[unisog] Gmail for the University

gentuxx gentuxx at gmail.com
Mon Feb 27 18:08:36 GMT 2006

Hash: SHA1

If I may, I tend to be rather apprehensive about posting here, but I
think something needs to be said.

Eric Hoelzle wrote:

>On 2/24/06, Isac Balder <piis8 at yahoo.com> wrote:
>>For a big university, the thought would never cross my
>>mind. The assumption here is that you typically have
>>a full staff (okay you never have a "FULL" staff
>>but...) and are more than capable of controlling your
>>own destiny.
>>A small local university, If it saves money, and
>>stress. And allows for the easy use of mail
>>encryption (pgp or other wise) for those sensitive
>>bits, sure.
>>as for the privay issue. email is not private, it's
>>clear text.
>Not sure about this one. Privacy and encryption are not analogous in
>my view of things.

I can agree that privacy and encryption are not necessarily
analogous.  However, I would propose that encryption is a
technological means of ensuring privacy, and that "privacy" is of a
much larger scope, encompassing encryption (technology), policy,
regulation, etc.

>I consider (expect) email to be private (secure) once it hits a
>message store. I also expect whomever runs that message store to
>prevent unauthorized access to my data...this may or may not require

First of all, "expecting" email to be private once it hits the message
store is acceptable, albeit a bit naïve IMHO.  At any given point in
time, from source to destination, that email can be copied and
archived, which by no means ensures privacy.  This is also, obviously,
dependent upon who controls that message store.

>The privacy issue, for me anyway, is more about whether (and how)
>Google/MS/Yahoo/etc is going to control access to my data once it
>resides on their servers.

This is perfectly understandable, and is definitely a part of what
would need to be considered.  However, precedents are being set - both
good and bad.

>FWIW, if I wanted to get ahold of someone's data, sniffing it off a
>wire would be my vector of last resort.

I think you have too much faith in "the enemy".  ;-)

>Just my 2 pennies. :-)
I would generally agree with the first two concurrances.  A larger
university should have the means to manage it's own mail system(s).  A
smaller university or college may consider Gmail "outsourcing", and
find it a cheaper solution - and useful.  It would behoove the
organization(s) considering it, to also consider an end-to-end
encryption technology, as well as, a supporting policy.  This, of
course, depends upon the consumers of the outsourced mail service.
Students' use may allow a more flexible policy, while faculty/staff
communications would strictly require encryption.  If the data stored
on Google's servers is encrypted, any information they may or may not
release would be of little value.

As far as the targeted advertising, use a pop3 mail client, and you
can avoid it altogether.

- --
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
Version: GnuPG v1.4.2.1 (GNU/Linux)


More information about the unisog mailing list