"Going Google" Exposes Students' Email 244
A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"
Still more secure than most school systems (Score:2, Insightful)
Comment removed (Score:5, Insightful)
Re:Google: Lowering standards for the rest of us (Score:5, Insightful)
The current IT guy is laughing .... it is out of his hands and he cannot do anything about it and everyone knows this ...the person who outsourced it to Google however .....!
Re:methinks he doth protest too much (Score:5, Insightful)
Most people don't keep that on their email accounts...
Most people don't keep that *what* on their email accounts?
Private stuff?
Passwords?
User ids?
$25,000,000 money-making invitations?
Shakespeare quotes?
I know one fact about email which makes it an incredibly important security risk - the 'I forgot my password' link. Log on to a site you think the user uses, click that 'forgot' link, read his new password a few moments later. erm.. profit.
That said, this is google mail we're talking about, the one that bills itself as "store everything on us" we're safe and you'll never lose an email again thanks to our massive storage, indexing and searching facilities. So, for some people email is downloaded immediately and never stored on the server, for many many others, it stays right on the server.
I'd have cancelled the account, the way it was handled is not acceptable, even a free service has reasonable expectations of security. To let it linger for 3 days... that's simply not good enough.
Re:Someone has high demands. (Score:5, Insightful)
I'm sorry, perhaps you missed the part where students could read each others emails.
Microsoft participation is not required in this case.
Re:Someone has high demands. (Score:4, Insightful)
What the FSCK! How lame is your college that it can't run an email system?
When you finally get out you might want to check and see if your diploma is signed.
Re:Someone has high demands. (Score:2, Insightful)
"Why are you diverting a serious matter like this into smearing a company that most likely had nothing to do with it?"
Because Microsoft is running a big campaign in portraying Google as bad. Google is a really hard hit target right now for FUD. The fact that this was a big Microsoft Exchange customer before makes my radar tingle a bit extra for that reason.
"E-mail accounts can contain very sensitive data, ranging from bank papers to personal issues. And especially if people you know get access to this, it makes the problem more serious than ever. "
Yes, and the problem wasnt Google Apps in itself but getting mails out from exchange and into Google Mail to the right account. It was more a migration error than any security problem. Most times the problem with migrations lies in broken accounts in the source system.
"And the fact that it is free doesn't make it more acceptable. It's like saying that someone volunteering for a non-paid job can act whichever way he or she wants just because it's free. No, you still have to follow rules. "
The fact that its free does make it more acceptable. Where talking free market here, not soviet russia.
"Comments like this make me realize why there are so many extremists in this world."
Different view = extremist? Yay for talibans!
Re:3 Days Turnaround (Score:4, Insightful)
Its conveniently devoid of detail regarding the timeline of things. I don't mean to be a google apologist, but the article seems full of conjecture.
11 % of users were affected during a migration. OK it could have been better, but a 3 day turnaround (over a weekend) of an outage during planned maintenance doesn't sound *that* bad to me. Is this still the gmail that you don't pay for btw?
The critical (missing) detail is how quickly did Google turn off access to other people's mail following notification. Yes it may be a contentious decision if it was made without approval, but in areas of privacy it might be a good idea to CYA first ask questions later.
Heated discussions are one thing, being taken to court over Data Protection is quite another.
I'm confused at the reaction from Brown, were they advocating leaving people's data out in the open whilst it was resolved?
Re:They must be kidding (Score:3, Insightful)
Who the hell uses their college e-mail account for anything important unless you're part of the staff? When I was in school I just forwarded my university address to my home account.
Re:Breach of privacy (Score:2, Insightful)
"I'm French and if my personal or professional email were to be made public, that would be one hell of unsatisfactory service."
Well, who do you think would want to read a Frenchman's mail, anyway?
More seriously, what does nationality have to do with privacy issues? You think that maybe a Ugandan needs more privacy than a Russian? Degrees of privacy are scaled from one nationality to another? Had you said something to the effect, "The Iranian government has grown really oppressive, so my mail being made public is a major threat to personal security", then your nationality and/or government might be a factor.
