Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

"Going Google" Exposes Students' Email

kdawson posted more than 5 years ago | from the visibility-in-the-clouds dept.

Education 244

A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"

Sorry! There are no comments related to the filter you selected.

3 Days Turnaround (5, Interesting)

sgbett (739519) | more than 5 years ago | (#29488693)

Is that three days after they were notified, or did the affected students keep it quiet for a couple of days for 'research purposes'.

Re:3 Days Turnaround (3, Interesting)

BikeHelmet (1437881) | more than 5 years ago | (#29488943)

It's a safe bet that that's only a few hours after they found out, and 3 days after the first student did.

Re:3 Days Turnaround (4, Informative)

john83 (923470) | more than 5 years ago | (#29489031)

It's a safe bet that that's only a few hours after they found out, and 3 days after the first student did.

That was my thinking too, but TFA says that the students notified their admin on the Friday, who notified Google on the Saturday, who fixed it on the Tuesday. It's not clear - bad writing - but they may have suspended the service on the Monday.

Re:3 Days Turnaround (3, Insightful)

sgbett (739519) | more than 5 years ago | (#29489159)

Its conveniently devoid of detail regarding the timeline of things. I don't mean to be a google apologist, but the article seems full of conjecture.

11 % of users were affected during a migration. OK it could have been better, but a 3 day turnaround (over a weekend) of an outage during planned maintenance doesn't sound *that* bad to me. Is this still the gmail that you don't pay for btw?

The critical (missing) detail is how quickly did Google turn off access to other people's mail following notification. Yes it may be a contentious decision if it was made without approval, but in areas of privacy it might be a good idea to CYA first ask questions later.

Heated discussions are one thing, being taken to court over Data Protection is quite another.

I'm confused at the reaction from Brown, were they advocating leaving people's data out in the open whilst it was resolved?

Re:3 Days Turnaround (4, Informative)

Runaway1956 (1322357) | more than 5 years ago | (#29489327)

"11 % of users were affected"

No, ~1% I think. Following the links in the links, you'll find that Brown University transferred 2000 accounts, not the 200 in the above summary. It seemed suspicious that a university was only transferring 200 accounts, to begin with. An individual small college would have that many accounts, or more.

Re:3 Days Turnaround (1)

sgbett (739519) | more than 5 years ago | (#29489375)

Interesting! I must admit I had to do a double take when I was checking the total user-base to figure out a percentage, it did seem low to me for a University but as I'm not familiar with the US system I didn't go any further. Seems, I should have dug deeper - I'll never make a journalist eh.

I suspect this bit of misinformation was another convenient re-phrasing designed to increase the newsworthiness of this non-event.

Re:3 Days Turnaround (1)

Jurily (900488) | more than 5 years ago | (#29489409)

Following the links in the links, you'll find that

Nice summary, isn't it?

I Hate Google So Much (0)

Philip K Dickhead (906971) | more than 5 years ago | (#29489595)

That I see their failure as a possible bright spot in the failure of the Global Economy.

Crash, Baby! Crash!

Re:3 Days Turnaround (1)

Idiomatick (976696) | more than 5 years ago | (#29489175)

Friday: School got 1 or 2 emails from students
Saturday: Google got email from School. They sent an email to all 200students asking who was affected
Sunday: I only assume they we waiting on replies.
Mon: Ditto.. Prolly working out what it is.
Tuesday: Problem fixed early in the morning. Only 22 accounts were affected. Of those accounts they couldn't see everyone's email, all of some accounts or just a few emails that weren't theirs.

If this weren't a free service I'd definitely raise hell, I don't think I'd sue. Since it is free and happened over the weekend. And on a new service during a data migration... I don't think it is a horrible problem. Also its a uni email not professional or personal. If those schools are anything like mine the only thing you get in them are fliers and profs responding to questions.

Re:3 Days Turnaround (2, Interesting)

Uber Banker (655221) | more than 5 years ago | (#29489479)

If this weren't a free service I'd definitely raise hell..

Are these students not paying fees, and (were it to occur in most other countries) taxpayers paying also?

Re:3 Days Turnaround (1)

aetherworld (970863) | more than 5 years ago | (#29489251)

It's a safe bet that that's only a few hours after they found out, and 3 days after the first student did.

That was my thinking too, but TFA says that the students notified their admin on the Friday, who notified Google on the Saturday, who fixed it on the Tuesday. It's not clear - bad writing - but they may have suspended the service on the Monday.

That was my assumption too. And actually, that's not too bad... If they shut down the accounts on Monday morning, that's as prompt as it gets. To my knowledge, Google email support doesn't work on sundays.

Re:3 Days Turnaround (5, Informative)

Anonymous Coward | more than 5 years ago | (#29489583)

Well, I'm the guy at Brown who actually does the part of the migration that switches over internal email to Google (though others are involved), and I can tell you that we knew about a few almost immediately, from student reports. Google was involved as soon as we found out, but it took them a little while to determine exactly what happened.

