• UC Davis
• IET Home

IET: Gmail Service

Sponsor

Information and Educational Technology (IET)

Contacts

Project Manager

Gaston De Ferrari, IET

To View Entire Submission

• Gmail Service Preliminary Plan
• Appendix 1: ASUCD Senate Resolution #11 in support of UC Davis Gmail Program

• Appendix 2: California Aggie article by Jacquelyn Flatt (Published May 14, 2008)

• Appendix 3: UC Davis Implementation of SAML-based SSO for Google Hosted Services

• Appendix 4: IET - Email Best Practices

Reviewers

Core contributors to this review included Pamela Davis (School of Education), Adam Getchell (College of Agricultural and Environmental Sciences), Rob Kerner (Plant Sciences),Bob Ono (IET), and Thomas Wiley (UC Davis Extension). Comments and discussion were also solicited via the Dean’s Technology Council (DTC), Technology Infrastructure Forum (TIF), and other similar venues.

Feedback Received to Date (8-6-2008)

Revision History

7-8-08

Initial feedback and responses

8-6-08

Next steps added

Contents

• Next Steps
• Reviewer Observations and Comments
• Reviewer Suggestions and Advice
• Questions, Potential Gaps, and Requests for Clarification
• Campus IT Security Coordinator Review

Next Steps

Upon the conclusion of a very thorough vetting with the Council of Deans and Vice Chancellors, and following an exhaustive review process, Vice-Provost Peter M. Siegel, Information and Educational Technology (IET), has announced that IET will begin moving forward with a plan to transition all UC Davis student accounts from the central Cyrus email service to Google’s Gmail service.

IET will continue to work closely with members of the community to ensure the partnership with Google continues to be beneficial to the campus.

Information and Educational Technology (IET) would like to thank the members of the campus community and the pilot participants who ensured we have the best possible plan going forward. Endorsements, support, and input came from following groups and departments:

• The Deans’ Technology Council
• The Technology Infrastructure Forum
• Campus counsel
• The Campus Council for Information Technology
• The Gmail Pilot Advisory group
• ASUCD
• University Relations
• University Communications
• Student Affairs
• Students
• An ad hoc committee of campus privacy specialists
• The campus technical community, through the vetting process pursuant to PPM 200-45

Scope of work and additional steps necessary for implementation:

1. Identify an oversight committee to consult with during the implementation phase.
2. Provide a self-service Web-based email migration tool for students to migrate emails from Geckomail to Gmail.
3. Provide communication to the campus community to develop awareness of the new service and its impact including but not limited to:
   • Project status
   • Usage, functionality, and support
   • Benefits and features
   • Opportunities
   • Limitations
   • Data privacy and security
   • Integration levels with existing campus services
   • Future plans for service enhancements
4. Work with University Communications to determine if additional branding and customization should be done (i.e., logo, name, start page).
5. Move the UC Davis Gmail Web page (http://gmail.ucdavis.edu/) to a server that can support a large number of hits and test loads.
6. Provide an Address Book migration tool from Geckomail to Gmail.
7. Provide a means for students to continue the use of the service after graduation.
8. Integration of Gmail with MyUCDavis and SmartSite should be prioritized, with some minor tasks performed during this phase.
9. Review existing Data Center tools for collecting statistics and email information to include the Gmail service and see if modification is necessary.
10. Continue to evaluate the level of Google support requested of IT Express and the ability of IT Express to support the service. This will be compared with support levels for current email services. When needed, implement mitigation steps to address requests for support that could be avoided.
11. Prepare a report documenting the results of the Service Implementation project including lessons learned and any recommended future steps which are not part of the scope of work.

Reviewer Observations and Comments

• Some reviewers expressed enthusiasm for the Gmail project, seeing it as a good solution to the challenges expressed by the project sponsor. Referring to their own experiences in running departmental email systems, they agreed that locally-provided email is a costly, risky service that is ripe for outsourcing — provided that the inevitable integration, security and accountability issues are addressed. In their view, the Gmail project has articulated a sound business case; addressed the various technical, policy, and security concerns well; and included a defined exit strategy. States one reviewer:

The programs being offered are timely and services are robust, providing much more capabilities and storage then the university could.  I do not think that it will ‘save’ the university any money in terms of staff but it will provide useful tools to our students without breaking the budget. The return on investment will be substantial.

• Other reviewers expressed opposition to the project, citing a host of functionality, privacy, reliability and security concerns that they feel have not been adequately addressed. (These concerns are individually described below.)

Reviewer Suggestions and Advice

• While the university is not in the business of email, it has become a core function of our work. According to one reviewer, “the flexibility we get by running our own systems should be considered before this move.”

Sponsor: The flexibility we have with our current systems has been considered in comparison with the flexibility of using Gmail.  From our users perspective our current email has virtually no flexibility at all when compared to Gmail.

