Thursday, November 04, 2010

Roadblocks in deploying Google Apps: FUD

This is the first in a series of longer posts that will discuss some of the common roadblocks I hear about, and help other schools work through, when trying to deploy Google Apps for Education in their schools

Fear, uncertainty and doubt (From Wikipedia, the free encyclopedia)

Fear, uncertainty, and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations,[1][2] politics, propaganda and trolling. FUD is generally a strategic attempt to influence public perception by disseminating negative and dubious/false information designed to undermine the credibility of their beliefs. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

This document is in regards to an an email I received from a colleague regarding Google Apps for Education. Jaime approached Jackie and said that Google Apps for Education would be a great tool for collaboration among students, staff, and administrators. They have been going back and forth because their “Tech Expert” (Jackie) disagrees with the “Educational Expert” (Jamie) who wants to use the product. Jackie has fears and reservations about using Google Apps.

Jackie started to do some research on Google Apps and initially found the consumer version of the Consumer version of an Apps agreement. This led Jackie to raise some serious questions about privacy, safety, and security of Google Apps. Jamie emailed me and asked for advice. I suggested that they both look at the Google Apps for Education User Agreement.

What follows is Jackie’s response to reviewing the agreement, which I have responded to within the original email in Italics

BEGIN EMAIL

Jamie,

Based on my security training and experience I would not recommend we use this service for the following reasons:

Google's internal security procedures are probably better than 90% of all school systems including ours.

I am not sure how this is a problem, but I am sure Google’s security is better than 99.9% of all systems. Read the security whitepaper.

But the key concept is on their site not in the transport process between our users and their site. The standard free service is not encrypted from the end user to Google’s site and is thus subject to "man in the middle" attaches. (A widely used attack to gain personal information). In my security training this is one of the most basic and widely used tactics to intercept personal information.

That is why it is standard practice for any information that has any value whats so ever to be SSL encrypted. Remember that a lot of our staff will be accessing these docs from their

home computers. Security estimates estimate that at least 15% of these computers at any one time are compromised with viruses and worms that are designed to monitor and send any information they enter to Bots or used as a gateway to acquire information from the clients site.

In fact the secure communications (HTTPS) that would be required for our data, appears to be a paid premium service:

Secure Browser Connections (HTTPS)

Google Apps Premier and Education Editions offers domain administrators the ability to force all users in their domain to use Hypertext Transfer Protocol Secure (HTTPS) for services such as Gmail, Docs, Calendar, Sites, etc. Information sent via HTTPS is encrypted from the time it leaves Google until it is received by the recipients’ computer

The answer is actually in the question above. “Education Editions offer domain administrators the ability to force all users to use HTTPS”. The link that explains how to do this is here: http://www.google.com/support/a/bin/answer.py?hl=en&answer=100181 and this is the box you would check in the email control panel:


This is not a free service and the following smacks of bait and switch tactics because they know that once we do all the training and have everything established we would not what to change; (from the user agreement)

3.4 No Fees. Google may charge a fee for the Services after the initial term, and may charge a fee for new functionality or optional enhancements that may be added by Google to the Service. Google may also offer a premium version of the Services for a fee. Prior to Google charging Customer as stated in this section, Google and Customer will negotiate either a new agreement or an amendment to this Agreement.

This is absolutely untrue (However, I find it funny that nobody is concerned about other providers suddenly raising prices) this link to the FAQs explains:

Google Apps for Education is free. We plan to keep the core offering of Google Apps Education Edition free. This includes user accounts for incoming students in the future. As you may know, Google was founded by a research project at Stanford University, and this is just one way we can give back to the educational community.

To see the available features included in Google Apps Education Edition please navigate here.

For more information, you can review our Terms of Service.

If you would like to purchase Google Message Security and Compliance for filtering or archiving purposes, this will have a per user fee depending on the services you choose. Each package is listed here.

But wait, what do they mean by “Core Apps” - certainly this is a trick statement! - No, it’s not:

Google is currently offering schools a hosted solution for their email, calendar, and chat through Google Apps Education Edition, our integrated communication and collaboration solution. Our offer includes Gmail, Google Calendar, Google Talk, Google Sites, and Google Docs and Google Video, all using your own school's domain.

Google Apps Education Edition includes:

  1. Gmail: Email storage and search tools that help your students find information fast and instant messaging from right inside their accounts.
  2. Google Calendar: Students can organize their schedules and share events and calendars with others.
  3. Google Talk: Students can call or send instant messages to their contacts for free anytime, anywhere in the world.
  4. Google Docs: Share documents, spreadsheets, and presentations. Collaborate in real-time with your team or with your whole school. You can publish final documents to the entire world, too.
  5. Google Sites: Work together to keep related documents, web content and other information in one place, on one site.
  6. Google Video for education: A video hosting and sharing solution that enables schools and other organizations to use video as an effective medium for internal communication and collaboration

I do not think we what even our patterns of communications should be disclosed to their affiliates. (from the agreement, except their comments in the parenthesis)

a) protect the other party’s Confidential Information with the same

standard of care it uses to protect its own Confidential Information; and

(b) not disclose the Confidential Information, except to affiliates, (That includes companies that advertise with them) employees and agents who need to know it and who have agreed in writing to keep it confidential

The issue here is that a parent in litigation will say that potentially sensitive IEP conversations and documents are being held by an ad supported third party. Even if we assert there is no risk their lawyer would have a good case for "reasonable doubt" and we would lose the case.

