On Saturday 22. August 2015 10.34.24 Valentino Santori wrote: > Hi fellows, > > I would like to report a very bad situation for student's privacy in > the public education system, here in Italy. Many universities, and as > far as I know even high schools, are migrating from self-hosted mail > servers to propietary, big-corp's owned email accounts. This without > any chance to refuse the creation of this account, because this is > created during the subscription to the faculty, and without any > privacy agreement.
I think such practices are becoming widespread, and it would be interesting to do a survey to see which institutions are doing so. In higher education, there is a shift towards cloud providers for basic services like e-mail and collaboration, and here in Norway various institutions have apparently already moved to Microsoft Office 365 in some form [1, 2]. Indeed, it would seem that there is a sector-wide plan to adopt Microsoft cloud-hosted products which will probably be formalised by the coordinating organisation, UNINETT, whose Web site is poorly organised and thus not as transparent as one might like (and whose conferences are sponsored by some of the companies whose products they intend to roll out [3]). Expect Skype-specific infrastructure and principally Office 365, although they claim that they are also looking at other cloud product providers and assessing the legality. I have also seen documents [4] describing the actual strategy as opposed to the publicly-announced strategy. > I can report my personal experience and others I know: > Università Politecnica delle Marche (located in Ancona) used to adopt > a self-hosted Squirrelmail soultion, now It's migrating to Microsoft > Hotmail; > Università degli studi di Ferrara is using Gmail; > Università degli studi di Parma is using Gmail; > Università degli studi di Bologna is using Microsoft Hotmail. Hotmail users will undoubtedly be encouraged to move to Office 365. Meanwhile, the nature of adoption of these cloud services may well involve reassurances that the data won't really be held in the US or outside the country but that some kind of "licensed cloud" will be used instead. Presumably, such a licensed cloud would just be the use of proprietary software on taxpayer- funded infrastructure, maybe in an even more restrictive way than traditional proprietary software because these services are not necessarily software products that are obtained and installed normally. (Remember the Google search appliance and how it was a box you installed in your network?) In reality I think that institutions will end up using Microsoft's own hosting via what was known as their Live@edu service, which is now part of their Office 365 offering [5]. I know from personal experience that university decision-makers regard Microsoft as a friendly partner who would never hurt their customers, and they appear to regard all the reports of surveillance without any concern at all. > In Italy laws are very strict in terms on privacy and I think that > since we are talking about a public service this issue It's even more > serious. > What's your opinion about? Can we move somehow? Well, there are laws in Norway about this, too. Hence the remark that the legal situation is supposedly being reviewed. But in practice, various institutions are using the Microsoft cloud products already with only some holding back in order to legitimise the inevitable decision to use them as well [6]. (I note this because this is how the decision-makers work: they use a review of the suitability or legality as a cover for doing what they want anyway, and then they announce that everything was actually fine in the end and that their intended plan has already been carried out. You end up discussing a decision that was taken long ago and probably mostly implemented already.) There is also a distinction in Norway between students and employees of institutions. Employees, at least in the public sector, are protected by laws that forbid data from being sent off over the Internet to some random place where it isn't safeguarded. (I guess it's the data that is actually protected, but then the employees cannot be pushed out into the cloud for their work- related services because they'd be processing the data in some inappropriate place.) Meanwhile, students appear to be commodities that can be farmed out in the way that is cheapest for the institution. Sorry for the long response! Can we do anything about it? If laws and regulations about privacy and competition were upheld, maybe we could, but I haven't seen much evidence of that going on in recent times. Paul [1] Just searching for "Office 365" on this page listing single sign-on integration indicates how much it has been used: https://www.feide.no/tilgjengelige-tjenester [2] 70% of students and employees in the sector have Office 365 access according to this: http://www.usit.uio.no/prosjekter/o365/ [3] Conference sponsors: https://www.uninett.no/uninett- konferansen-2015/sponsorer [4] http://slashdot.org/submission/2683909/end-of-the-line-for-linux-in- norways-educational-system [5] https://en.wikipedia.org/wiki/Live%40edu [6] A document indicating how University of Oslo decision-makers really want to take advantage of Microsoft bundling deals to use Office 365 while at the same time making the necessary noises about privacy and legal requirements: http://www.usit.uio.no/prosjekter/o365/mandat/office365-saksnotat-i- rektoratet-190315.pdf _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
