Email pact sparks privacy concerns at U of T
TORONTO • The University of Toronto has provoked alarm on campus with its proposal to further outsource its email system to Microsoft.
A “teach-in” forum scheduled for Saturday will attempt to crystallize faculty and staff opposition to the proposal.
Andrew Clement, the “teach-in” organizer and professor in the Faculty of Information says: “I believe this is a bad decision that many in the university will regret later.”
Mr. Clement said the university could “jeopardize its reputation” if the proposal is passed in its current form, which he says does not adequately address privacy concerns and outsourcing alternatives.
The University of Toronto outsourced student and alumni email services to Microsoft in 2012 and defends the current proposal as costeffective and beneficial for all.
In the wake of the Edward Snowden revelations, which revealed the wide-reaching scope and strength of the U.S. National Security Agency’s surveillance programs, governments and other institutions around the world are grappling with the issue of mass state surveillance.
While Canadian state intel- ligence agency, Communications Security Establishment Canada (CSEC), may have access to Canadians’ data and other electronic communications, Mr. Clement says, “I’m more optimistic about achieving proper judicial oversight of CSEC in Canada.”
“Many would see current CSEC oversight as inadequate, but we have a better chance of addressing the problem of mass surveillance here than when our data is stored in the U.S., where Canadians have no control over U.S. surveillance practices.”
One of the teach-in speakers includes Caspar Bowden, ex-chief privacy advisor at Microsoft from 2002-2011, during which time part of his job was figuring out what to tell skeptical universities looking to switch their email and other electronic service needs to Microsoft.
“I haven’t trusted Microsoft for a long time, including when I worked for them,” said Mr. Bowden.
“Microsoft and Google can provide such services much more cheaply,” he said, “but what you get is get vulnerability to NSA mass surveillance.”
Even before the Snowden revelations, Mr. Bowden has been giving speeches warning about Section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA), the law underlying the NSA program now known as PRISM, which authorizes mass-surveillance of the data of non-Americans.
Companies subject to U.S. jurisdiction, such as Microsoft, can receive orders under Section 702 requiring them to disclose “foreign intelligence information” to the U.S. government, which, in this case, could include emails and other stored data from University of Toronto accounts.
“There is nothing that Microsoft can say that would legally guarantee that this [type of access] would not happen,” said Mr. Bowden.
“The safest option is to keep data within Canadian borders and under the control of a Canadian company.”
And some Canadian universities, including the University of Guelph, have opted to out- source their e-services needs to Canadian companies such as Toronto-based Scalar Decisions Inc. Since the Snowden revelations, “we have seen quite an uptick in interest in our business … right across the board,” says Roger Singh, chief technology officer at Scalar.
But the price of outsourcing communications to Canadian companies is high. Outsourcing email and calendar services to Scalar costs between $3 to $5 per year per student, said Mr. Singh.
“Outsourcing to Microsoft will continue,” he said. “Economies of scale always win.”
Robert Cook, chief information officer at the University of Toronto, defends the university’s outsourcing proposal, writing in an email: “Today, over 135,000 U of T students and alumni are benefiting from Microsoft … services, at no cost to the university.”