Re:Breach of privacy (Score:3, Insightful)
Re:Still more secure than most school systems (Score:5, Insightful)
Re:The IT manager is praising them (Score:3, Insightful)
Re:3 Days Turnaround (Score:4, Insightful)
Also, have they already arrested/suspended/expelled the students that reported the problem?
Re:Breach of privacy (Score:3, Insightful)
Re:Someone has high demands. (Score:4, Insightful)
It isn't FREE, people.
Google advertises all over the place. They store your mail for an indeterminate period of time.
They link your gmail account cookie to your google account cookie, which is linked to various advertising streams.
Do you think TV is free? Really? Ever heard of commercials?
TV is a deployment method for commercial advertising. It's at breaks (standard commercials). It's during TV shows, with in show spots for products.. such as actors pumping various products. It's at the bottom of the screen, with dancing advertising logos and such, while you watch the show!
This is not free. This is an arrangement between two entities. You watch our shows, and we try to sell you things. Clearly your time has value, you watching has value, and that is why TV is on the air. It isn't on the air to be 'free'.
That is, unless you think that 'free' means 'no hard currency was exchanged'. If you do, then I suppose you help your friends move for 'free', and the beer and pizza after isn't compensation?
Gmail is not different. It isn't free. Google is making a PROFIT on this -- or if not, it will be. It will make money by examining the relationships between people that use gmail. It will make money by examining those relationships, and what you search for on the web. It will make the same money, by looking at those relationships, your financial data (Google finance), the places you search for on Google Maps, the apps you download with Andoird/Gphone, the people you call in your gphone, and on and on and on.
Google has become the largest depository of human interaction. They span more than email and searches. They know who you are in contact with, who you buy from, and the list goes on and on.
Further, they store this information for an indeterminate period of time.
Whether or not you like this, whether or not you approve, it is what you pay for using their service.
Free? Hell no!
Re:Someone has high demands. (Score:1, Insightful)
A few mailboxes (20 out of 200) had the wrong mail migrated into them. We don't even know the source of this problem yet, but the university could very well have TOLD Google to put sally.smith's e-mail into sally.jones' new mail box.
This isn't a google apps security problem. Please RTFA and get off your high horse.
Re:Google: Lowering standards for the rest of us (Score:3, Insightful)
Re:Breach of privacy (Score:1, Insightful)
While you idea does work, I for one think legal and tax codes which incentivizes throwing-away working equipment rather than donating/selling it to someone that can use it indicates some deeper problems with modern society. It's a wasteful misuse of resources and it's causing unnecessary trash. And no, I don't care if it adds a few more dollars per year to some PC manufactures bottom-line. Economies exist to serve their societies, not the other way around!
Re:3 Days Turnaround (Score:5, Insightful)
No offense, but from a privacy perspective there is nothing "less bad" about seeing "just" the contents of old mailboxes.
If I have nude photos, love letters, an email from porn-porn-porn.com, or just something I don't want someone else to read in my old mailboxes, how is someone else being able to see them not horribly bad even if they are over 90 days, (or whatever), old?
Re:3 Days Turnaround (Score:2, Insightful)
Is this still the gmail that you don't pay for btw?
Regardless of whether or not the universities pay for the google mail service, incidents like this should not happen. What would happen if the same Blackberry organization, say, Rogers wireless, mixes up the accounts of executives from different companies?
If in the terms and conditions it states: we may mix up accounts from time to time, if you want this to NOT happen, please pay $20/month - everyone would pay the $20/month then.
These students may have had information about marks, papers, exams, etc, in their emails and I most certainly would rather have my CC number broadcast then my academic information, because at least I can call the CC company and get it cancelled.
Paid for or not, this shouldn't happen.
Re:3 Days Turnaround (Score:3, Insightful)
To my knowledge, Google email support doesn't work on sundays.
For Google's sake I hope that is conjecture on your part and not the reality of the situation. Any organization that is touting their software as "enterprise ready" better have tech support there and ready to take care of problems 24x7x365 for organizations willing to pay for it.
Re:Google: Lowering standards for the rest of us (Score:3, Insightful)
He didn't lose his job, he became less efficient than someone or something else at it.
False. Everything the college has outsourced so far has become a problem. Not having someone onsite will be a bigger one. They are actually settling for less service because they are out of money (in this case, mostly because the administrators get paid very, very well.)