Questions, Potential Gaps, and Requests for Clarification

Extension to Faculty and Staff Email

Q: One objection to the project centers on the targeting of student email. Citing the inadequacies of the existing campus email system, one reviewer questioned what would happen to the faculty and staff left behind. Will they be migrated to GMAIL?  Will the campus system be improved?  Will everyone left be migrated to XEDA? According to the reviewer, “It seems IET has postponed work on campus email since they have solved the students’ complaints by going with Google.”

Sponsor: Migrating faculty and staff to Gmail is being considered as UCOP and legal counsels review privacy and other issues. As described above, the pilot process was specifically intended for students and did not include faculty or staff. It is assumed that prior to inclusion of these entities, similar studies, vetting, collaboration, and endorsements will take place over an extended period of time. This will insure that if the campus decides to move the predominant number of central email faculty and staff accounts to Gmail, they do so in the most informed, safe, and controlled manner possible. Again, there will be a back-out strategy determined and implemented prior to any further migration of accounts to Gmail.

Cost Savings

Q: Given that the campus will still maintain an email system for faculty and staff, as well as a large infrastructure to support it (e.g. spam filtering), is there really a cost-savings for Gmail? If so, where?

Sponsor: Cost avoidance is the actual savings to the campus. The investment necessary to provide students with the functionality provided by Gmail would be extensive and impossible for IET or the campus to sustain during this time of budget reductions.

Right of Inspection

Q: A recent court ruling says that unless a company physically owns its email servers, it has no right to inspect accounts (Quon v. Arch Wireless Operating Company, No. 07-55282, 9th Cir. 6/18/2008). According to some reviewers, this ruling alone “should be enough to stop the Google roll out.” These reviewers assert that by using an outside email provider, the University would lose the right to inspect student email — potentially jeopardizing Delivery Status Notifications as well. How does this ruling impact the Gmail project?

Sponsor: This court ruling took place after the signing of the contract.  OGC is studying the case and will let us know the actual impact related to our current email as well as Gmail.  Until official information is received we want to avoid speculating about the impact of this ruling.

Delivery Verification

One reviewer described problems with Gmail delivery verification stemming from “a complex, related set of issues”:

• First, email is by policy an official communication channel between the University and students. It is the only channel amenable to application development use, and has widely replaced the more costly method of sending registered mail to all students for notification purposes.
• Second, every quarter at our College we need to notify between 6 and 8 hundred students of certain private matters, notably that they may be in academic difficulty and subject to dismissal from the university. As can be imagined, this is often a highly charged matter with a great deal of sensitivity.
• We have developed a business application which automatically handles the scheduling and notification of students. It does so by sending the students an email which asks them to check a web site for important information. If the student is in difficulty, they are able to make an appointment with a counselor to work on the issue.
• With the current campus mail system, we are able to obtain positive delivery status notifications (DSNs) from the MTA (message transfer, which is supported by the version of sendmail the campus is running. [1] These delivery notification receipts are immediately available in our program, and help our staff to defuse certain situations, such as when students claim they never received notification.
• Gmail is not currently amenable to delivery notification receipt, as it generates a relay notification message instead. We are continuing to work with IET and Google to get a mechanism like this in place, but we don't yet have a solution.

Sponsor: Google has agreed to provide clients with proof of delivery to the mailbox and returned to the sender for each recipient as requested, and will be looking into automating this process by October.

Privacy

A subset of reviewers expressed several concerns regard potential privacy issues:

• Correspondence with foreign students may leave them open to discovery and retribution from governmental agencies, since Google complies with governmental access to account information. Furthermore, as Gmail is based on search and Google is the world leader in search, such access will provide much more targeted and sophisticated information than would be obtainable in other mail systems, especially the current one housed on university servers.
• The University has a strong tradition of intellectual independence, and supports dissident rights. A dissident corresponding on Gmail runs a strong risk of discovery, and Google has already made concessions to particular governments in terms of its [search-related] operations.
• The privacy/security issue is of especial importance to universities. The argument has been made that students can forward their email anytime, and often do. But the issue is the student, if forwarding their own email, becomes responsible for the dispensation of their electronic correspondence with the University. Making Gmail the official campus email for students puts the burden on the University, and it in effect transfers internal University business records to an outside agency.

Sponsor: These issues have been raised to Google and are addressed in the signed UC wide contract with Google Inc. IET has and will continue to engage the campus in regards to email security and privacy.

• One of the goals is to more aggressively communicate with email users with the objective of raising awareness of the insecure and non-private nature of email. (http://email.ucdavis.edu/email/Email_Best_Practices_04_16_08_v4.php)
• In addition, to UCOP privacy and security counsel’s review of the Google agreement, IET engaged an ad-hoc privacy committee to review the agreement.  Their review produced no concerns that would prevent the deployment of the service.  Members of the committee included Jeanne Wilson, Director, Student Judicial Affairs; Anna Orlowski, Health System Counsel; Robert Loessberg-Zahl, Assistant Executive Vice Chancellor; Ahmad Hakim-Elahi, Director, Sponsored Programs, Office of Research (also Acting Director, IRB); Steve Drown, Campus Counsel; and Robert Ono, IET Security Coordinator.
• In regards to the technical implementation, privacy, and security, there is no personally identifiable confidential information sent to Google as part of the registration process or at any other time.

