«  Google shareholders want company to codify human rights principles; Google opposes the move Main " ... they keep pulling me back."  »


Patriot Act haunts Google service


From Monday's Globe and Mail

March 24, 2008 at 4:05 AM EDT

Google Inc. is a year into its ground-shifting strategy to change the way people communicate and work.

But the initiative to reinvent the way that people use software is running headlong into another new phenomenon of the information technology age: the unprecedented powers of security officials in the United States to conduct surveillance on communications.

Eighteen months ago, Lakehead University in Thunder Bay, Ont., had an outdated computer system that was crashing daily and in desperate need of an overhaul. A new installation would have cost more than $1-million and taken months to implement. Google's service, however, took just 30 days to set up, didn't cost the university a penny and gave nearly 8,000 students and faculty leading-edge software, said Michael Pawlowski, Lakehead's vice-president of administration and finance.

U.S.-based Google spotlighted the university as one of the first to adopt its software model of the future, and today Mr. Pawlowski boasts the move was the right thing for Lakehead, saving it hundreds of thousands of dollars in annual operating costs. But he notes one trade-off: The faculty was told not to transmit any private data over the system, including student marks.

The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada's privacy laws, which require organizations to protect private information and inform individuals when their data has been shared.

At Lakehead, the deal with Google sparked a backlash. "The [university] did this on the cheap. By getting this free from Google, they gave away our rights," said Tom Puk, past president of Lakehead's faculty association, which filed a grievance against Lakehead administration that's still in arbitration.

Professors say the Google deal broke terms of their collective agreement that guarantees members the right to private communications. Mr. Puk says teachers want an in-house system that doesn't let third parties see their e-mails.

Some other organizations are banning Google's innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.

"You have to decide which law you are going to break," said Darren Meister, associate professor of information systems at the Richard Ivey School of Business, who specializes in how technology enhances organizational effectiveness. "If I were a business manager, I would want to be very careful about what kind of data I made accessible to U.S. law enforcement."

Using their new powers under the Patriot Act, U.S. intelligence officials can scan documents, pick out certain words and create profiles of the authors - a frightening challenge to academic freedom, Mr. Puk said.

For instance, a Lakehead researcher with a Middle Eastern name, researching anthrax or nuclear energy, might find himself denied entry to the United States without ever knowing why. "You would have no idea what they are up to with your information until, perhaps, it is too late," Mr. Puk said. "We don't want to be subject to laws of the Patriot Act."

Google's free Web tools are advertising-based and they automatically extract information from personal content to build a profile for advertisers. Lakehead professors also object to this feature, although Mr. Puk says Google has refrained from attaching ads until the grievance is settled.

The privacy issue goes far beyond academia. In Toronto, at SickKids Foundation, which has the largest endowment of any Canadian hospital, employees have been keen to use Google tools. But the foundation's IT department blocked access for two reasons.

"Wherever possible, we keep our donor and patient records in Canada, as trying to enforce privacy laws in other jurisdictions is complex and expensive," said Chris Woodill, director of IT and new media at SickKids Foundation. Second, free hosted software offers limited support and no formal legal contract, limiting an organization's ability to demand additional privacy or security measures, he said.

Google says it has a strong track record in regard to protecting customers' data. The firm cites a court case it fought in 2006 against attempts by the U.S. Justice Department to subpoena customer search records. "We will continue to be strong advocates on behalf of protecting our users' data," said Peter Fleischer, Google's global privacy counsel.

But the Mountain View, Calif.-based company will not discuss how often government agencies demand access to its customers' information or whether content on its new Web-based collaborative tools has been the subject of any reviews under the Patriot Act.

Montreal security strategist Jeffrey Posluns says Google's software suite may suit some small businesses because cost savings are significant. But he warns that the deciding factor should be the sensitivity of the organization's information.

My university is about to shift all its email service over to Google and Microsoft ("both kinds -- Country AND Western"). I wonder if the administrators thought this issue through. However, this story is written for, by, and about Canadians. I wonder if any US-based server is a problem. Google has been aggressive at getting universities and companies to let it host all their data. But isn't this a more general problem that could impede commerce (at least) pretty substantially? Are we likely to see a "race to the bottom" in privacy protection now that Google's business interests are in line with US security policy?

UPDATE: I cracks me up how Google officials keep barking out the same "privacy is important to us" language every time a new challenge comes up. And what's the deal with citing Google's laudable albeit futile attempt to stare down the US Justice Department's demand for a record of search terms? This had nothing to do with privacy, as it had nothing to do with any person's searches. The whole event said more about the stupidity of the Justice Department lawyers (trying to prove that Web users really really really like porn) than the courage of Google.

Anyway, the more I read about this Canadian GMail controversy, the less of a problem I think it is. Am I missing something?

Here is the Chronicle of Higher Education story on the same issue:

The Chronicle of Higher Education http://chronicle.com/daily/2008/03/2259n.htm

Today's News

Thursday, March 27, 2008

Google E-Mail Service Inspires Fears of U.S. Spying Among Canadian Faculty Members


Like many institutions, Lakehead University, in Thunder Bay, Ontario, has outsourced its e-mail service to Google via Google Apps Education Edition. But unlike such moves at other universities, this one has generated a strong backlash from the faculty.

