Forgot your password?
typodupeerror
Communications Education Google Privacy Your Rights Online

Yale Delays Move To Gmail 176

Posted by timothy
from the but-it's-in-the-cloud dept.
Mortimer.CA writes "The Yale Daily News is reporting that the move to Gmail has been postponed. After further consultations with faculty and staff, the concerns raised 'fell into three main categories: problems with "cloud computing" (the transfer of information between virtual servers on the Internet), technological risks and downsides, and ideological issues.' In the latter category, 'Google was not willing to provide ITS with a list of countries to which the University's data could be sent [i.e., replicated], but only a list of about 15 countries to which the data would not be sent.'"
This discussion has been archived. No new comments can be posted.

Yale Delays Move To Gmail

Comments Filter:
  • Know what... (Score:5, Interesting)

    by butterflysrage (1066514) on Wednesday March 31, 2010 @04:14PM (#31692606)

    I would be more than a little interested in that list too...

    • Re:Know what... (Score:5, Informative)

      by sopssa (1498795) * <sopssa@email.com> on Wednesday March 31, 2010 @04:17PM (#31692648) Journal

      It's probably most of the countries. Google has their own highly-redundancy file system that spans thousands of servers and even different datacenters and locations. Even data that is deleted could remain in the system for 9+ months. I think it's highly possible all of the data travels around the world and is stored in several locations.

      • Re:Know what... (Score:5, Informative)

        by bernywork (57298) <bstapleton.gmail@com> on Wednesday March 31, 2010 @04:42PM (#31693062) Journal

        That would be correct, if you look at their BGP advertisements it would figure that Google would have to transit it's own data.

        So if your request for data (YouTube video etc) isn't located in the DC that you connected to, they would have to transit that data across their own links. It would then make sense that they would replicate their own data over those same links during the night on that side of the world when the link is quiet.

        • So if your request for data (YouTube video etc) isn't located in the DC that you connected to, they would have to transit that data across their own links. It would then make sense that they would replicate their own data over those same links during the night on that side of the world when the link is quiet.

          If they're going to replicate it, and the data is traveling across their own network anyway, wouldn't it make more sense to store a copy locally while they're sending it to your browser?

          • by bernywork (57298)

            Yup especially if it's something like an email fragment which you could well re-request.

            If you have enough bandwidth though..... After you have done the request for the data and it's been returned to the client, you would then have to update the master that the data is now stored on another location, which you then have to manage that data in another location. Nope, that doesn't make any sense. The front end would only get the data and that's it. If the master sees that the front end was too far away, it mi

      • Re:Know what... (Score:5, Interesting)

        by commodore64_love (1445365) on Wednesday March 31, 2010 @04:44PM (#31693098) Journal

        So if I'm Dutch and store my downloads from Seventeen in my Google account, and that data makes its way over to the U.S., does that mean I've committed a child porn crime?

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          What's Seventeen in Holland? When I hear that name, I think of an American magazine for teenage girls.

          • Re: (Score:3, Informative)

            When I hear that name, I think of an American magazine for teenage girls.

            It's a Dutch magazine for men who like teenage girls.

            Although, I'd wager that most of the "girls" have been around the track a few times since the last time that they were "teens" . . . or that anyone called them "girls," for that matter.

        • Re:Know what... (Score:5, Interesting)

          by John Hasler (414242) on Wednesday March 31, 2010 @04:53PM (#31693232) Homepage

          > ...does that mean I've committed a child porn crime?

          No, because _you_ have done nothing inside USA jurisdiction. It may mean Google has, though.

          • > ...does that mean I've committed a child porn crime?

            No, because _you_ have done nothing inside USA jurisdiction. It may mean Google has, though.

            Even google's liability may be limited as they can claim common carrier.

            • Re:Know what... (Score:4, Informative)

              by Brett Buck (811747) on Wednesday March 31, 2010 @05:02PM (#31693372)

              They might claim it, but that doesn't make it so.

