In response to my last blog, two commenters asked whether the intent was serious. The answer is yes. Why wouldn't it be? Jumping off their comment as a foil (because I admittedly do not know their reply), allow me to delve a little deeper into an analysis.
Are many people still in the throes of anti-Microsoft views, now long in the tooth of Internet time? Are many still swimming in the miasma of Google glory? Or do they know something about the negotiations that higher education has had with both of these companies over the last many years that I don't know?
Everyone knows that Google, for obvious business reasons and playing on its company's consumer sex appeal, took well advantage of "free" to garner the major market share of outsourced mail services in higher education. What many do not know is how painfully difficult negotiating with Google can be for those services. Just getting some one on the phone is an achievement, but don't expect a lawyer. Google is an engineering company, apparently with a powerful preference for project management where the law used to tread. A glorious revolution, you might say, but think about it from the perspective of the bargainer: for better or worse, at least a contract spells out actionable terms. We are a contracting separate party, not a distant cousin of the company to be project managed.
Contract by URL is a contract that does not spell out the terms but refers those terms to a URL. Needless to say, it is easy to change a URL; it is not easy to change a contract term once signed. Google contracts largely by URL. Even if those provisions are somewhat tempered by legal language such as "notice will be given for material changes," why should higher education have to live on the edge of its seat waiting for a change that may or may not put compliance into risk?
Speaking of compliance, ask anyone in higher education involved in negotiations for mail the FERPA saga. Shall I use the phrase "a nightmare?" One made all the Kafkaesque by the fact that non-disclosure agreements keep private counsel from consulting with colleagues across the country, a time horned tradition in higher education, so every institution has to go through the exercise as if it were sui generis. Not only is that process inefficient, not only does it fly against our traditions, it places Google in an unfair advantage picking each of us off one by one. Don't even ask about GLBA or heaven forbid HIPAA! In recent negotiations with Microsoft, or between Internet 2 Net+ and Box, attorneys have paid considerable attention to detail privacy and security provisions. Not a chance with Google. Just Trust Us might be their next generation adage. But "trust" is not the point from the perspective of a college or university attorney or risk manager; when technology fails, for whatever reason -- including that Google is the target of security challenges internationally -- that is the moment when law steps in. But if the contract never addressed those issues, well, caveat emptor!
All the actions I listed in the previous blog that Microsoft has done, they really have, there was no tongue in cheek. And if it is a wonder to skeptical readers then just think about it from Microsoft's perspective: they have heard the tales of Google mail, they can read the papers about the Google privacy statements, and as a competitive company they have stepped into the gap that Google has left open. It is the zig and zag of any competitor and what makes the free market world go 'round.
But lest the reader think this message is anti-Google, it is not. It is pro-higher education. Google, redeem thyself! The next go-around, meet us half-way. Meet the National Federation of the Blind completely for accessibility; Microsoft has. Provide uniformly for the academic community FERPA, GLBA and HIPAA documentation; Microsoft has. Many a blog ago, I posed the challenge: the first company to offer HIPAA protection in higher education services wins! At the moment, those facts speak for themselves.
To demonstrate that my intent is pro-higher education, I am now going to offer some free business advice. Quentin Hardy's NYT column on Sunday reports that Google has stepped into the big data cloud computing space wherein Amazon has taken a lead in the consumer arena.
Here is a real opportunity for productive collaboration with higher education for enterprise research computing. Not every institution can be MIT with Intel money flowing in. Many of our research universities needs those services. We would love to work with you about providing high performance computing to higher education, and, in the main, we really do like and trust you. But we must have enterprise contracts with some fundamental legal protections in order to work together. Let's list the obvious ones once again: FERPA, GLBA (which functions for data breach notification as well as the law itself) and HIPAA and accompanying data privacy and security safeguards (that meet the federal grant regulations), e-discovery and export control provisions, human subjects requirements, and promises that data stays within U.S. borders. We require those express provisions not because we are difficult, but because our reliance on federal funding has placed us in a difficult position. We are the most intensely regulated corporate entity in the country, and we cannot risk losing our institutions simply because you want us to "trust" you. Trust us, Google, help us with our research computing needs by meeting us half way on the contract/compliance landscape with robust enterprise agreements.