Google, pressured by privacy advocates and looming legal challenges, on Wednesday announced it will no longer scan student and faculty emails for advertising keywords, seeking to end a seven-year-long conflict that some university technology officers have said violates federal law.
Google makes its living on the information it can learn about its users, which can then be served back to them in the form of targeted ads. In Google Apps for Education, which includes the email service Gmail and its suite of productivity software, ads are turned off by default -- but Google automatically scanned students’ emails anyway.
With the changes that went live on Wednesday, the option to turn ads back on has been removed, and the automatic ad scanning has been switched off.
“Today more than 30 million globally rely on Google Apps for Education,” director Bram Bout wrote in a blog post. “Earning and keeping their trust drives our business forward. We know that trust is earned through protecting their privacy and providing the best security measures.”
Despite the attention Google’s ad scanning is attracting, the controversy is as old as Gmail itself. Even before its 2004 launch, privacy advocates warned against Google’s practices. Yet in October 2006, when the company invited universities to sign up for Google Apps, many rushed to set up Google’s services campuswide.
“When Google first rolled out its mail services, they were not inclined to listen to higher education’s requests for no data mining, and some schools didn’t have the ... knowledge, leverage, understanding, courage -- whatever! -- to even ask for it,” said Tracy Mitrano, former director of IT policy at Cornell University. “It is pretty well-known in the higher education space that those early deals ... therefore allowed Google to continue to data-mine the mail. That practice is in violation of FERPA.”
One university IT official, who spoke on condition of anonymity, described negotiating with Google over Apps for Education as “an incredible contract experience.”
“You try to negotiate with something that’s being given to you for free,” the IT official said. “Nine out of 10 colleges are just signing what’s being put in front of them.”
Colleges and universities themselves have -- at least on paper -- made administrators, students and faculty members aware of Google's ad scanning. Eckerd College, in St. Petersburg, Fla., for example, mentions that “Email is scanned so [Google] can display contextually relevant advertising in some circumstances” it in its Frequently Asked Questions section. The University of St. Andrews in Scotland explains that “if the software looks at 100 emails and identifies the word 'chocolate' or 'camping' 50 times, they will use that data for advertising on their other sites.”
Google has been forced to address its practices in response to a lawsuit that claims its ad scanning constitutes wiretapping. The company scored a break in March when a California district court denied the plaintiffs class-action status, but it still faces a trial this October.
The lawsuit has also spurred Google to more explicitly communicate that it scans all users' email accounts -- and not just those belonging to students, faculty members and administrators -- for ad keywords. Two weeks ago, the company updated its terms of service, which now state that “Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”
That means Google still has plenty of ways to collect user data, from its Chrome web browser to smartphones running its Android operating system.
“When a university signs one of these agreements for Google Apps for Education, there’s a suite of apps, and then there are other apps that don’t fall under those terms,” said Michael J. Bourque, vice president of information technology at Boston College. “Google and other providers still have ample other products to do this, whether it’s through content of email and documents or through browser activity.”
But that should not deter privacy advocates from celebrating a “really big step forward,” even if there are still some unanswered questions about Google’s practices, said Steven J. McDonald, who serves as general counsel at the Rhode Island School of Design.
A spokeswoman for Google Apps for Education said the company will still scan email to prevent spam and viruses and to improve its products, which McDonald said made him wonder if Google combines that information with data collected from other products.
“The question I’m still not 100 percent sure of -- I’m pretty close from their announcement -- is if people are using both [Google Apps for Education and regular Google products], is there any kind of correlation behind the scenes?” McDonald said. “There’s still a hanging question there.”
Read more by
Today’s News from Inside Higher Ed
Inside Higher Ed’s Quick Takes
What Others Are Reading