media,” Feb. 12, 2010).

As the faculty letter states, once we outsource e-mail, the expertise and equipment will be gone and re-establishing in-house service will be difficult, especially given the budget situation.

Furthermore, the administration’s reply sounds like a disingenuous attempt to blame us for security breaches. It is our fault for not encrypting material, not the university’s fault for providing an insecure environment.

ٺƵ has not proved itself to be trustworthy on matters of e-confidentiality. Recall the time ٺƵ shipped off all our W2 information to a vendor so we could download it electronically. Fine if we had opted in, but we hadn’t been consulted. I’ve received e-mailings from the alumni association stating that I have been opted in. ٺƵ doesn’t seem to realize that the verb “opt in” does not have a passive form.

What is ٺƵ going to opt us into this time?

Michael J. Saxton is a research associate in the Department of Biochemistry and Molecular Medicine.

Media Resources

Clifton B. Parker, Dateline, (530) 752-1932, cparker@ucdavis.edu

Primary Category

Tags