Also, this wasn't as bad as it sounds. Students weren't receiving new mail meant for someone else, the problem was with the tool that migrated their old existing email from our Exchange system to their new Google email boxes. The 22 students got the contents of other students' -old- mail boxes, not new mail.

It appears that Google upgraded their IMAP migration tool on the back-end, and there was a problem with the new version. Interesting thing about 'the cloud', all the tools available on it are upgraded without the end user being aware. Had there been a 'migrate user email boxes - updated today to version 1.1!' button instead of 'migrate user email boxes', I might have waited a few days to let Google shake-out the bugs.

Breach of privacy (-1, Troll)

Yvanhoe (564877) | more than 5 years ago | (#29488719)

Sue.

Re:Breach of privacy (0)

Anonymous Coward | more than 5 years ago | (#29488733)

You were born in California?

Re:Breach of privacy (0)

Anonymous Coward | more than 5 years ago | (#29488759)

Sue.

It's the American way.

Re:Breach of privacy (1, Flamebait)

Yvanhoe (564877) | more than 5 years ago | (#29488765)

I'm French and if my personal or professional email were to be made public, that would be one hell of unsatisfactory service. Privacy is why I accept paying a provider for things that could be free (as in beer). If this expectation goes out, I will ask for damage. You know, the expectation for privacy is written in our constitution.

Re:Breach of privacy (5, Funny)

Anonymous Coward | more than 5 years ago | (#29488803)

I'm French

Just save us the trouble and surrender this argument now.

Re:Breach of privacy (0)

Anonymous Coward | more than 5 years ago | (#29489517)

I was I had Karma points to give.. That's funny.

Re:Breach of privacy (1, Insightful)

Runaway1956 (1322357) | more than 5 years ago | (#29489357)

"I'm French and if my personal or professional email were to be made public, that would be one hell of unsatisfactory service."

Well, who do you think would want to read a Frenchman's mail, anyway?

More seriously, what does nationality have to do with privacy issues? You think that maybe a Ugandan needs more privacy than a Russian? Degrees of privacy are scaled from one nationality to another? Had you said something to the effect, "The Iranian government has grown really oppressive, so my mail being made public is a major threat to personal security", then your nationality and/or government might be a factor.

Re:Breach of privacy (1)

brusk (135896) | more than 5 years ago | (#29489437)

I think stating one's nationality implies that the writer is framing his/her comments as representing the expectation in one's country. What level of privacy one should desire from a pure philosophical standpoint, what is legally protected, and what the cultural norm expects can all be different.

Re:Breach of privacy (1)

Schmorgluck (1293264) | more than 5 years ago | (#29489439)

This has to do with the GGP stating "It's the American way."

In France, as in most European counties, this affair could even be a case for a criminal proceeding.

Re:Breach of privacy (1, Funny)

Anonymous Coward | more than 5 years ago | (#29488807)

It's the American dream.

Fixed it for ya.

Re:Breach of privacy (0, Offtopic)

_merlin (160982) | more than 5 years ago | (#29488975)

How is that a troll? I'd be suing if I got that kind of service from an e-mail service provider. They're selling you a service and support. If they don't provide it, you deserve compensation.

Re:Breach of privacy (0, Troll)

agentgonzo (1026204) | more than 5 years ago | (#29489043)

How is that a troll?

Because it's a one-word answer to an unasked question that parrot's the American Dream (tm): "Get rich without having to do anything".

I'd be suing if I got that kind of service from an e-mail service provider. They're selling you a service and support. If they don't provide it, you deserve compensation.

And that's why the American legal system is FUTA. In most sensible countries, you *can* sue them *if* you have experienced a major problem due to their behaviour - eg, if you can show that you have lost money/posessions/safety etc as a direct result of someone else having access to your emails. You can't just go "I feel slightly aggrieved that someone read my email - give me a bajillion dollars!!!!".

Re:Breach of privacy (1)

Schmorgluck (1293264) | more than 5 years ago | (#29489463)

Then again, in most sensible countries, punitive damages don't exist.

Re:Breach of privacy (1)

Idiomatick (976696) | more than 5 years ago | (#29489151)

They aren't paying anything for it. If someone gives you a car I doubt you'd sue them if the electric windows stopped working.

Re:Breach of privacy (2, Interesting)

agentgonzo (1026204) | more than 5 years ago | (#29489417)

Actually, a lot of people probably would. One of the things that really annoys me is that large companies will dispose of their old IT equipment by throwing it in a skip rather than donating it to local schools who would benefit from them. One of the major reasons that they do this (from what I have heard) is because "if we give it away to a school and someone goes wrong, we would be liable and could get sued". I still don't understand why the school can't just agree (via a disclamer or whatever) not to sue, but that's probably because I'm not a lawyer and live in my own little make-believe world where people shouldn't sue just because they can get away with it.

