The recent popularity of cloud email systems has some Canadian universities concerned about the level of security of their email servers.
Discourse suggests that with these U.S. based companies, the U.S. government or NSA may be able to gain access to secure information and intellectual property through American cloud services such as those offered by Google and Microsoft.
Richard Godsmark, the senior manager of Security, Technology and Risk at McMaster University pointed out that this is a security concern, however it is a difficult issue to address due to a lack of information on the subject.
To improve customer service, Google is attempting to sue the U.S. government, to ensure that they will have to go through actual court proceedings before accessing information. However, in order to really address Internet security, Godsmark believes that it will require a global policy on the matter.
Godsmark believes that unauthorized monitoring is always going to be a concern.
“[Information] crosses borders without any kind of passport, and so traffic is always going to end up in other countries,” said Godsmark.
However, there are a lot of policies in place to ensure that people are not violating privacy for unnecessary reasons.
It is highly unlikely that the NSA would look into a person unless they were considered a real threat, such as suspicion of terrorism. In this instance, it would not matter if you were a U.S. citizen or not. The U.S, Canada, Australia, New Zealand, and Britain are all members of the “Five Eyes.” This is an intelligence agreement meaning that each state has agreed to release information that is considered dangerous.
There are, of course, benefits for universities being on larger cloud email systems. This allows people from different universities to collaborate with one another. If each school had a different system, this would become more difficult to do.
In terms of McMaster’s email system, it is just as secure as any email system. Godsmark suggests that if you have really confidential information or academic property, not to be sending it in email format, but instead have it password protected.
“Email in general shouldn’t be considered a really secure medium, because as soon as you send out that email you lose control of the information in that email, “ he said.
Godsmark is more concerned with Internet criminals than the government. This is because Internet criminals impact a larger number of people at a personal level, stealing identities or credit card information.
At McMaster, University Technology Services is focusing more on these types of Internet crimes as they are more prevalent and present a higher risk.