Union changes email service and policy


By Thomas Scott

ITS chief information officer discusses school’s Internet privacy policy usage 

Union’s faculty and staff have a new email service at their disposal.

Back on July 16, Union switched from its previous email provider to one entirely supported by tech giant Google. Before July 16, Union students’ email service was already hosted by Google. Faculty and staff email service was hosted by an internal Union server.

The only change that students experienced was a change in email address, which scrapped @garnet.union.edu in favor of a more simplified @union.edu.

According to Chief Information Officer of Union’s Information Technology Services Ellen Yu Borkowski, after discussion with student representatives, ITS decided to pursue the domain name change.

Borkowski further elaborated on the summertime email modifications, asserting that “usability in general for students obviously didn’t really change.”

The transition to Gmail for faculty and staff has also increased accessibility according to Borkowski, who says that “the biggest usability benefit is that” faculty and staff off campus no longer need “to VPN in … to get to their email.”

The overall benefit of ITS’ decision to consolidate its email services can best be summarized by an email that was sent out to the campus community over the summer.

The campus-wide email stated that “the current infrastructure of two separate computer domains should be combined to improve system efficiencies and infrastructure security.”

However, in streamlining how the campus transmits and receives email, ITS also maintains a paradigm of accountability as specified by the new Policy on Acceptable Use of Information Technology Resources which was revised and then released on Aug. 8.

The new protocol stipulates that Union may “specifically monitor the activity and accounts of individual users of College computing resources … without notice” under a specific set of criteria.

One scenario in which ITS would hand over “individual … communications” is when a “user has given permission or has voluntarily made them accessible to the public.”

One situation in which this might occur is when a user posts an email and it’s contents on a social media page that can be viewed by anyone.

Borkowski asserts that “each individual user has to be educated … on the … privacy policies around any social media tool.”

Social media users can prevent such an occurrence by enabling privacy settings that prevent the general public from viewing their posts.

Another instance in which ITS could hand over email archives is when “it reasonably appears necessary to do so to protect the integrity, security or functionality of the College or other computing resources or to protect the College from liability.”

Borkowski elaborated upon this clause, claiming that one possible scenario in which ITS might invoke this rule “would be if someone decided to respond to a phishing scheme.”

Borkowski went on to say that ITS would then “get a notification from whatever [site] … got targeted” by a denial of service attack and then proceed to “try and figure our where it’s coming from.”

Such an approach would involve the supervision of network traffic to determine the source of the incursion.

Borkowski states that while observing such activity, ITS is “not looking inside each packet.”

The other instances in which ITS can hand over emails are when “an account appears to be engaged in … unusually excessive activity” or when “it is otherwise required or permitted by law.”

Borkowski went on to clarify that ITS has “not been asked to monitor a user’s email traffic.”

Moreover, actively monitoring is “different than going back in an archive.”

Union holds on to all of its users’ emails for at least a full calendar year before completely removing them.

Borkowski also claims that there are mechanisms of accountability in place, claiming that her “predecessor chose to always get the approval of a vice president and I have chosen to also follow that.”

Under Borkowski’s tenure, which began in November 2010, there was only one such request.

Union’s emails are archived using Google Vault, which is a cloud-based data storage service that services more than five million customers.

Borkowski vehemently asserts that ITS’ focus is “not about monitoring content.”

“That’s not our role … [w]e’re about delivering a service” she continued.

While Borkowski emphasized that the school is not monitoring private student communications, like she said herself, it is important to be aware of the privacy policies in place, being subject to both Google’s and Union’s privacy policies.

Even if student content has been only looked at once, the college is easily capable of justifying a look into a student’s email under its broad reasoning listed in its electronic privacy policy.

After all, October is National Cyber Security Awareness month. Maybe it’s worth looking into just how much security your personal email contents actually have.


Leave a Reply