Re:Breach of privacy (2, Interesting)

Dog-Cow (21281) | more than 5 years ago | (#29489739)

My understanding is that's it's actually for accounting purposes. The equipment can't be written off the same way if they are donated, or something like that. I'm neither an accountant nor a tax specialist.

Re:Breach of privacy (2, Insightful)

brusk (135896) | more than 5 years ago | (#29489445)

Not paying anything? Tuition at Brown is $35,584, and some of that goes to IT services; the fact that they've contracted student email service out to Google is irrelevant.

Re:Breach of privacy (1)

Elary (1487257) | more than 5 years ago | (#29489277)

Yeah, blame Susan, that's the spirit...

FERPA (4, Interesting)

wireloose (759042) | more than 5 years ago | (#29489279)

Worse than just a breach of privacy of email, students use their college-provided accounts to communicate with their faculty. If other students are able to see their emails, that constitutes a potential FERPA breach. As a college IT administrator, I would be screaming at Google for not sharing info and reacting immediately. Waiting a day to shut the accounts down temporarily is inexcusable.

Re:FERPA (2, Interesting)

surgen (1145449) | more than 5 years ago | (#29489421)

As a college student, the possibility of having my own personal emails with faculty members exposed concerns me, but nowhere near as much as the confidential student data emailed between me and the staff members I work for.

Still more secure than most school systems (2, Insightful)

muftak (636261) | more than 5 years ago | (#29488745)

I bet most of us could read everyone else's email at school...

Re:Still more secure than most school systems (3, Interesting)

julesh (229690) | more than 5 years ago | (#29488931)

I bet most of us could read everyone else's email at school...

Not convinced. Mine used Solaris's default maildrop security, which is pretty effective, and I think was fairly standard practice until recently.

Re:Still more secure than most school systems (1)

AvitarX (172628) | more than 5 years ago | (#29489099)

Mine encouraged checking your mail with telnet.

Re:Still more secure than most school systems (1)

PuercoPop (1007467) | more than 5 years ago | (#29489427)

My school sends the login/password as clear text, so in my experience OP has a point. Also gmail has google docs and view as HTML to quickly check to see the document contents.

Re:Still more secure than most school systems (4, Insightful)

betterunixthanunix (980855) | more than 5 years ago | (#29489551)

Google docs is another liability, when it comes to security. A while back, Columbia experienced a major data leak -- tens of thousands of social security numbers, names, dates of birth, etc. (everything you need to open a bank account) -- all because someone was using Google docs. Frankly, if you want the same level of document/email integration, there are a lot of free-libre and proprietary packages that will do that; MS Office, or KOffice+Kontact, for example. Being willing to put up with a slightly less convenient, but far more secure (in terms of data) method is all it really takes.

Google's version of... (5, Funny)

The Ancients (626689) | more than 5 years ago | (#29488747)

...social networking.

Taking it to a new level, no joining or other conscious actions required to share everything about your life.

Re:Google's version of... (5, Funny)

Arancaytar (966377) | more than 5 years ago | (#29488935)

"You have sent an email to Emily. 6 people like this. 3 people have left a comment:"

"Frank has sent/received 26/20 emails to/from your friend Tom, 20/23 with your friend Megan, 15/12 with your friend John. Your social graph proximity is therefore 45.1. Click here to add Frank to your friend list and read his emails."

People would love it! :P

Re:Google's version of... (4, Funny)

sunjae (809637) | more than 5 years ago | (#29488955)

Haha... So funny. You know what though. You should file a patent on this. At the current rate of people's acceptance of loss of privacy, this might actually come to pass!

I'm feeling lucky (2, Funny)

Anonymous Coward | more than 5 years ago | (#29488749)

So that's the use of that button!

Google: Lowering standards for the rest of us (4, Insightful)

GradiusCVK (1017360) | more than 5 years ago | (#29488761)

We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.'

Look, I think we can all agree that if there were some major security breach like this for which we were responsible and we sat around for 3 days before doing anything, then unilaterally suspended a bunch of accounts before finally fixing the problem, we'd be fired.

On the other hand, if I were the head of IT at some place and we've decided to migrate everything to some giant, well-liked third party with a reputation for excellence, it'd be really easy to say, "That's just how tech is, it's hard to do right even for Google, get used to it. Oh, and while you're looking for ways to prevent such a 'catastrophe' from ever happening again, consider boosting the IT budget, will ya?"

I'll bet that IT manager is pretty happy right now, student complaints aside.

Re:Google: Lowering standards for the rest of us (1)

miffo.swe (547642) | more than 5 years ago | (#29488777)

Microsoft lowered the standards. Google is just placing themselves a tad above those.