               

          • by Bogtha (906264)

            > ...does that mean I've committed a child porn crime?

            No, because _you_ have done nothing inside USA jurisdiction.

            Tell that to Gary McKinnon [wikipedia.org] and Dmitry Sklyarov [wikipedia.org].

            • Gary McKinnon was in the UK, arguably 'under USA jurisdiction'. The UK may *claim* to be an independent nation but thats debatable.

              Dmitry Sklyarov was foolish enough to visit the USA, where he was 'under USA jurisdiction' and where he was arrested.

            • by SETIGuy (33768)

              So, what you are claiming in the McKinnon case is... If I'm standing in the U.S. near the Canadian border, and I use my assault rifle to shoot someone standing in Canada, then I haven't committed a crime in Canada, because I haven't crossed the border. And I haven't committed a crime in the U.S. because it's not a crime to discharge a firearm.

              That's very convenient. Somehow I think I would be arrested and extradited very quickly despite this.

              Gary McKinnon allegedly broke into computers in the U.S.

          • Re: (Score:3, Insightful)

            No, because _you_ have done nothing inside USA jurisdiction.

            Country's jurisdiction is over anyone who ever passes through its borders. The fact that action itself takes place outside the borders doesn't matter here - if U.S. law says that something is a crime even when it doesn't happen on U.S. soil, then they can absolutely charge him, and should he ever happen to find himself in U.S. at that moment (or later) - arrest and sentence him.

        • Re: (Score:3, Informative)

          by bernywork (57298)

          IANAL but if you then accessed / distibuted that in the US you could be in trouble. Given that your data wouldn't be re-assembled (And certainly not in your possession) till you accessed it in The Netherlands you should be fine. Aside from plausible deniability and all that.

          Honestly, I would be more worried about the UK:

          http://www.theregister.co.uk/2009/01/24/extreme_pron_law_live/ [theregister.co.uk]

        • Re:Know what... (Score:5, Interesting)

          by QuantumRiff (120817) on Wednesday March 31, 2010 @05:07PM (#31693446)

          I would be more worried about "If I'm Dutch, and doing something at a research lab at my university" whether its corporate funded, military, or maybe medical research with client data included... Would a nosy sheriff of a county with a large, competing university in the US be able to subpoena my emails, since it might be stored in the US servers?

          • by bernywork (57298)

            That one I don't know about, plausibly. I guess at that point of you have to think about your data retention laws and your requirements for keeping that data secure and whether putting it into the cloud is actually the right thing. Perhaps put it into the cloud encrypted?

            While looking for another link earlier, the city of Los Angeles ran into similar problems with their police dept and they didn't move. http://www.msnbc.msn.com/id/31967328/ [msn.com]

            Whether Google is working with them on this one, or whether LAPD is

          • by TubeSteak (669689)

            Would a nosy sheriff of a county with a large, competing university in the US be able to subpoena my emails, since it might be stored in the US servers?

            As you saw with China, Google sets up a Google company for each country.
            While the data might be stored on Google's global network, the nosy sherrif would probably have to subpoena "Google Netherlands"

            If you google for "Google [Country]" you'll see what I mean.
            http://www.google.com/#q=google+france [google.com] is the first one I tried.

        • by cdrguru (88047)

          Post-harmonization, the Dutch laws on child porn are pretty much the same as those in the US. I wouldn't know anything about this, other than getting it from a Dutch child-porn investigator. They are a customer and we talk at trade shows and such.

          I don't think even in the US you are going to have much trouble with pictures of a 17-year-old unless you rub their noses in it. Pictures of a nine-year-old will get you a jail term of an obnoxious length and they will trot out all the other pictures just to hel

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      Why don't any of them mention privacy? Or is that what they are trivializing by calling them "ideological issues"? Why don't they just come out and say the word "privacy" and be done with it?

