I have watched from afar, with mixed emotions, as Grinnell has deployed Office 365 for email and more. Having spent over a third of a century working on email technology, I thought my perspective might be worth sharing.
On the positive side, moving to cloud services is a good idea in general, and swims with the tide of progress. Increasingly, it will be impossible to find non-cloud versions of many key services. Office 365 is a creditable contender, along with Google Docs and others. From a business standpoint, the decision is a no-brainer.
But Grinnell is more than a business, and cloud services have privacy implications that are especially important to academia. You need nearly absolute trust in your provider if you have any concern for the privacy of your data. But the major cloud email providers have proven far too ready to betray your trust in a number of ways. Most obviously, they will do so at the slightest request from the US government, probably without a warrant and without any idea of what will be done with the data. But there’s also nothing to prevent the provider from using the College’s email for its own commercial purposes.
It’s almost a tradition for freshmen to go through a “wild” phase, but nowadays, if you talk about it by email, you may never escape it. If a current student wants to apply for a job at Microsoft someday, Microsoft may be able to scrutinize his every college email. More chillingly, if Microsoft is forced to honor subpoenas elsewhere, China might compel Microsoft to share the email of Chinese students at Grinnell. And of course the cloud only makes the NSA’s job easier.
Initially, I was opposed to the Office 365 transition, but I recognize that the benefits are many and real. Moreover, the momentum of cloud technology is overwhelming, and all cloud services are privacy-unfriendly to varying degrees. Instead, I now urgently advocate taking all possible steps to A) educate the community, especially incoming students, about the privacy risks and how to minimize them and B) make sure we have configured Office 365 for maximum privacy, while regularly lobbying Microsoft for appropriate improvements.
To implement these goals I suggest the creation of a Privacy Board, made up of students, faculty and staff. I believe doing so is necessary for the College to act in the best interests of the students.
By adopting Office 365, Grinnell has made students’ privacy even less safe than it already was. But the truth is it wasn’t that safe to begin with, so the good news is that with something like a Privacy Board, we might end up with an overall improvement. At any rate, it’s worth a try.
Sincerely,
Nathaniel S. Borenstein ’80