Re:Google: Lowering standards for the rest of us (4, Insightful)

JasterBobaMereel (1102861) | more than 5 years ago | (#29488791)

The current IT guy is laughing .... it is out of his hands and he cannot do anything about it and everyone knows this ...the person who outsourced it to Google however .....!

Re:Google: Lowering standards for the rest of us (0)

Anonymous Coward | more than 5 years ago | (#29489633)

Gotta love it when your boss is a graduate of the Gomer Pyle School of Management! Shazaam!

Re:Google: Lowering standards for the rest of us (1)

Scutter (18425) | more than 5 years ago | (#29489145)

Oh, and while you're looking for ways to prevent such a 'catastrophe' from ever happening again, consider boosting the IT budget, will ya?"

[BigBoss] It only affected students and not my e-mail so it's not a problem. No budget increase for you. NOT YOURS.[/BigBoss]

Re:Google: Lowering standards for the rest of us (0)

Anonymous Coward | more than 5 years ago | (#29489215)

if you were a full time professional IT manager for a school (with associated cheap labour) only covering 200 users I'd expect you to run a mail server alongside you other tasks.

Re:Google: Lowering standards for the rest of us (4, Interesting)

martinX (672498) | more than 5 years ago | (#29489477)

we've decided to migrate everything to some giant, well-liked third party with a reputation for excellence,

Does Google actually have a reputation for excellence? Apart from their search engine and maybe Google Maps, is anything they make "excellent"? Does anything excel; is anything groundbreaking and complete in utility and quality? I remember when a lot of their releases stayed in extended-Beta, which is code for "it's free, it's out there so use it at your own peril". I find a lot of their stuff nifty, and I think they head in interesting new directions, but they seem to be always short of excellence. Personally I think that they have gained years worth of kudos - and, by extension, a reputation for excellence - by creating a great search engine (not to mention the big plus of not being Microsoft) and are spending it.

methinks he doth protest too much (1)

fireball84513 (1632561) | more than 5 years ago | (#29488763)

i could just imagine the awkwardness when you find your best friends gay porn collection due to a software malfunction

Re:methinks he doth protest too much (1)

Zardus (464755) | more than 5 years ago | (#29488797)

Most people don't keep that on their email accounts...

Re:methinks he doth protest too much (1)

calmofthestorm (1344385) | more than 5 years ago | (#29488827)

I use gmailfs you insensitive clod!

Re:methinks he doth protest too much (0)

Anonymous Coward | more than 5 years ago | (#29488921)

As a friend I have to point out that the same glitch enabled me to see your private data...

I think your diapered latino transexual cosplayer fetish will really put a damper on our friendship. :(

Re:methinks he doth protest too much (1)

Runaway1956 (1322357) | more than 5 years ago | (#29489391)

Meanwhile, AC has 387 invites from new friends who have discovered his bestiality photos, most of which involve German Shepard males and stud ponies.

Re:methinks he doth protest too much (4, Insightful)

gbjbaanb (229885) | more than 5 years ago | (#29488883)

Most people don't keep that on their email accounts...

Most people don't keep that *what* on their email accounts?

Private stuff?
Passwords?
User ids?
$25,000,000 money-making invitations?
Shakespeare quotes?

I know one fact about email which makes it an incredibly important security risk - the 'I forgot my password' link. Log on to a site you think the user uses, click that 'forgot' link, read his new password a few moments later. erm.. profit.

That said, this is google mail we're talking about, the one that bills itself as "store everything on us" we're safe and you'll never lose an email again thanks to our massive storage, indexing and searching facilities. So, for some people email is downloaded immediately and never stored on the server, for many many others, it stays right on the server.

I'd have cancelled the account, the way it was handled is not acceptable, even a free service has reasonable expectations of security. To let it linger for 3 days... that's simply not good enough.

Re:methinks he doth protest too much (2, Interesting)

Arancaytar (966377) | more than 5 years ago | (#29488967)

Well, that's one reason why those passwords aren't sent in clear. Breaking into someone's email account to get access to a forum/blog/website account is relatively easy - preventing them from catching on is hard to impossible.

Another security feature is to force you to leave your account unused for a week, to make sure the account is really not accessible. Few sites actually use it, unfortunately (Gmail does) - it's a substantial convenience trade-off, and people always value convenience above security.

Re:methinks he doth protest too much (2, Funny)

Yamata no Orochi (1626135) | more than 5 years ago | (#29489747)

Most people don't keep that on their email accounts...

Most people don't keep that *what* on their email accounts?

Well, according to the post he was responding to, most people don't keep their gay porn collection on their e-mail account.

Now don't you feel silly for responding so seriously to that?

Re:methinks he doth protest too much (0)

Anonymous Coward | more than 5 years ago | (#29488893)

They didn't until GMail came along. They give you 7 gigs right now!

