News/Research

Google More: Where FERPA and CPHS conflict with EULA

13 Aug, 2013

Google More: Where FERPA and CPHS conflict with EULA

UC Berkeley just completed the transition of all of its email from a proprietary system to gmail. Called bmail or bconnected, it looks and feels like your standard, free google account in many ways, but all the crucial features of such accounts beyond the email itself (google+, chat, sites, Hangout, Analytics) are disabled. Why? According to Larry Conrad, UC Berkeley's new CIO, that's a EULA problem. The University is not satisfied with the privacy settings that Google requires for all the google "more" tools to work. In other words, Google wants to collect more information than UC Berkeley is willing to share. FERPA and CPHS are just two instances in which University and Federal regulations conflict with Google's EULA. Because of this conflict, no google hangout for us academics, staff and students. Neither FERPA nor EULA are going to change any time soon, so what do many of us do? We simply maintain two accounts. One for University email, and one for meeting with students via hangout, maintaining websites, and analyzing web traffic. The limitations on bConnected become an incentive for some of us to use the even less secure and protected services of a public, free account to conduct our business. The net outcome is that the de facto practice of many University participants is less secure than anything that the University would or could negotiate. Worse, many participants use any number of alternative accounts to do what they think they must, and the University has no ability to ensure that university communications are as secure and private as possible. The outcome is the opposite of the intention. It seems to me that the University should adopt a "harm reduction" policy, and that University participants should consider the risk to the whole institution when they choose to use media with EULA that are in conflict with FERPA and CPHS. With both approaches active, we may define an optimal middle ground for security and privacy, albeit one that we have to negotiate every day.