I know someone who had to have a late-night imaging done once in the ER, I forget if it was an MRI or a CT scan. The bill had extra charges for overtime for the technician who had to be called in after-hours, and- I'm not making this up- also had extra charges for what amounted to after-hours overtime for the machine itself. I wasn't aware the machines had unionized or otherwise negotiated for extra pay when called into service outside normal business hours. It was only through looking closely at the itemized bill that they noticed this, and managed to argue the charge away, as there really was no justification the hospital could give for it.

Surely insurance is a major factor, but there's more to it than that. Have you noticed how many hospitals have the cash to spend on massive, high-tech additions with fancy architecture or altogether new buildings these days? How many have cash enough to buy up all the other hospitals in sight? How many millions they are spending on advertising nowadays? Somehow, even in the midst of the current health care crisis and economic crisis, there is a large number of hospitals making very big profits. I am not an accountant, but I know there are often games played with manufacturing "losses" in order to make actual profits, and I have a suspicion that a lot of these inflated prices- which almost nobody pays, because every insurance company has negotiated prices that are a fraction of the billed cost- have something to do with being able to treat uninsured people as a bigger on-paper loss than they might really be. As in, "This patient, over the course of his stay, required five sharpie markers, but had no money, so we took a loss of $500 on him!"

So what you're saying is this is more or less a higher profile version of the Cub Scout pinewood derby.

Is it really free to UH? Someone said something about free up to 5000 users, which I can't imagine covers this case.

Sure there is: whoever walks off with the hard drives at the end of the day. Good luck tracking down who has physical control over everything and verifying somehow that all the data was securely wiped (much less actually getting a copy) when your only access is through a bankruptcy trustee or a few remaining or former employees who may have legal reasons to avoid saying much.

That should be obvious. The longer the chain of accountability, and the greater the number of separate walled institutions serving as the links in that chain, the less real that accountability is. Have you really never encountered this phenomenon? It is universal, across the spectrum of services, from janitorial services to web hosting services. Do something in-house, and you can investigate, fire, and possibly legally hold your own employees accountable for their violations. Plus their sense of loyalty, assuming they have any, is toward you. Certainly their livelihood is in your hands. Pay an outside firm to do it, and you stand not only a good chance of being misled or lied to- with no real recourse or ability to find out otherwise- about whether a violation even occurred, you'll have one heck of a time getting complete information, making sure the right people are held to account, or changing things. You don't have control over sloppiness in procedures, you can't even see whether it is present. I would contend that in a significant number of cases, outsourcing doesn't save anything real at all, it just hides the fact that the savings are being made by cutting corners that an in-house operation isn't willing to cut. This has nothing to do with any kind of ridiculous "all corporations are bad" idea. It has to do with short-sightedness or sacrificing important things to try to save dollars without realizing the importance of those things.

Accountability to the university.

No, they don't all apply in the same way. The university is probably long-lived in comparison to any of its technology vendors, and its interests do not coincide exactly with the interests of outside vendors. And a service provider bankruptcy, company split, spin-off, or acquisition is likely to be something of a free-for-all, with nobody ever even knowing where everything went or able to force any action of any sort. Just try going and enforcing the contract that says they need to archive your data, do so securely, and make it available to you when there are no employees left. When you outsource something, you aren't just giving up control in the financial operations sense. You're also giving up control in every other sense. This is the sort of decision people in business regularly plunge into without sufficient forethought. Who would I prefer handle it? The university itself. There is no inherent reason why an outside provider for something like email has to be cheaper in any significant way for a client the size of a major university. And I'm not making any assumption about incompetent IT professionals- I think you're making an assumption that it was IT professionals at all, rather than business administrators who have made this decision in most universities.

There are thousands upon thousands of industrial machines the control of which has real, physical consequences and which are absolutely running Windows, in factory settings, in building control and security systems, in all kinds of settings. Remember Stuxnet? Do you think medical charting software and testing machinery control software in hospitals have no real, physical consequences? You're thinking too narrowly. And even many of the systems which are supposedly "not on the internet" get built and set up by systems which are. Nor are "windows" or "on the internet" even requirements for the vector for this problem: TIFF files through Photoshop are. Do you think there are no systems at the Pentagon, NSA, CIA, or FBI running Photoshop, and that decisions based on data in files on those networks don't involve lives potentially lost?