Someone has high demands. (0, Offtopic)

miffo.swe (547642) | more than 5 years ago | (#29488793)

" Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response."

In my NSHO three days is pretty fast for a free service. You want faster response times, 100% avail and dedicated engineers? For free? Sorry, no can do.

Everytime i see an article like this all i can think is "what Microsoft backed puppet wrote this crap?". Microsoft is working very hard to make out Google as craptastic, greedy and customerhating as them. For me it has the opposite effect, Google becomes the underdog with Microsoft kicking them in the groin. I find myself feel for Google in the search market despite their 90% marketshare.

Way to go Microsoft, no PR in the world coming from Google could accomplish that feat, feeling sorry for a market leader. ;D

Re:Someone has high demands. (2, Informative)

JonJ (907502) | more than 5 years ago | (#29488809)

You want faster response times, 100% avail and dedicated engineers? For free?

I don't think they are giving this away for free.

Re:Someone has high demands. (2, Informative)

olderchurch (242469) | more than 5 years ago | (#29488869)

Re:Someone has high demands. (1)

JonJ (907502) | more than 5 years ago | (#29489041)

Wasn't aware of that, thanks. Still a pretty serious bug though.

Re:Someone has high demands. (1)

miffo.swe (547642) | more than 5 years ago | (#29488901)

Google Apps for Edu is free.

24/7 support, ,complete monitoring, 1hr response time and 100% avail is not free.

Re:Someone has high demands. (3, Insightful)

st0rmshad0w (412661) | more than 5 years ago | (#29489121)

What the FSCK! How lame is your college that it can't run an email system?

When you finally get out you might want to check and see if your diploma is signed.

Re:Someone has high demands. (5, Insightful)

Trogre (513942) | more than 5 years ago | (#29488913)

I'm sorry, perhaps you missed the part where students could read each others emails.

Microsoft participation is not required in this case.

Re:Someone has high demands. (3, Informative)

miffo.swe (547642) | more than 5 years ago | (#29489249)

"I'm sorry, perhaps you missed the part where students could read each others emails."

If we are to be true, students could not reach other students inboxes. During migration mails wore put in wrong inboxes. Its a pretty big difference if the source system is on crack or if there is a security breach in the target system. In this case the problem could lie in the software used to migrate the users mails but it did not lie in Google Apps itself.

Re:Someone has high demands. (5, Interesting)

Anonymous Coward | more than 5 years ago | (#29489017)

What the fuck.

This is a really big deal. And if the excuse is that 3 days (admittedly, 2 of them weekend days) turnaround on an absolute security breach is what you get for free, and to expect better you must pay for it, then the proper response is to pay for better and not use this service because it's shit-broken. It is my understanding that Google Apps for Education is not a tiered service -- you're a school, you get it free; there is no paying for better. If there IS paying for better, then we should spread awareness that the free version is bad.

Might I point out that losing privacy on your email and THEN losing access is pretty much the worst possible failure mode? This is an enormous fuck-up. This has nothing to do with Microsoft. Why would you bring up Microsoft? YOU are the one twisting something into what it is not to make some other company look bad. If I were as paranoid as you, I'd suggest that Google or Apple or somesuch was paying you to do this, but in fact, I know that you're capable of being fuckwitted all on your own.

Jesus Christ. Google Apps' security fails utterly, and that's Google kicking Microsoft in the groin to you? Maybe Google can start a puppy-stomping program; I bet that's just like Google ripping Microsoft's arms off.

I'd be a lot more comfortable if Google said "yeah, we fucked up, here's what we're going to do to prevent this from happening again". Instead we get the self-contradictory "it was a small hiccup [...] it's an issue we've taken extremely seriously".

Re:Someone has high demands. (2, Interesting)

miffo.swe (547642) | more than 5 years ago | (#29489097)

My impression is that this incident is a fuckup at the customer end of things. The problem was getting the emails out of Exchange into the right account in Google Apps.

This is something where i personally have missed a couple of times and its very common since there are always some accounts that are broken in an exchange system.

Re:Someone has high demands. (1)

surgen (1145449) | more than 5 years ago | (#29489501)

When you move files from a user's hard drive onto a network share are you allowed to blame the user when you don't set the permissions the way they told you to?

A common problem with exchange? In that case the google side of the migration should have been expecting for it to happen and have had a plan to fix it before they went live.

Re:Someone has high demands. (1)

eebra82 (907996) | more than 5 years ago | (#29489077)

Everytime i see an article like this all i can think is "what Microsoft backed puppet wrote this crap?". Microsoft is working very hard to make out Google as craptastic, greedy and customerhating as them.

Why are you diverting a serious matter like this into smearing a company that most likely had nothing to do with it? E-mail accounts can contain very sensitive data, ranging from bank papers to personal issues. And especially if people you know get access to this, it makes the problem more serious than ever.

