In an open letter published last Friday, a group of professors from various Dutch universities urge their institutions to stop using American cloud services in order to protect their students and staff.
“University administrations are outsourcing more and more of their IT services to American cloud giants”, reads the letter, signed by eighteen full professors and one associate professor. This is an ill-advised strategy in the long term, they believe.
Students should have a safe learning environment in which they are able to make mistakes, the signatories argue. “It should be impossible for privacy-sensitive student data to be misused for other purposes.”
If this information is stored in an American cloud, data security can’t be guaranteed. A ‘cloud’ is a server that holds your data and allows you to access it online. This means that the data in question is no longer on your own computer, which can crash or be hacked, but stored ‘safely’ in the cloud.
Companies could misuse students and staff’s data for commercial purposes, the signatories argue, citing the Cambridge Analytica scandal. This company analysed the privacy-sensitive data of millions of people to advance Donald Trump’s 2016 presidential campaign.
Besides commercial parties, the US government could also gain access to the email traffic and data of students and staff at Dutch universities, the professors say. “We are giving the Facebooks, Googles, Amazons and Microsofts of this world the power to not only manage our data as they see fit, but also to act as a kind of border police for that data.”
The cyber experts believe that it would be better if such services remained in Dutch hands, for instance at SURF, the Netherlands’ IT organisation for education and research.
The open letter is certainly not the first criticism of privacy issues in higher education IT. Last year, internet pioneer Marleen Stikker urged students and staff to demand secure IT environments. “It’s okay to be a difficult customer as a student or teacher”, she opined.
IT organisation SURF is currently revising its privacy terms for certain education software offered by Google. The Data Protection Authority has been looking into the matter as well and believes that the Minister of Education should get involved.
The problem has also been noted by the rectors of Dutch universities, who published a joint letter in de Volkskrant last year, signalling their intention to address digital vulnerabilities. But the cyber security experts say the topic has since fallen off the radar again.
“When you’re dealing with Big Tech, remember: you can check in any time you like, but you can never leave”, the experts write, in a nod to ‘Hotel California’ by The Eagles. In this song, the narrator succumbs to temptation and finds himself trapped forever.