      I think they forget the notion that i.e. "stealing is wrong" can also be described as "ideological" but it's quite evidently more than some theory. It really is better for everyone when that "ideal" is recognized. Privacy is no different.
      • by Tiger4 (840741)

        Maybe privacy is too generic a term to cover what they actually care about.

        Putting your data on a server, and having the server in remote locations accessible by many other people is routine these days. They certainly can't claim Google is violating their privacy when it is just replicating a practice they already engage in.

        What is privacy in the context of an organization that certainly has multi-person access rules to any bit of data legitimately on the system? The data isn't Private if a dozen people c

    • Re:Know what... (Score:5, Informative)

      by The Angry Mick (632931) on Wednesday March 31, 2010 @04:31PM (#31692910) Homepage

      I was just thinking the same thing. Our law firm is considering GMail as a possible alternative to Outlook/Exchange, and this is one question I know we overlooked. Most of our debate centered around a) loss of control over the data (Federal Discovery Rules), and b) privacy.

      • Re:Know what... (Score:4, Informative)

        by timeOday (582209) on Wednesday March 31, 2010 @04:51PM (#31693186)
        It seems like businesses aren't going to embrace cloud computing until/unless the security issues are solved. Email should be a relatively simple case, since the message content is simply copied from point A to point B and isn't processed in between. If google simply implemented client-side encryption, and opened the source for public scrutiny, it would do a lot to address these concerns. Yes, it would mess with content analysis, spam filtering, etc... but that will simply have to be accepted/paid for.
        • by jim_v2000 (818799)
          Help me out here...how exactly does "client side" encryption interfere with the spam filtering of unencrypted emails that come into the server? It's not like spammers are going to send encrypted spam....no one could read it.
      • Re:Know what... (Score:5, Insightful)

        by Flavio (12072) on Wednesday March 31, 2010 @04:56PM (#31693282) Homepage

        It surprises me that you even discussed the option of having confidential documents stored on a system that makes little guarantees about security or privacy, and that by design distributes your data around the world.

        • Surprises me as well, but the dollars can outweigh the sense when your entire budget is founded on someone else's goodwill.

      • Re: (Score:3, Interesting)

        by terraformer (617565)

        Assuming you are in the US....

        You need better lawyers in that firm. If you were concerned about privacy, you should have realized that the US government has very few privacy protections it must follow for snooping on overseas data. So if you store your stuff in Europe, the US government can get to it without much worry. They may not be able to *use it against you or your clients* in a domestic criminal or civil trial, but they can get access to it with little in the way of liability.

      • Re: (Score:3, Interesting)

        by astrashe (7452)

        Google owns a company called Postini that you can use to archive your email -- they can keep you in compliance with email retention rules.

        Privacy is a big concern. I sort of feel like it's over anyway -- google already knows everything about everyone.

        I found the admin tools to be a little lacking. If A is out of town, and B needs to get into their email, that sort of thing. It's harder to go in and tweak a user's settings for them than it is with our current system (notes).

        • I found the admin tools to be a little lacking.

          Surprisingly enough, this was actually fairly low on the totem pole of requirements. The assumption is that it'll be an administrator's job to create all the accounts and manage the passwords, so getting A into B's mail would be possible. Of course, that puts a lot of eggs into one basket, but that should give you an idea of how badly attorneys DO NOT want to be forced to think about the technology they use.

          I've heard good things about Postini's solution,

      • Re: (Score:3, Interesting)

        by Bronster (13157)

        I should point our sales critter at you! FastMail does very similar things, and has an archival system for businesses needing to retain all emails for discovery purposes.

        We also have very good privacy policies - plus being Australian based but with all the servers in the US, we're very well set up to protect privacy.

        Australian privacy and telecommunications law means we _can't_ comply with US subpoenas, it has to go via a convoluted mutal assistance treaty that ends up going via the Australian Attorney Gen

  • Good for them (Score:3, Insightful)

    by bogaboga (793279) on Wednesday March 31, 2010 @04:25PM (#31692786)

    I would delay the move for aesthetic and functional issues like:

    1: Why can't I simply move from composing an email to the many labels without being warned about losing my work? Yahoo figured this out and so should Gmail.