I won't comment on Google's actions because I don't know enough details, but if I had my mails exposed, I would be pretty pissed. And the fact that it is free doesn't make it more acceptable. It's like saying that someone volunteering for a non-paid job can act whichever way he or she wants just because it's free. No, you still have to follow rules.

Comments like this make me realize why there are so many extremists in this world.

Re:Someone has high demands. (2, Insightful)

miffo.swe (547642) | more than 5 years ago | (#29489147)

"Why are you diverting a serious matter like this into smearing a company that most likely had nothing to do with it?"

Because Microsoft is running a big campaign in portraying Google as bad. Google is a really hard hit target right now for FUD. The fact that this was a big Microsoft Exchange customer before makes my radar tingle a bit extra for that reason.

"E-mail accounts can contain very sensitive data, ranging from bank papers to personal issues. And especially if people you know get access to this, it makes the problem more serious than ever. "

Yes, and the problem wasnt Google Apps in itself but getting mails out from exchange and into Google Mail to the right account. It was more a migration error than any security problem. Most times the problem with migrations lies in broken accounts in the source system.

"And the fact that it is free doesn't make it more acceptable. It's like saying that someone volunteering for a non-paid job can act whichever way he or she wants just because it's free. No, you still have to follow rules. "

The fact that its free does make it more acceptable. Where talking free market here, not soviet russia.

"Comments like this make me realize why there are so many extremists in this world."

Different view = extremist? Yay for talibans!

Re:Someone has high demands. (0)

Anonymous Coward | more than 5 years ago | (#29489555)

Because Microsoft is running a big campaign in portraying Google as bad. Google is a really hard hit target right now for FUD.

Microsoft wants to smear google. Therefore any criticism of google is a smear attempt written by a microsoft puppet? No matter how hard google dropped the ball on this one?

This is a serious problem caused by google. If microsoft wants to call them out for it, not only are they well within their right to, THEY SHOULD. I am a college student, if my emails got exposed I would be pissed. I also work for the college, if those emails got exposed not only would it be a breach of my privacy, but a breach of the privacy of every single student on campus, it would expose an identity theft goldmine.

Re:Someone has high demands. (1)

YojimboJango (978350) | more than 5 years ago | (#29489429)

99% sure that the admins at Brown thought the response was acceptable because the 'small glitch' was actually operator error on the part of said admins. I'd try to downplay the whole situation if it was my fault, and that seems to be what the admins at Brown are doing.

Minor glitch! I think not (0)

Anonymous Coward | more than 5 years ago | (#29488835)

How the fuck the "glitch itself was minor"? I'm not sure if it actually violated any privacy laws given the extensive cover-your-ass EULAs, but still, it was a a serious breach of privacy, and indeed was much more important than "how Google handled the situtation". With respect to the latter, temporarily shutting down all affected e-mails, _immediately_, was completely justified, and in fact, was the only thing to do until Google had the chance of finding out exactly what was going on, who and how is affected, and how to fix it. I'm much more of the opinion that Google, as a free (as in beer) service, ows you no performance SLAs whatsoever (it may even shut down Gmail completely tomorrow, and if you lose e-mails, its too bad for you for not backing them up). But even so, AS LONG as Google provides a mail service, it DOES have some obligations to respect the privacy of its users. So guaranteeing privacy > guaranteeing performance, and Google acted correctly in this case.

Re:Minor glitch! I think not (2, Interesting)

ubrgeek (679399) | more than 5 years ago | (#29489123)

In most (all?) states, universities that receive federal government funds have an absolute requirement to protect privacy-related information. That's one of the reasons nearly 20 years ago the California State University system switched from using SSNs as student ID numbers to some non-related numbering system. I know, because I was part of the group that challenged the use of SSNs. As IANAL, I don't know if what happened in the article email _might_ constitute the same thing, not do I know if the same would be true (i.e. whether it would constitute such a breach) if the system has a "If you use this system, you consent to monitoring" banner that pops up at login.

OMG!?!?!?! (0)

Anonymous Coward | more than 5 years ago | (#29488889)

In the ether, thousands of janes are shrieking 'OMG!?!?!?! he really does fancy me!'

Brown (1, Interesting)

Anonymous Coward | more than 5 years ago | (#29488895)

Ah Brown, generally home to spoiled rich kids who's kids buy their way through college (all Ivy's have this, but Brown is the worst) and the least rigorous of any Ivy. Not surprised to see them shill a bit...

Re:Brown (1)

ubrgeek (679399) | more than 5 years ago | (#29489297)

Exactly why is this comment (and an AC one, at that) labeled informative? What does it have to do with the story/topic?

