At an increasing number of colleges nationwide, the traditional model for student e-mail services featuring on-campus data centers and clunky user interfaces is out. In its place, education institutions are gravitating toward "cloud-based" e-mail offerings that are less expensive to implement, more user-friendly, and more feature-rich than conventional services. In one example, students using Google Apps for Education can send correspondence to professors, chat with their friends, share and collaborate on projects and presentations, and even organize student groups all via a single set of online services.
Trusting the judgment of their institutions, most students and faculty assume that their cloud-based e-mail and related
online services are secure, and that information shared in those forums is safe. Unfortunately, recent events have raised serious questions about the privacy protections that some cloud-based companies are actually providing to educational institutions. Until such questions are resolved, something as seemingly familiar as e-mail could become a major new headache for administrators.
When consumers sign up for Google services, they knowingly agree to an expansive set of terms and conditions that gives the company broad discretion to use their online information for secondary purposes, such as serving targeted advertisements. This recent change could mean even less privacy for the personal information users maintain online.
Though some universities, including Harvard, actively discourage students from using their student accounts to transmit personally identifiable or confidential information, students can and do transmit such information on a regular basis. Professors routinely notify students of their grades on individual assignments via e-mail, and students may receive preliminary notice of disciplinary measures via their accounts. University administrators should demand transparency into provider data-mining practices, whether Google's or another company's, and inspect how providers make user data anonymous; how student data and metadata is used; and how long providers maintain records of individual's searches.
For colleges using Google Apps for Education, the answers to these questions matter. Without additional contractual stipulations, university and college-based users may find themselves just as vulnerable as the average consumer. The traditional e-mail model may be a dying breed within academe, but administrators should evaluate whether any cloud-based e-mail system that applies these policies is truly a fit with privacy protections befitting users at institutions of higher education.