Beware of the cloud, say cyber experts

Photo: Flickr / Outreachpete

“University administrations are outsourcing more and more of their IT services to American cloud giants”, reads the letter (available only in Dutch), signed by eighteen professors and one associate professor. They believe this is an ill-advised strategy in the long term.

Students should have a safe learning environment in which they are able to make mistakes, the signatories argue. “It should be impossible for privacy-sensitive student data to be misused for other purposes.”

If this information is stored in an American cloud, data security can’t be guaranteed. A ‘cloud’ is a server that holds your data and allows you to access it online. This means that the data in question is no longer on your own computer, which can crash or be hacked, but stored ‘safely’ in the cloud.

Companies could misuse students and staff’s data for commercial purposes, the signatories argue, citing the Cambridge Analytica scandal. To refresh your memory: that's the company that analysed privacy-sensitive data of millions of people to advance Donald Trump’s presidential campaign in 2016.

Apart from commercial parties, the US government could also gain access to the e-mail traffic and data of students and staff at Dutch universities, argue the professors, in a nod to the revelations made by whistleblower Edward Snowden in 2013. “We are giving the Facebooks, Googles, Amazons and Microsofts of this world the power to not only manage our data as they see fit, but also to act as a kind of border police for that data.”

The cyber experts believe that it would be better if such services remained in Dutch hands, for instance at SURF, the Dutch IT organisation for education and research.

Difficult customer
This open letter is certainly not the first time Dutch academics voice concerns about privacy issues in higher education. Last year, internet pioneer Marleen Stikker urged students and staff to demand secure IT environments. “It’s okay to be a difficult customer if you're a student or teacher”, she argued.

IT organisation SURF is currently revising its privacy terms for certain education software offered by Google. The Data Protection Authority has been looking into the matter as well and believes that the Dutch Minister of Education should get involved.

The problem has also been noted by the rectors of Dutch universities, who published a joint letter in the newspaper De Volkskrant last year, signalling their intention to address digital vulnerabilities. But the cyber security experts say the topic has since then fallen off the radar again.

Hotel California
“When you’re dealing with Big Tech, remember: you can check in any time you like, but you can never leave”, the experts write, this time in a nod to the song ‘Hotel California’ by The Eagles, in which the narrator succumbs to temptation and finds himself trapped forever.

Tags: privacy