This was an anti-terrorism glitch (1)

NSN A392-99-964-5927 (1559367) | more than 5 years ago | (#29488917)

You do realise that google has to comply with terror-laws don't you? gmail has been used for years. Inteliigence suggests students are most likely to be the ones who will be recruited for terrorism or do school shootings or become a suicide bomber.

They must be kidding (5, Informative)

trifish (826353) | more than 5 years ago | (#29488937)

While the glitch itself was minor and was fixed in a few days

Pardon my ignorance, the glitch was minor?

What?

The fact that emails contain back-mailed passwords to many kinds of online services, including those involving payments (which is stupid practice, but the online service providers do it anyway, they send you the password when you sign up)...

The fact that I can reset your password to any third-party online service account where I know that you use it and that you associated it with this email account...

Still minor glitch? Reading others emails? Really? I or TFA must be missing something.

Re:They must be kidding (4, Informative)

Anarchduke (1551707) | more than 5 years ago | (#29489161)

Small glitch, as in 22 out of 200 students affected on a data migration to Google's free service.

The glitch itself wasn't fixed for three days, true. However, the glitch occurred on Friday, and the CIS department notified Google of the issue Saturday. Prior to the fix on Tuesday, Google had disabled the accounts. The article also states that during this 24 to 48 hour windows before Google shut down the accounts, the CIS had sent out emails to the students and waited for their replies. I don't know how fast you expect students to reply to an email sent out over the weekend, but I am guessing that those emails didn't get back to the CIS department immediately. Let's give it 12 hours.

So, a free service responds to your problem and disables the accounts within 24 to 36 hours, then fixes the problem 18 - 36 hours later. All the while this same service is responding to similar glitches at ten other institutions, with no word on how large those universities were.

Overall, I'd say that is a pretty fair turnaround, all things considered.


By the way, the author of the article, Sarah Perez [sarahintampa.com] , seems like a fairly Microsoft-centric person, considering her personal website. So the guess by miffo [slashdot.org] doesn't seem that far off.

Consider the article itself

Friday, September 11th, a couple of students notified Brown's Computing and Information Services department (CIS) that they were able to read emails belonging to other students. The CIS department contacted Google on the following dayand sent out an email to the 200 students whose mailboxes were in transition

then she says:

That means that the students had access to each other's email accounts for three solid days (Saturday, Sunday, Monday) as well as parts of Friday and Tuesday before the accounts were suspended by Google

The author includes "parts of Friday" even though she had made it clear Google wasn't notified until Saturday. I mean, my God, Google didn't even bother to go back in time to before they were notified!!!

Re:They must be kidding (0)

Anonymous Coward | more than 5 years ago | (#29489253)

I agree with the password thing. Our MSDNAA passwords are stored in plaintext. When you request your password you get your SAME password in PLAINTEXT. While I typically avoid those services like the plague, sometimes you just have to put up with it. I wouldn't be running Windows 7 without MSDNAA.

I hope that any other service you use would at least send a one time password in which case the email thing doesn't matter as much in that regard. While I don't have anything more incriminating than a few Newegg emails I still don't want people seeing what I get emailed.

Re:They must be kidding (2, Insightful)

Professor_UNIX (867045) | more than 5 years ago | (#29489285)

Who the hell uses their college e-mail account for anything important unless you're part of the staff? When I was in school I just forwarded my university address to my home account.

Re:They must be kidding (0)

Anonymous Coward | more than 5 years ago | (#29489293)

why would you link your personal info back to a school's email address?

its 2/4/6 year email address and once your gone, for what ever reason the email addy is gone too, the headache then is bigger then being a fool and linking your acct/login info back to a school email.

Re:They must be kidding (1)

FloydTheDroid (1296743) | more than 5 years ago | (#29489333)

Perhaps they meant the fix was easy...

if (password == account.password);
logUserIn(account);

Re:They must be kidding (1)

StackedCrooked (1204878) | more than 5 years ago | (#29489521)

It's not their personal mails but their school mails that became public. These mails are less likely to contain sensitive information. Not that this makes it a totally minor glitch, but somewhat less dramatic nonetheless.

Re:They must be kidding (1)

keckbug (1525803) | more than 5 years ago | (#29489713)

When the google migrations took place, the address was migrated, but no emails are imported into google's system. There are no back-mailed passwords. There are no private emails. There is an empty inbox, with the wrong name at the top. You could reset passwords if you knew of an online service that the email was tied to, but this is a temporary educational account, that must students recognize as non-permanent and unsuitable for password recovery purposes. You could send nasty emails to other people, which could be fun, but limited in scope. So yes, there is a nice lil screwup here, it's not the doom-and-gloom, all your stuffs are mine now.

What did you expect (0)

Anonymous Coward | more than 5 years ago | (#29488939)

Is Google Apps for Edu in beta? :-)

Small breach? (1)

Dan541 (1032000) | more than 5 years ago | (#29489083)

"While the glitch itself was minor and was fixed in a few days"

That's not exactly what I would call a MINOR breach.

