As anger grows over the National Security Agency’s mass surveillance programs, which have given it access to Gmail users’ emails, Cornell officials said students using their University-affiliated email accounts are not at risk for data mining by the Internet giant.
Privacy advocates expressed outrage when Google stated in a June 13 court filing that Gmail users should have “no legitimate expectation[s] of privacy in information he [or she] voluntarily turns over to third parties.” In the last few months, Google, along with other tech companies like Facebook and Verizon, has faced increasing pressure from the public to explain its role in the National Security Agency’s mass surveillance of U.S. citizens and foreign nationals.
Despite the concerns civil liberties organizations, politicians and journalists have raised over the NSA’s surveillance program, University officials said students and community members are safe using their Cornell-affiliated Gmail accounts.
According to Tracy Mitrano J.D. ’95, director of IT Policy, the University has an enterprise contract with Google that offers a greater degree of privacy protection than the contracts most consumers have with Google. Under the University’s contract, students and faculty are protected from Google’s data mining and advertisements.
“Our enterprise contract prohibits data mining except for internal purposes such as indexing –– a function that all users appreciate when they look for specific emails,” she said. “Also, while a student is at Cornell, advertisements are not allowed in the enterprise Gmail system.”
In April 2009, the University’s legal contract office signed a contract with Google to transition all students to the Google Apps Education Edition Gmail servers, or Cornell’s “Cmail,” according to Mitrano. Mitrano said that, when signing the contract with Google, the University needed to be certain that its enterprise contract provided all the foundational rights and privileges to students under the Family Educational Rights and Privacy Act, which protects a student’s education record.
According to Mitrano, although the University’s Google Apps and Gmail systems are protected from Google’s data mining, Google and the University are nonetheless subject to disclose information when presented with government search warrants.
“Cornell and Google alike are subject to NSA letters, warrants under the electronic communications privacy act or Foreign Intelligence Surveillance Act and subpoenas,” Mitrano said. “Essentially, there is no difference in terms of legal process for Cornell or Google as recipient of those legal papers.”
Mitrano said that a distinction between consumer privacy and privacy under the Fourth Amendment needs to be made to understand Google’s data mining practices.
According to Mitrano, under the Fourth Amendment, the government needs a search warrant with probable cause to search a person’s private property. However, in the aftermath of the terrorist attacks on Sept. 11, 2001, former president George W. Bush enacted the USA Patriot Act, increasing the ability of law enforcement to search email and telephonic communications.
“People are confused. Most people don’t have enough information to think through the distinction between fourth amendment surveillance … and consumer privacy. Everyone is talking about these issues and are curious because they don’t understand how [privacy laws] function,” Mitrano said.
“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery,” the motion states.
Mitrano, however, said she is confident that Google will protect Cornell students from excessive government surveillance.
“Google has a good track record with respect to protecting users’ mail against government surveillance and has always been at the forefront of fighting for Fourth Amendment rights for its users,” Mitrano said.
According to Wyman Miles, director of Information Technologies Security, email generally does not have the safeguards to make it an appropriate vehicle for sensitive communications.
“It’s just much too porous and open,” he said. “There are training and awareness issues around the handling of e-mail, such as what not to forward, risks of mailing lists, use of the BCC field [and] ease of forged communications … that greatly increase the likelihood of unsafe information handling practices.”
Justin Schindler ’15 said that most students do not think about email privacy when writing emails.
“Email privacy is like avoiding getting mono. You know that you need to pay attention to its risks, but most of the reflection is done in hindsight, after harm has already been done,” he said. Mono, or mononucleosis, is a virus that is spread by saliva and close contact and causes symptoms such as fever, sore throat and swollen lymph nodes, according to the National Institute of Health.
Michael Patashnik ’16 said during the social networking age, facts about people are easily accessible to anyone willing to pay and said that factor will not change even if people completely removed themselves from digital society.
“I have no reason to think that some company that has my complete biography will use it to hurt me. It’s much more likely they’ll try to use it to sell me something.” Patashnik said. “That said, maybe you should forsake your email and use pen and paper instead for your next love letter.”