Except: 1) Practically nobody has CS6 yet, it is completely brand new. We're not talking about supporting Photoshop 2 or something, this is the active, in-use-in-the-world-right-now version. 2) Adobe releases major versions on a very quick schedule compared to many vendors, many of which have no obvious reason to upgrade at all from the consumer perspective. Every time I get a release notice for a new version, I have to hunt very hard to find any clear benefits. Most of the time, they put across the very strong image that they're just fishing for repeat spending by calling something a major version that really should just be an incremental upgrade.

I see what you're doing, but that's not how it really worked with IBM. In reality, what happened is some junior or mid-level guy set up a test network with some competitor's hardware to see if they could save money. When the IBM salesman stopped by, he saw this going on and immediately went two or three levels up, to the poor employee's boss's boss's boss, at the director or VP level or even C-level, and said, "Did you know that one of your employees is endangering the reliability of your operations by toying with nonstandard equipment? We can't guarantee the reliability of what you're doing in a mixed-vendor environment." Poor employee trying to save his company then has executives at a level he himself has no access to coming down on him like a ton of bricks, and has to argue to even keep his job.

Software isn't physical? That doesn't really matter. Software is used to create and run a whole lot of things that can cause people to get hurt or killed. It also controls, and can distribute or destroy, data whose distribution or loss can have real, physical consequences. Just because photo-editing software is not safety-critical doesn't mean computers, or networks, it runs on are not.

no one will probably ever know, unless they do it in some very blatant way.

Also, "they" might not be Google as a corporate policy. It might be individual employees. It might be the future owner of Google assets if a few stupid decisions bankrupt it or cause it to break up. There are lots of reasons to be skeptical of promises of privacy, and this is a different sort of deal than changing chemical or paper suppliers. This is handing over, if I'm a student, faculty member, or administrator, my personal and school-related data, a lot of which is private, to an outside concern. That's a fundamentally different sort of thing to outsource than just a vendor of some supplies, and there are good reasons to be cautious about it.

Email, and to a large degree IT in general, has been this at universities since it was invented. So has, for that matter, a significant portion of the entire Internet (that portion of it run by universities). Why do you think most email technologies were developed in the first place (along with vast portions of the rest of the Internet framework)? So they could be used by the university in its research and teaching efforts. All along the way many of the most popular utilities, clients, storage technologies, and entire OS's in use by these departments have been developed and supported by university researchers. So it isn't as though this is a crazy, new idea. I don't propose that professors are spending all their time answering support emails from students. But I do think a university with a major computer science research arm not providing its own IT is like a culinary school outsourcing its cafeteria. Possible, and might save money, but kind of loses out on an operational component that could enhance both the real-world experience and the research and teaching of the place. That is completely aside from the biggest issue, however, which is handing over student and university data to outside concerns whose primary interests in an email system are at odds with those of the school or its faculty or students.

Running email is a core function like running libraries is a core function, as they serve very similar purposes in a university environment. And email isn't even close to done, cooked, finished, anyway. The problems of storage, access, indexing, delivery, scaling, privacy, interface, all of these are active fields of research and innovation. In fact, it is specifically Google's innovations in some of these areas (especially scaling at low cost) that make them attractive at all, so "done, cooked, finished" is extremely inaccurate. And that doesn't even get into the auxiliary issues: hardware, network design, algorithms for load balancing and systems monitoring, OS design and configuration, and security.

Zero dollars is not the same as free.

Don't be silly with all your talk of ONE institution with too much power and an overly centralized failure point of both service and security. There are TWO such institutions, you're forgetting Facebook as they control, own, and mine the other half of Internet communications.

It's not about being forced to use a specific email account. It is about handing the entire store of all academic, personal, and often confidential-by-law communications to a for-profit corporation whose business is data mining. We should be moving away from giving ownership of all our data to others, and universities should be at the head of that charge, not pushing people in the opposite direction. They should be seeking to protect the identities and private information of faculty, staff, and enrolled students, as well as sometimes sensitive and unpublished research data, as much as possible, not handing it over to third parties whose interests conflict with that goal. Where do Google's interests lie? Where do they stand to gain? From lowering the levels of information security and privacy and protection, not increasing it. This is at odds with what universities should be attempting to accomplish. Do, and should, your communications with the disciplinary board or billing office or your grades, or university medical center test results, or your personal communications about all the stupid stuff you do while a college student rightfully belong to an advertising company?