Legal issues? (2, Informative)

Max Romantschuk (132276) | more than 5 years ago | (#29489109)

In Finland reading someone else's mail, of electronic or snail variety, is illegal. What about other legislations? This sounds like something that would be taken rather seriously here.

(Actually, due to how seriously this is taken a recent law has (unfortunately) been put in place, to explicitly allow employers to read employees' work mail. Google "lex Nokia" for more info.)

Re:Legal issues? (1)

cronostitan (573676) | more than 5 years ago | (#29489507)

Actually it is only illegal if there 'are security procedures in place' to prevent it.
'Public' email is totally legal to read.

Not exclusive to cloud migrations (0)

Anonymous Coward | more than 5 years ago | (#29489143)

The article makes a great point about communication being a problem when migrating services to the cloud environments. But this issue is not exclusive to cloud-sourcing, it's prevalent in most outsorcing today. How many call centers and admin management have been moved to different country with cheaper resources - countless. And how many times you had to make a third and even a fourth call to something resolved with say your favourite telecommunications provider?

If you've worked in an organisation that outsources services you will have encountered communication problems like this and worse every week. The fact that Google is a high-profile outsourcing vendor means that everyone gets to hear about it.

But I would still choose Google over 99% of other outsources because these guys care about quality, and as a rule they don't make the same mistake twice.

Read your email (0)

Anonymous Coward | more than 5 years ago | (#29489259)

"We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"
um....someone else can read your email, and for more than 3 days. You store your email on an external server or send it through other servers unencrypted, and someone else can and probably does read it. Period.

If you want some bit of privacy, use encryption and don't store your email on other people's servers.

When concerning inidivdual citizen liberty and privacy, history has PROVEN. People cannot be trusted. Corporations can be trusted less. Governments can be trusted least of all. For those who are confused, the US founders created a 2nd amendment with the INTENTION of having a government which feared it's citizenry. If there was going to be a rebellion, they WANTED the citizens to win.

i ran out of toilet paper (-1, Troll)

Anonymous Coward | more than 5 years ago | (#29489271)

i wiped my ass with a koran.

fuck all muslims. they're fucking pigs. i shit on allah.

The IT manager is praising them (1)

digitalderbs (718388) | more than 5 years ago | (#29489299)

probably because his neck is on the line, and he's trying to save face with management. Oops.

Re:The IT manager is praising them (2, Insightful)

betterunixthanunix (980855) | more than 5 years ago | (#29489603)

The article does not give many details on what their email system was before they sold their soul to Google. It may very well have been (or perceived to have been) worse, and this is an improvement in the eyes of upper management.

Why is it even necessary for "school email" (0)

Anonymous Coward | more than 5 years ago | (#29489315)

Why is it even necessary, in this day and age, for a school to provide their students with email? I can understand, back in the dark ages, when I was at university, and few incoming students had email addresses. But these days, doesn't every one of these incoming students have an email address somewhere? Wouldn't it be better to have the professor email out to the student's personal email account that the student had before they went to university, and will likely have long after they leave the university?

Re:Why is it even necessary for "school email" (2, Interesting)

Ash-Fox (726320) | more than 5 years ago | (#29489455)

Why is it even necessary, in this day and age, for a school to provide their students with email?

Off the top of my head... Facebook, student deals with software companies like Microsoft who verify you're on a .edu domain, people who are incapable of registering an e-mail address themselves etc. are things that come up to the top of my head.

Still better than the School's IT (1)

FlyingBishop (1293238) | more than 5 years ago | (#29489399)

Or lack thereof.

This wasn't IT's fault, but in my university CS department, there was a period of about three months during which we had passwordless logon to our department course Wiki, which provided the option to use Perl in place of Wikicode as the source for a page. Said Perl ran with the webserver's username on the server.

As far as I know, nothing bad came of it. The seniors just enjoyed not needing to bother with passwords. (To be clear, we repeatedly notified the professor responsible for the Wiki, who repeatedly said he'd take care of it. After a couple weeks, it just kind of became normal.)

Delays by Google or Brown Staff (1)

ragarwal (1391171) | more than 5 years ago | (#29489515)

Why was this feature^H^H^H^ bug present in the first place? It's not like this is the 1st time Google has had to implement email for 3rd parties.

Did Brown give a list of "superusers" to Google that had the ability to read global mails and someone botched it? O Oh.

"Ah.. CRAP. I think we cut and paste the wrong names on the God list."
"What... Call Google, quick!"
"Hello Google.... can you spin back time... ? ... ? What do you mean NO? .... Oh yeah the whole space-time thing.... . Err.. can we just call it a Google bug? .... ? What do you mean we have to deal with our own PR?" ... click.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?