    2: The interface is still wanting big time. Heck this is 2010!

    3: Though Gmail's search is fast, filtering is still so basic. YahooMail's filter is good. Google can surely do better. When I search for an email from someone, I would like the opportunity to filter further "on the fly"...in real time...say by attachment type if any, subject and so on. Currently the filter functionality does not cut it!

    4: Sorting by sender, subject, time of arrival etc is non existent! This is on a service that prides itself on users never having to delete email! For those with tens of thousands of email, Gmail is mediocre!

    • by Seakip18 (1106315)

      You know, as a side note, I often find myself saying "I figured it'd be better now...it's freakin' 2010!!!"

      Times are a-changin'...just not that quickly.

    • Re: (Score:3, Informative)

      by BobPaul (710574) *

      http://mail.google.com/support/bin/answer.py?hl=en&answer=7190 [google.com]

      If you run a search for "sarah sextapes found" and then realize you have too many e-mails and only one you want has an attachments, go back to the search bar (which still has your filter) and add "has:attachment", then click search again.

      If you want to filter incoming e-mail, add options like "AND has:attachment" to the end of fields your already using. Such as From: "bill AND (has:attachment OR subject:more pr0n)"

      • by bogaboga (793279)

        If you want to filter incoming e-mail, add options like "AND has:attachment" to the end of fields your already using. Such as From: "bill AND (has:attachment OR subject:more pr0n)"

        By the way, I meant filtering search results. Your suggestions work beautifully but the question is...they work for who? For the "power user", yes but for the Joe Six Pack, or my mother, I doubt this approach is more efficient than Yahoo's.

        Who is going to go back and add strings like has:attachment when for YahooMail, these search criteria are already implemented, are available and usable by a click and provide results on the fly? Even better, the has:attachment is further organized by attachment type. Who

    • by Bakkster (1529253)

      4: Sorting by sender, subject, time of arrival etc is non existent! This is on a service that prides itself on users never having to delete email! For those with tens of thousands of email, Gmail is mediocre!

      'From:{sender}', 'subject:{subject}', 'after:{mm/dd/yy}' or 'before:{mm/dd/yy}'. Problem solved?

      • Re: (Score:3, Interesting)

        by bogaboga (793279)

        'From:{sender}', 'subject:{subject}', 'after:{mm/dd/yy}' or 'before:{mm/dd/yy}'. Problem solved?

        No sir/madam!

        By just looking at what you have written, I can conclude that it will not sort! Or will it?

        • by Bakkster (1529253)

          I guess not, although I've never personally missed the feature. While you're right that many common tasks take too long to perform (for me, I want to easily bookmark an 'is:unread in:inbox' search), saying GMail is behind the times ignores its other benefits. For example, I'm to busy enjoying the convenience of threaded conversations, I've rarely ever needed the other searching features.

    • by cpghost (719344)

      Sorting by sender, subject, time of arrival etc is non existent!

      Just use your favorite IMAP client to access GMail. Personally, I use GMail via IMAP too, because GMail's web interface won't display mails in non-proportional fonts, basically ruining any ASCII diagrams I get or send (or I haven't yet figured out how to configure GMail to get rid of those proportional fonts).

      • by vbraga (228124)

        There's a Google Labs feature for that. Just activate it on your user settings.

    • As a Gmail user, let me say this: who cares what the web interface looks like? I have yet to use a web interface that works as well as a desktop app, so I use a desktop app. I rarely, if ever, use Gmails interface.
  • by dave562 (969951) on Wednesday March 31, 2010 @04:36PM (#31692988) Journal

    I was considering a GAPE deployment for a much smaller organization (about 150 users) and ran into real problems finding answers to some questions. In my particular case I was considering a migration off of Exchange. The exact specifics involved were really vague and often times the suggestion was, "Talk to a solutions provider." I went ahead and talked to two of them. When I pressed them for specifics about GAPE replication of Exchange features (Public Folders for example), I got a lot of vague answers along the lines of either, A. "Well, it can kind of do that." or B. "You don't need to do that because the Google way is better."