This week an arbitrator has convened a hearing to consider a grievance the faculty association filed against the university because professors fear that e-mail outsourced to a U.S.-based company will be monitored by U.S. intelligence agencies.

The concerns stem from the USA Patriot Act, passed in 2001, which extended U.S. government agencies' power to pry into private information stored on U.S. computers.

James L. Turk, executive director of the Canadian Association of University Teachers, which has taken up the case for Lakehead's faculty association, said there are widespread concerns that e-mail handled across the border—Google is based in Mountain View, Calif.—will be opened by agencies such as the FBI or the CIA (The Chronicle, September 14, 2007).

"Faculty use e-mail all the time to share ideas," he said. "Now, with Google handling e-mail, everyone has to be mindful of the fact that anything they write may be scrutinized by security agencies in the United States. It imposes a serious concern about academic freedom."

Lakehead University started using Google's e-mail service in September 2006 to replace its aging in-house system, which was running short on storage space. The switch was accomplished free of charge and saved the university over $1-million that it would have otherwise spent upgrading its system. Faculty members were concerned about privacy issues at the time and objected. They were not satisfied with the administration's response and have continued to press their complaint over time, escalating it to the arbitration level it has reached today.

Not a Required Tool

Michael K. Pawlowski, vice president of administration and finance, said that concerns about using Google are misplaced, because it is not mandatory. "It's a tool, and people decide what they want to use," he said. Faculty have the option of using the university's course-content system, WebCT, to communicate or opening a personal account with another e-mail service altogether.

In addition, he said, university policy prohibits faculty from sending confidential information, such as grades, over e-mail, so sensitive information should not be in e-mail to begin with.

But, Mr. Turk argued, "that's sort of a disingenuous position." Opting out of the Google e-mail system could isolate a faculty member from important correspondence, he said, because of the inconvenience of pointing colleagues to an alternative e-mail address that does not use the standard university suffix. In addition, WebCT is solely for internal communication and can't be used to send messages outside the university.

Steven J. McDonald, general counsel at the Rhode Island School of Design, said that however unlikely it is that American agencies would spy on college e-mail messages, the concerns of Lakehead faculty members could have some merit.

"There are a variety of ways the federal government can access information housed in the U.S." he said. "A lot of that depends on the circumstances."

Mr. McDonald said that the law is rather murky. The Patriot Act expanded the investigative powers of federal agencies so that in certain situations, private records such as e-mail messages might be accessed without notification. Yet because the law did not specify the nature of those situations, he said, the exact circumstances that permit such access are still being hashed out in court.

But in general, Mr. McDonald noted, no information sent in an electronic format is ever completely secure, particularly when it crosses a national border. "The minute you put it in the hands of someone else in another country, it becomes subject to the laws of that country," he said.

The arbitration hearing at Lakehead is expected to conclude next week, leaving the arbitrator to make a decision sometime this summer, Mr. Pawlowski said. The complaint could be dismissed, or the university could be directed to maintain an in-house e-mail system on Canadian servers.


Comments (1)

For many Canadian university libraries, any US-based server is a problem for the reasons outlined in the article. I'm peripherally involved in providing electronic books to Canadian libraries, and the libraries are adamant that they want the content hosted on Canadian-based and Canadian-controlled servers.

I don't have a good understanding of how much our privacy legislation actually has to do with this. Many of our financial systems are so tightly integrated with US networks that most of our other personal information must surely be open to Patriot Act scrutiny. If that is actually in violation of our privacy laws, it isn't something that gets talked about much, and will probably remain that way until something happens that gets the courts involved.

Post a comment

We had to crank up the spam filter so it may take a little while to appear. Thanks.

A book in progress by

Siva Vaidhyanathan

Siva Vaidhyanathan

This blog, the result of a collaboration between myself and the Institute for the Future of the Book, is dedicated to exploring the process of writing a critical interpretation of the actions and intentions behind the cultural behemoth that is Google, Inc. The book will answer three key questions: What does the world look like through the lens of Google?; How is Google's ubiquity affecting the production and dissemination of knowledge?; and how has the corporation altered the rules and practices that govern other companies, institutions, and states? [more]

» Send links, questions and ideas:
siva [at] googlizationofeverything [dot] com

» To reach me for a press query, please write to SIVAMEDIA ut POBOX dut COM

» To reach me for a speaking invitation, please write to SIVASPEAK ut POBOX dut COM

» Visit my main blog: SIVACRACY.NET

» More about me


Like the Mind of God (22 posts)

All the World's Information (26 posts)

What If Big Ads Don't Work (10 posts)

Don't Be Evil (9 posts)

Is Google a Library? (43 posts)

Challenging Big Media (18 posts)

The Dossier (19 posts)

Global Google (3 posts)

Google Earth (3 posts)

A Public Utility? (19 posts)

About this Book (16 posts)

Other books by Siva:


Rewiring the Nation: The Place of Technology in American Studies (Johns Hopkins University Press, 2007)

The Anarchist in the Library (Basic Books, 2004)

Copyrights and copywrongs cover

Copyrights and Copywrongs: The Rise of Intellectual Property and How it Threatens Creativity (New York University Press, 2001)


  • Sivacracy.net
  • if:book
RSS Feed icon  RSS Feed

Powered by Movable Type 3.35