Accusations against Google for violating educational contracts spark national debate on Internet security

By GRACE BALLENGER ’17

Contributing Writer

Allegations from last year that Google has been collecting data from student emails to create customized advertisements, an activity expressly prohibited in their  contracts with schools, has sparked new debate on the relationship between Google and universities across the nation.

Wellesley currently has a contract with Google based on the Family Educational Rights and Privacy Act (FERPA), a national law which aims to protect student information and prevent sensitive information from being leaked to the public.

Wellesley and many other educational institutions use a Google service known as Google Apps for Education. Last April, Robert Fread of the University of Hawaii and Rafael Carillo of the University of the Pacific  filed a lawsuit against Google, alleging that Google had scanned student data for advertising, despite legal contracts that prohibited the company from doing this. Google has since filed a motion to dismiss the case, citing a case from the 1970s, Smith v. Maryland, as precedent. 

“A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,” Google said in their motion to dismiss the Fread case.   

According to an official statement by Google, some types of scanning still occur within Google Apps for Education because they are automated.

“Gmail scans and indexes email for multiple purposes, including spell check, virus and spam protection, features like Priority Inbox and auto-detection of calendar events, relevant search results and advertising; this scanning is done on all incoming emails, is 100% automated and can’t be turned off,” Google said in an official press release. 

 In the version of Google’s programs used for educational institutions, however, emails cannot be scanned to provide customized advertisements. 

“When ads in Gmail are turned off for Google Apps for Education, automated scanning that is done in Gmail is not used to target ads to Education users, whether inside Gmail or in other Google products,” Google stated in an official press release.

Ravi Ravishanker, chief information officer at Wellesley, said that the move to Google Apps for Education was carefully considered before it was implemented at the College in 2011. 

“Whenever we enter into a contract with other entities such as Google, we require that they provide assurances to protect the data as stipulated by FERPA. As I mentioned, Google did not provide this provision in its early stages of the rollout of Google Apps for Education. When we were deciding on which system we should move to, FERPA protections was one of the criteria for evaluation, and by that time, Google Apps for Education offered the protection,” Ravishanker said. 

Ravishanker does, however, acknowledge that Google still does collect basic information, such as the location of the person logging in. Ravishanker also states that although Gmail is covered, there are other services connected to the school email that are not covered by contract.

“There are some consumer apps such as Google+ that are under a separate agreement,” said Ravishanker.

Library and Technology Services took steps to notify Wellesley students in 2012 when apps such as Google+ were added. 

“Before we turn any of the consumer apps on, we notify all our users through our standard communications channel such as the LTS service alerts. Also, when they go to sign on, the portal shows the link to the notifications for a few days. In addition, when someone opts in to Google+ for the first time, they will get a different experience than the core apps. It will ask the user to confirm his/her age and have a statement about your data being accessible to the Wellesley system administrator and a link to learn more,” Ravishanker said. 

Assistant Professor of History  Simon Grote has been following many of the recent developments between Google and other universities. He brings up other concerns about Google that do not have to do so much with Google’s ability to scan communications but rather policies that allow Google to create an aggregate profile of students from multiple networks. Grote worries that these profiles may be used after those students graduate.

“Google probably profits from access to the data in all kinds of ways, most obviously by adding Wellesley alumnae to their audience for targeted advertising,” Grote said.    

Grote also worries about the information that Google may have access to that is not directly related to student grades, such as unpublished research, information about student preferences that can be used to target students with ads after their graduation and even discussions about Google itself. This information therefore cannot be protected by FERPA.

“We are giving easy, direct, uncontrolled access to all internal communication and much of our research and we’re giving access to employees of a corporation that stands to gain monetarily from that data,” Grote said.

Ultimately Grote believes that Wellesley’s relationship with Google raises important questions that the Wellesley community  should be aware of.

“It may not be easy to make big changes, but clarifying the issues for ourselves at least determines what changes should be made and will put us in a better position to recognize when the opportunity for desirable change arises,” Grote said.  

Some students do not seem overly concerned with the idea of Google scanning their user information. Ran Bi, a foreign exchange student at Wellesley, believes that a certain amount of scanning by Google may be harmless. 

“If it’s just scanning for advertisements, I think it’s okay,” she stated. 

Ally Pyers ’15, who works at the computing help desk, does not believe that Google’s practice of scanning emails is harmful to students. 

“It doesn’t seem like a security threat to me, personally,” Pyers said.  

Ultimately, Ravishanker believes that examining issues such as Google security are just one part of a broader emphasis that needs to be placed on Internet security.

“It’s one aspect of a larger issue. Questions about security and privacy need to be constantly there,” Ravishanker said. 

Pyers agrees and places emphasis on personal responsibility rather than company policies such as Google’s. 

“I know that I shouldn’t be sending my Social Security Number or bank account information through email. If they’re scanning for ads, it bothers me less,” Pyers said.

Leave a Reply

Your email address will not be published.