    The major consideration that turned me away from Google was their support (or seeming complete lack of it). I had a terrible time getting my pre-sales questions answered when I went directly to Google. The "premiere partners" (companies that are trying to make a business based on deploying GAPE for organizations) were just as vague. One of them even admitted to me that they have problems getting answers out of Google about new features, or the status of outstanding issues.

    I am subscribed to a thread on Google's forums that details people's real world problems with Google support.

    http://www.google.com/support/forum/p/Google+Apps/thread?hl=en&tid=384dd0d72db87c6d [google.com]

    Some of the people are obviously idiots who can't read the documentation. The large majority of them have serious problems that are ignored. Just recently someone mentioned that Google quoted them 5 days to recover an accidently deleted mailbox.

    I don't doubt that Google Apps could very well be a great product. The key is that it "could" be a great product. Great products require great support. Great products require a certain ease of implementation and use. As it stands currently, GAPE is more like a beta framework that requires a lot of heavy lifting on the part of an IT department. It is hardly a production ready, polished product that can be sold as a service.

    • Re: (Score:2, Interesting)

      by m93 (684512)
      What you outline here makes me think that Microsoft will have an edge in cloud based email. Say what you will about MS, but they do have tremendous support resources from their company on down to solutions providers. If they are successful in putting exchange in the cloud, it will have a lot to do with them taking advantage of the current old-school knowledge base. I couldn't imagine Google trying to port my company's (complicated but works well) exchange system over to Gmail. It would be a nightmare.
    • Re: (Score:3, Insightful)

      by Sycraft-fu (314770)

      I think the problem is that Google is trying to get in to a new kind of market and they aren't ready for it. They are used to providing free, no tech support kind of services. You access their site and do what you want, but if you can't figure it out, too bad, there's no number to call. Everything is very much a system where they internally decide what to provide, put it out there and see what people do with it.

      Fine for free web services, not fine for businesses. Businesses have specific needs for their ent

    • by drolli (522659)
      Well. When they said: "Google will be always there to answer your questions" i mean, you know hoe that works....
      • It works pretty well! You fire up IE, and type google.com into the url bar. Then if you have any questions, just type them into the web page...
  • Google was not willing to provide ITS with a list of countries to which the University's data could be sent [i.e., replicated], but only a list of about 15 countries to which the data would not be sent.

    Okay, so did ITS compose a list of countries it felt were unacceptable (along with logical reasons for why)? And if so, which countries, specifically, were on ITS' list that weren't on Google's list? Serious, I'd love to know which countries Yale has a beef with that Google doesn't.

    • I'd love to know which countries Yale has a beef with

      I don't "have a beef" with most random people on the street, but if my bank is proposing to distribute bits of my money to them, I'd like to know who they are.

    • The US government decides who's naughty or nice. Google "us export restricted countries" and you will find the list.

      The government usually lets companies, universities and whatever ship products and stuff around the world without much ado. In other words, your company does its own control, and just sends a list at the end of the year to the government and says, "I exported X widgets to Spain. However, your are NOT allowed to ship to the countries "on the list" without special permission. If you are cau

  • If you forced a login with a quick time out for all of those gmail accounts, that's a hell of a lot more secure than storing the documents on your laptop, which can be stolen and broken pretty easily. (These kids aren't going to password protect bootup and encrypt the hard drive. ) If you need an e-mail even if the internet is down, it should probably be in your notes in your word processor anyway. And unless you're not going to use WiFi, you are already sending your data over insecure connections.

    And if yo

  • So, if you use Google for search, you can buy a "Google search appliance" and install it in your machine room and use that to provide your service.