Pilot or Soft Rollout

Some reviewers expressed dissatisfaction with the pilot:

• The Gmail pilot is not really a pilot, but a soft roll-out. Several students from our College ended up in the 'pilot', and are not able to be moved back to the campus systems. A pilot isn't a pilot if you can't back out of it.

Sponsor: The Gmail Pilot was a three month long endeavor that had a beginning and an end date.  An oversight committee, including representation from Student Affairs, University Communications, graduate and undergraduate students, among others was established and help guide the pilot. Throughout the pilot, surveys were taken and a full scale vetting process took place. All technology based committees as well as governing bodies (CCFIT, TIF, DTC, CODVC, ASUD, legal counsel, privacy counsel, etc.) were provided several opportunities to view the surveys as well as the project status and provide feedback both in writing and verbally.  UCOP negotiated a UC- wide contract with Google Inc. during the pilot. Once the vetting process was completed and endorsements were received from critical constituencies, formal acknowledgement of intention to roll out Gmail specifically for students was announced by the Vice Provost, Peter M. Siegel.

Regarding our ability to back out of the project, we are now and always have been able to back out any of the students participating in the pilot at any time, if requested.  The request must be made from the participants. None of the participants have requested removal from the pilot.  Students were allowed to retain their accounts after completion of the pilot pending final decisions were made regarding actual roll-out.

• As far as the pilot goes, I understand that this is really a done deal, and will move forward despite objections raised. This is probably the most troubling of all, since the 'pilot evaluation' seemed to focus only upon the 'positive student user experience' of Gmail without considering the myriad of technical and legal issues, some of which I've raised above.

Sponsor: We have engaged and continue to engage the campus community in a number of ways.  We have paid close attention to the issues raised and have given all of them serious consideration.  The submittal of the Preliminary Project Plan to this review process is a testament to our desire to remain open to questions and suggestions.

We recognize that regardless of our best efforts to reach out to the campus community there may be some from whom we have not heard. Information on the status of the pilot was communicated in a variety of ways. A campus Web site (http://gmail.ucdavis.edu/) was created to provide general information and updates on the project. Updates were also made to the VPIET project page (http://vpiet.ucdavis.edu/student.email.cfm). In addition to the project website, we have presented to TSP, CCFIT, TIF, and TIF-CSI. Articles in the Aggie, Dateline, IT Times and IET Report announced the campus’ decision to launch a pilot. The Gmail team interviewed with the Aggie and AGTV before the launch of the preview phase.

• I expect a pilot program to work hard at finding bugs, and problems with the system.  All I ever heard was how great everything worked.  Whenever I am testing software I do my best to break it.  I personally do not think the Gmail pilot was managed this way.

Sponsor: Gmail has been in use for years with millions using (testing) the system every day.  Our test consisted of the registration process and subsequent authentication provided by the campus CAS system.  The results were successful.  In addition, the students participating in the pilot using the system have had no issues with it.

Features

• One reviewer is “particularly interested in the robustness of shared calendars and whether they would adequately replace Outlook's calendar (for example - can one ‘make a meeting’?).”

Sponsor: Google Calendar provides this functionality and others.  Meeting invitations can be sent and received between Gmail and other email programs.

• Another requested feature is “the equivalent of Exchange Public Folders.”

Sponsor: Google Docs, which is part of the applications being made available, allows users to share documents with others.  Files can be shared with a single user or a group of users.

Security/Bugs

One reviewer asserted that “Gmail, as an outside web-based email client, has a whole host of third-party security issues that simply aren't present otherwise.” According to this reviewer:

• A good example is the use of G-archiver, a featured download on many software sharing sites, that kept a list of usernames and passwords. Though not impossible, this type of exploit would be more difficult on standard email systems.

Sponsor: G-archiver is not a Google provided application.  The risk of downloading and running questionable applications is a universal problem that can affect any application running on a user’s system.  In addition, because we are using SAML for this web application the risks associated with an exploit like this are mitigated.

• Another, still unsolved example, is the random disappearance of Gmail messages. From personal and other's experience, Google generally just tells you to create a new email account if there are problems with the old one; they generally do not make any efforts to recover mail and/or accounts. This is problematic given email as an official source of record.

Sponsor: Our current email policy is that we don’t guarantee the recovery of emails.  Out of the 306 Gmail pilot users, none has reported issues with disappearance of email.  The redundancy of systems provided by Google is one that our current systems do not currently provide.

Campus IT Security Coordinator Review

Privacy issues raised by the Gmail service contract were identified and discussed by an ad hoc campus privacy committee.  In respect to Section F, Risks and Mitigations, the sponsor should confirm that Google will address the following Gmail security needs:

• Maintain system maintenance practices that meet or exceed the UC Davis Cyber-safety security standards, and
• Periodically, but no less than quarterly, conduct Web application security vulnerability scans for Gmail and commit to remediate high severity, urgent and credible security vulnerabilities.