Again untrue. A quick check of the Security and Privacy FAQs answers this question directly:

Does Google give third parties access to my organization's data?

Google does not share or reveal private user content such as email or personal information with third parties except as required by law, on request by a user or system administrator, or to protect our systems. These exceptions include requests by users that Google's support staff access their email messages in order to diagnose problems; when Google is required by law to do so; and when we are compelled to disclose personal information because we reasonably believe it's necessary in order to protect the rights, property or safety of Google, its users and the public.

For full details, please refer to the "Information Sharing" section of our Privacy Policy.

Back to the EDU FAQ’s

There are no advertisements used with the Google Apps Education Edition.

If you have an account for only alumni at your schools, you are required to enable advertisements.

Gmail also offers web clips at the top of your inbox which show you news headlines, blog posts, RSS and Atom feeds, and relevant sponsored links. Each clip displays the source from which it was received, how long ago the clip was published, and a link to access the entire story or page containing the clip. You may want to create custom RSS feeds for your University.

If you have an Education domain and choose to Hide all advertisements for this domain in your domain's Google Apps control panel, then sponsored links will also no longer be shown as webclips. Your users will still be able to customize their webclips for news headlines, blog posts, RSS feeds, and Atom feeds.

Using a hosted email, or document storage service, for confidential information is common practice for business (Companies use Google), Government (yes they use Google too), and lots of schools. Even if it isn’t Google hosting the email service, as this search shows:


It would also look bad if a local paper made FOIA requests that included data created from Google and ran an article with a Headline that read: Confidential information about students with special needs being stored on Google! (from the agreement)

FOIA requests: b. Third Party Requests. Customer is responsible for responding to Third Party Requests. Google will, unless it is prohibited by law or by the terms of the Third Party Request: (a) promptly notify Customer of its receipt of a Third Party Request in a manner permitted by law; (b) comply with Customer’s reasonable requests regarding its efforts to oppose a Third Party Request; and (c) provide Customer with the information or tools required for Customer to respond to the Third Party Request. Customer will first use the Admin Tool to access the required informationOnce again they answer their own question by using the agreement, but I will dive in a little further here. These are the same steps you would take with any email system. Google can't access your data, therefore they cannot respond to a FOIA request on your behalf (I don't think you would want them to). As the privacy FAQ’s say:

Google employees will access your account data only when an administrator from your domain grants Google employees explicit permission to do so for troubleshooting purposes. During the course of troubleshooting an issue or other investigation, the Google Support team may ask for the creation of a test administrator account, solely to be used to resolve the particular issue at hand.

Google employees or automated systems may also take down any content that violates the Terms of Service.

In order to provide some of the core features in Google Apps products, our automated systems will scan and index some user data. For example:

  1. Email is scanned so we can perform spam filtering and virus detection.
  2. Email is scanned so we can display contextually relevant advertising in some circumstances. (Note that there is no ad-related scanning or processing in Education or Premier Edition with ads disabled)
  3. Some user data, such as documents and email messages, are scanned and indexed so your users can privately search for information in their own Google Apps accounts.

In other words, we only scan or index user content in Google Apps in order to provide features that will directly benefit users, or to help us maintain the safety and security of our systems. Except when your users choose to publish information publicly, Google Apps data is not part of the general google.com index.

It's important to note that our scanning and indexing procedures are 100% automated and involve no human interaction. For complete information, see our detailedPrivacy Policy, Privacy Principles, and our Google Apps Terms of Service (Premier, Standard, Education Editions).

Our own internal searches for FOIA documents are more invasive than anything Google does with our data, and YES it is our data

Who owns the data that organizations put into Google Apps?

To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us!

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

  1. We won't share your data with others except as noted in our Privacy Policy.
  2. We keep your data as long as you require us to keep it.
  3. Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether.


They can advertise us using this service and thus by implication endorsing their service:

Publicity. Customer hereby consents to Google's inclusion of Customer's name in a customer list, but only if Customer is not the only customer appearing on the list.

Wow, the FUD is getting deep, the entire statement from the Apps EDU agreement:

Publicity. Customer hereby consents to Google's inclusion of Customer's name in a customer list, but only if Customer is not the only customer appearing on the list. Other than this, neither party may make any public statement regarding the relationship contemplated by this Agreement without the other party's prior written consent.

Which is preceded by the Intellectual properties section, which would allow you to ask in writing for Google to not use your brand (and also reinforces that all of your stuff is yours)

Intellectual Property Rights; Brand Features.

