2013


bMail: Berkeley’s B-minus idea

By Chris Jay Hoofnagle

http://www.dailycal.org/2013/03/19/bmail-berkeley/

Should you care that the university outsourced student and faculty email service to Google? Perhaps you should not. Vendors can provide many services to campus efficiently, perhaps even better than our own employees can.

CalMail appeared to be one of those poorly performing campus services best handled by a vendor. It had a funky Web interface, it had outages and it was not well integrated with other applications, such as a calendar service. And many other schools have outsourced their information technology services to Google and Microsoft.

But if we think about this more deeply, we might conclude the opposite: Communications and information services are so critical to academic freedom that trusting them with an outside vendor can be problematic.

When one enjoys something as precious as academic freedom and the research insights we create or owes duties to others, one cannot just slouch toward the most convenient. I could leave the door to my office and file cabinets open, because bothering with locks and the like is inconvenient. I could consult with my colleagues about student issues over Facebook. But my convenience would impose a cost on others.

Consider how important your email is. UC Berkeley is the premier public research institution. Our faculty and students perform important research, some of which is classified, controversial or subject to spying by companies or nation-state actors. There is a long history of outside meddling with faculty and student freedoms; now that so much of our speech is mediated electronically, these freedoms can be disrupted whenever the confidentiality, availability or integrity of email is affected. And finally, faculty email routinely contains communications with students about their progress, foibles and other sensitive information, including information protected by specific privacy laws, such as the Family Educational Rights and Privacy Act. We have both legal and ethical duties to protect this information.

CalMail may have been dowdy, but it did offer real advantages. If law enforcement wanted access to student or faculty email, it had to make requests to university counsel. Our lawyers are very good — they could work almost anywhere they want — but they work here because they care about this school and protecting students.  Similarly, our information technology professionals care deeply about the university’s privacy norms and mission.

Cloud service providers such as Google, however, may be far less likely to be familiar with our specific duties, norms and protocols or to have in place procedures to implement them. Outsource providers may be motivated to provide services that they can develop and serve “at scale” and that do not require special protocols.

We should also think carefully about Google’s incentives to provide “free” services to universities. The first-order analysis suggests that Google simply wanted more users.  Providing service to campuses was a way to attract more eyeballs.

But this makes little sense.  Our contract with Google is not our contract with Pepsi — people actually want Google. In fact, one campus justification for bMail was that so many students were already forwarding their CalMail accounts to Gmail.

A better explanation is data analysis: Google’s interest in deriving knowledge from the emails and documents we generate and from the connections with make with other people.

It is rumored that some campuses understood this risk and negotiated a “no data-mining clause.”  This would guarantee that Google would not use techniques to infer knowledge about users’ relationships with others or the content of messages.  Despite our special responsibilities to students to protect their information and our research and other requirements, we lack this guarantee.

I say “rumored” because we do not know whether other campuses have this anti-data-mining agreement.  Google, that bastion of free speech values, put a gag clause in its contracts with institutions.  This made it difficult for our IT professionals to learn from other campuses about the nuances of outsourcing to Google.  As a result, much of what we know about how other campuses protected the privacy of their students and faculty is rumor that cannot be invoked, as it implicitly violates the gag clause.

We should also consider the risks inherent in our outsourcing process.  Both companies the campus considered for outsourcing, Google and Microsoft, are under 20-year consent decrees with the Federal Trade Commission for engaging in deceptive practices surrounding privacy and/or security.  Google in particular, with its maximum transparency ideology, does not seem to have a corporate culture that appreciates the special context of professional secrecy. The company is not only a fountainhead of privacy gaffes but also benefits from shaping users’ activities toward greater disclosure.  Google presents itself as a positive force, but some of its means and goals are illiberal and technocratic.

We have to be smarter about the perverse incentives vendors may have.  Google has strong incentives that run counter to the enlightenment values embedded in the university’s mission because each quarter, it is advertisers, not users, that write Google a check. Google makes design decisions to maximize tracking and sharing of data with advertisers, even where effective, privacy-friendly alternatives exist.

As the expiration date of the systemwide Google contract approaches in June 2015, we should rethink how we have entrusted our email and documents to a data-mining company.  As an email provider, Google appears to be free, but we may find that we end up paying for it in other ways. 3/19/2013