Lakehead U May Use Google Email System
Lakehead University in Thunder Bay, Ontario, switched from an internal email system to Google Mail. The Faculty Association objected on the grounds that this breached terms in the collective agreement giving faculty the right to privacy in their personal and professional communications. ((Article 16.01.03 of the Collective Agreement provides: The Board agrees that members have the right to privacy in their personal and professional communications and files, whether on paper or in electronic form. )) The argument was that because Google and the relevant servers are based in the United States, authorities from that country would have legitimate and other access to faculty members’ communications.
The grievance went to arbitration and the arbitrator ruled [PDF] that Lakehead’s use of Google Mail did not breach the terms of the collective agreement. The faculty association was unable to demonstrate that Lakehead’s email was in fact stored on servers outside Canada, the best evidence being that it was currently stored within the country. Testimony was given (including some by Michael Geist) that in any case the U.S. authorities had various ways of reading faculty mail whether or not it was stored on servers in the United States. Principally, however, the association failed because the arbitrator found that the agreement did not require the university to provide an email system exempt from outside penetration.
The arbitrator concluded:
The Collective Agreement, I have found, does not provide that level of protection. While I am sympathetic to their plight and the fact that big brother could be watching over their e-mail communications, it simply brings to the fore the caution advanced by [University Vice-President] Mr. Pawlowski when he commented upon e-mail systems generally before the [University] Senate. One should consider e-mail communications as confidential as are postcards.
I trust that after numerous warnings of this sort over the years, no lawyer regards email as a mode of communication that is at all secure or confidential. And that where confidential material is sent by email, lawyers use encryption.
The thing about email is that no matter where it’s stored, the government has ways of reading it. Actually, anyone does, if it’s not encrypted in transit.
And Google mail offers such encryption. There was a post on Google Online Security Blog on this exact subject a couple of days ago.
I strongly doubt the arbitrator’s statement that “where confidential material is sent by email, lawyers use encryption.” The Law Society does not require it (lawyers have to think about it…), and I would be very surprised if it is commonly used for material that is clearly confidential. Sometimes it is, I am sure, but not routinely.
I am also a bit tired of the statement “email is as confidential as a postcard”. I suppose that may depend where the email is and where the postcard is – but a postcard in the hands of the letter carrier is a lot more exposed than the email zipping through the machines of my ISP.
I agree that my ISP could probably figure out how to read my email if it really wanted to, but my neighbour and the letter carrier can’t, though they can read my postcards on their way to my mailbox, or by lifting them out of it. Email is MUCH more secure than postcards – I would say more secure than sealed letters, for that matter. Someone at Canada Post could open much of my sealed mail without my knowing it (if being undetected is a criterion here), but again, more easily than a casual employee of my ISP could read my email.
I do not disagree with the Lakehead ruling on the merits, but I wonder about the conventional wisdom that appears to be relied on by the arbitrator.