[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] OT: Google Apps



Nils Breunese wrote:
David Hopkins wrote:

On Fri, Dec 5, 2008 at 11:54 AM, Dan Young <dyoung mesd k12 or us> wrote:
On Fri, Dec 5, 2008 at 8:35 AM, Will Hatch <whatch anwsu org> wrote:
Since google docs is not encrypted, isn't if a violation of FERPA? I'd like to use it, but our tech director tells me that it is not secure, and since student names/information could be part of the documents, that it can't be used. I would like to hear Google's feelings on this, since they seem to be interested in education.

It is encrypted automatically for all users when the Google Apps
administrator ticks a box forcing SSL on:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=100181

A quick google leads to
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762
where one answer says that any administrator (implied Google
administrator?) can access any account per their terms of service.
Encryption or not, this could be an issue (especially if foreign
nationals have access to US citizens/students data and vice-versa?)

It is convenient, and useful but it is not what I would call secure
given the terms of service that google requires you to agree to.

Just my (uninformed) two cents.

I believe they are referring to the administrators for the Google Apps account for your domain. And that's no different from having root access to your own servers.

From that same FAQ: http://www.google.com/support/a/bin/answer.py?answer=106887

----
Are Google employees reading my emails and looking at my documents?

Absolutely not. Google employees are not reading your email or other content.
----

Yeah...that's what Skype, Yahoo, and MSN said, too, until the Chinese Government came a-callin'. And remember that the telecoms got caught letting the NSA wiretap us, in utter violation of the USA FISA laws.

The old UNIX sysadmin's advice of "son, if you ain't got physical security, you ain't got nothin'!" rings like a clarion call here. The modern version: "If you ain't got at least an NDA, then you ain't got no recourse."

There's no way in HELL I'd put anything even remotely sensitive up there.

Why is it so "evil" now to just run OpenOffice.org and save documents to a central, local file server?

--TP


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]