  1. 7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.
  2. 7.2 Display of Brand Features. Google may display only those Customer Brand Features authorized by Customer, and only within designated areas of the Service Pages. Customer may specify the nature of this use using the Admin Console. Google may also display Google Brand Features on the Service Pages to indicate that the Services are provided by Google. If Customer wants to display Google Brand Features in connection with the Services, Customer will comply with the Trademark Guidelines.
  3. 7.3 Brand Features Limitation. Each party may use the other party’s Brand Features only as permitted in this Agreement. Any use of a party’s brand features will inure to the benefit of the party holding intellectual property rights to those Brand Features. A party may revoke the other party’s right to use its Brand Features pursuant to this Agreement with written notice to the other and a reasonable period to stop the use.

They are not liable for any issues or lawsuits arising from this arrangement: (from the agreement)

Limitation on Indirect Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS

AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL,

CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY.

This is standard in every contract that I have signed with a software company (which protects both YOU and the other company). You will see similar clauses in many agreements (look at the XP agreement or Adobe. I am not a lawyer, but your schools probably shouldn't let you sign an agreement where this isn't present.

To fully comply with the below we would have to send out notice to all our

parents that we use this service:

Customer acknowledges and agrees that it is solely responsible for

compliance with the Children’s Online Privacy Protection Act of 1998

(COPPA), including but not limited to, obtaining parental consent

concerning collection of personal information used in connection with the

provisioning and use of the Additional Products by the Customer and its

end users

You will only need to do this if you are using student accounts with children under the age of 13 (Read about COPPA here). You should actually be doing this if you let students under 13 use any web based service where you are creating accounts for them where the provider may be able to access personal student information. Once again, I am not a lawyer, however since Google cannot actually access your student’s personal information (only you can) and since you are not a commercial entity, I really question if you even have to do this because of COPPA. You really only need to do it because you tell Google you will when you sign the agreement. By the way, since when is communicating with your parents a bad thing?

Sincerely,

Jackie

END EMAIL

I am not sure why this is a constant roadblock tossed up by technology staff, administrators, or other members of the school community. Perhaps it is fear of losing one’s job, eroding their area of expertise, not knowing the facts, or not knowing where to go to get the answers. Whatever the reason, I hope that the information I have provided helps to reduce the FUD circulating around choosing to use Google Apps for Education in your school.

3 comments:

Michael Wacker said...


Beautiful Hank!
Your concise and direct response is "must read"> for any school or ditrict looking to adopt Google Apps. In many situations I think it's becoming less about FUD and more about fear. And you hit it on the head right here, "Perhaps it is fear of losing one’s job, eroding their area of expertise, not knowing the facts, or not knowing where to go to get the answers."
Thanks for taking the time to shed some light on these issues and also for modeling what a strong ed tech leader can look and sound like!

atruger said...

Hank

What a great answer to questions that I am sure are coloring decisions about GAE across the country.

I will be sure to share it with everyone I know that is considering GAE and meeting resistance.

Andy said...

I can certainly appreciate your problems with FUD, and would agree that often such problems keep good technologies from being adopted. And to be sure, some of Jackie's points are less than valid (the HTTPS point, for example). On the other hand, some of the points she makes do seem to be valid. For example, it seems as though you are ach missing the others' point in some cases: the agreement does leave the option for Google to require payment for Google Apps for Education in the future, but the FAQ you point to also says that they "plan" to keep the "core" of it free. I think both are valid points: there's always the chance that the Google service will go away or require payment, but the odds are that it won't. (I'm also not convinced by your "core" justification: just because they are currently offering those services doesn't mean that they are all "core" services. This is especially true given that Google Apps for Education was launched with only a few services, and more have been added over time.)

Similarly, I know that the privacy issues are not necessarily trivial. While Google seems to have a reasonable privacy policy, I know that some of the special education and social work staff at my high school wanted to have a secure, encrypted system that *nobody* outside their group had any access to, in order to protect the privacy of the people with whom they worked. Whether those concerns should be allayed by Google's privacy policy or not, some people will still feel uncomfortable with giving their confidential data to any third party.

All that being said, none of those are particularly reasons to keep schools from implementing Google Apps for their students, and maybe making it an option (or the only option) for some staff. There are confidentiality issues where some people have valid concerns, and there are reliability concerns (which remain valid, although odds are that Google's services are more reliable than most schools').

It may be possible, in fact, to assuage some concerns by having a somewhat blended solution. For example, the university I currently attend is requiring undergraduate students to set up either a Google Apps account or a hosted Microsoft Exchange account. On the other hand, graduate students and staff are (as far as I can tell) prohibited from doing so, because of concerns about confidentiality, data storage, and contractual obligations (both with private companies and the government) to not give data to third parties. While it seems as though this would add complexity, it appears as though the university is in a position to save money by reducing the load and maintenance on their own systems, and give a number of new features to their undergraduate students.

So, while I'm not convinced that Google Apps for Education is the best choice in all cases, some of your points are certainly correct, and it is certainly a good idea to consider the service as an option.