    I really, really want the same thing for Google Apps. The question of whether storing a document in "Google Docs" violates FERPA or something simply doesn't come up if the box is sealed in a room on a private network that you have tight control over. Running our own GMail and Google Calendar server appliances in our machine room just wouldn't make the lawyers n

  • The concerns about the Google cloud need to be weighed against Yale's current system. Every system has vulnerabilities.

    Whatever countries they are worried about, are they sure that people from those countries can't hack into their systems and find what they are after more easily then they can do same for Google's systems?

    What about the danger from someone within Yale's organization (one of the most common threats)? Is that worse with Gmail or with their current system?

  • It would be pathetic if Yale, one of the richest schools, can't spare some fund to maintain its own email system. Tuition there is, what, approaching 40k a year?
  • by anderiv (176875) on Wednesday March 31, 2010 @08:14PM (#31695618)

    We're going through this same conversation at my employer (a higher-ed liberal arts university). This article came up yesterday in my team, and we had a bit of a discussion about it. Here's the email I sent out to the group about the article and Yale's decision. Hopefully this will help to clear up some of the misinformation in the article.

    > Several members of the committee thought ITS had made the decision
    > to move to Gmail too quickly and without University approval, Fischer
    > said.

    Well yah, of course that's going to be a problem.

    > Google stores every piece of data in three centers randomly chosen
    > from the many it operates worldwide in order to guard the company’s
    > ability to recover lost information — but that also makes the data
    > subject to the vagaries of foreign laws and governments"

    Several other schools have fought this fight with Google and have gotten
    them to agree that all of their data will stay in the country.

    > Under the proposed switch, Yale might lose control over its data

    No, No, No. Google makes it very clear to its customers that the data is
    always "owned" by the customer.

    > or could seem to endorse Google corporate policy and the large
    > carbon footprint left by the company’s massive data centers

    For many years, Google has been a pioneer in building efficient, green
    datacenters. I guarantee you that proportionally-speaking, Yale's
    segment of Google's network has a *much* smaller carbon footprint than
    Yale's self-hosted system.

  • by AbRASiON (589899) * on Wednesday March 31, 2010 @08:38PM (#31695868) Journal

    I'm considering doing this for a small business I support.

    It's about 15 users and they currently run exchange, I'm tired of supporting it and frankly too lazy, people keep suggesting google handling the mail.
    I've set up a test domain and used Outlook and Thunderbird to connect to it via IMAP (that's the right way to do it, right?)

    I'm in Australia on ADSL2 links, 20mbit and 16mbit are the 2 I've tested from, the performance seems 'laggy' and I'm curious what the cache implimentation of Outlook 2007 is like?
    I want the users experience to be very close to what they get with exchange or at least comparable.

    The users have huge mailboxes (most of their work is email - a LOT of communications) so they need massive mailboxes - the smallest is 1gb and some of them have them in the 15gb range. (Please, please don't tell me 'you're doing it wrong' or 'users need to be trained to XYZ' - this is how they work, this works for them and helps them get stuff done better, it needs to be this way)
    Now the first major issue, besides the lag on IMAP is the folder limitation google have in place. I can create folders and subfolders and more subfolders but the path depth for the folders is quite shallow compared to an outlook PST. This is due to 'folders' being implimented via tags on gmail :/ Does anyone know a way around this or plans for it to change?
    I agree the users shouldn't have ridiculous folder depth but they really do need fairly extensive folder information
    \name of project\name of company\name of person\ for example is pretty difficult to do via IMAP Gmail :/

    Anyone else have some overall general comments about moving to externally hosted mail with google (or someone else?)

    • I must be missing something. For 15 users, even ones with mailboxes as big as you claim, Exchange is essentially fire and forget. If all 15 of your users are using 15G that's a 225G store size, which is well within the limits for Exchange 2007.

      What are you doing that makes you "tired of supporting it"?

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.

Working...