Though concerns about Google persist, spam emails have decreased by 85 per cent, according to Ryerson’s information officer
Spam and malicious email reports have significantly declined since the removal of Rmail, according to Ryerson’s chief information officer Brian Lesser. Since the August 2019 shut-down of Rmail, and a full migration to Gmail across campus, the number of reported malicious emails dropped 85 per cent.
“In general, with cybersecurity, reducing the number of incidents means we can better focus our attention on the remaining smaller number of incidents,” Lesser said. The majority of the malicious email reports were coming from people using Rmail, Ryerson’s Canadian-hosted proprietary email system. Only 10 per cent of users were on Rmail.
The move to adopt Gmail began last November. In an email to all members of Ryerson University, Lesser stated that the shortcomings of Rmail were becoming more pronounced and that Ryerson doesn’t have as many resources to put towards information security as Google.
Open consultations were held in March, and a recommendation to shut the service down in April was accepted. A minority of attendees were strongly opposed to migrating to Google. “They do not believe that Google’s enterprise service offerings and Ryerson’s agreement with Google mean Google will protect their privacy and data.,” reads Lesser’s posts about the consultations.
Advocates for Rmail wanted to have a Canadian-hosted email system that Ryerson itself managed, outside the jurisdiction of other countries and corporations. This was informed by concern of the American government’s overreach during the Bush era through the PATRIOT act, as well as the National Security Agency’s (NSA) mass surveillance revelations in 2013 under the Obama administration. In 2014, Al Jazeera revealed that the NSA and Google executives have had high level policy discussions together.
“The reality is that Canadians have better legal protections, including constitutional protections for their personal information when it is stored in Canada,” Brenda McPhail stated in an email to the Ryersonian. McPhail serves as the director of the Canadian Civil Liberties Association’s privacy, technology, and surveillance project.
Among those concerned by the full move to Google’s services is James Turk, director of Ryerson’s Centre for Free Expression. Turk is an expert in online surveillance and civil liberties. With the shutdown of Rmail and the agreement with Google, the corporation has access to all communications and cloud files used on their systems. Turk said this is a very risky position to be in, especially for people doing sensitive journalistic or academic work.
Lesser’s email and blog post from November 2018 makes it clear that Ryerson’s agreement does not and has never permitted data mining and tracking of Ryerson Google accounts. In-transit encryption implemented in G Suite has improved security.
“Rmail is now significantly less secure than Gmail,” Lesser wrote in a blog post about the issue earlier this year.
It is not just a capacity problem. Hiring more information security experts won’t keep communications at Ryerson within our ecosystem.
“Almost every work-related email that was sent to or from an Rmail account is now stored in someone’s Gmail account,” Lesser said.
Any correspondence between a Gmail user and anyone else — even encrypted email users on Protonmail, for example — ends up in a Gmail inbox, and hence in Google’s servers, under American jurisdiction.
Civil liberties advocates encourage people to take steps to protect themselves from online surveillance regardless. Jonathon Hodge, Digital Literacy Service Lead for the Toronto Public Library, recommends staff migrate to Protonmail, which will have cloud storage and calendar functions soon. Turk recommends checking out the Electronic Frontier Foundation’s “Surveillance Self-Defense Guide.” The guide is written for the general public, not security experts. The guide also has useful scenarios which include “student journalist” and “LGBTQ youth”.