Microsoft promises that its free Live@edu e-mail and collaboration tool is better than the rest because it still meets a university\u2019s security and \u201cprivacy\u201d needs. But it appears to be missing one critical step in doing so -- encrypting data stored on servers.By going with a free, cloud-based offering from Microsoft, schools and states can supply email and other information-sharing tools while keeping down IT-related costs. That\u2019s good, but it also means trusting your data to the vendor and the promises it makes about securing it.\u201cUniversities require security-enhanced, world-class cloud services, but today\u2019s budget constraints present an extraordinary challenge. Live@edu combines Microsoft\u2019s exceptional products that incorporate the company\u2019s deep investments in cloud computing to provide the enhanced privacy and security features that institutions require," stated Microsoft's general manager for U.S. Public Sector Education, Sig Behrens.Many universities can't beat the low, low price of free and slashed IT infrastructure costs by moving to Microsoft\u2019s cloud services and Live@edu. In fact, more than 11 million people in more than 10,000 schools worldwide are depending on Microsoft\u2019s cloud services and Live@edu.\u00a0 Microsoft said that its Live@edu cloud application advantages include Office Web Apps and Windows Live SkyDrive for sharing information and working together with teams of people and Microsoft Exchange Server 2010 and Outlook Live for e-mail, calendar sharing and managing tasks and contacts.When you send email through the Windows Live ID authentication process, people see the padlock in their browser and feel secure in using the HTTPS 128-bit SSL-enabled connection. Yet people might feel slightly less confident about Live@edu's cloud computing "enhanced privacy and security features" if they knew that once their data is received on the other side, encryption stops. Their stored online communication isn't encrypted on cloud servers.Take for example this quote from Dr. Loey Knapp, associate chief information officer, University of Montana. \u201cWith Live@edu, we are confident our students\u2019 data is fully protected. We know and can control who has access to the data, and we have assurances that the data won\u2019t be mined.\u201dAt the European Identity Award, in the category \u201cBest Project B2C\u201d, the University of Washington was honored for its identity federation solution in research and education which was developed together with Microsoft and is intended to form part of their \u201cLive@Edu\u201d initiative. To me, that makes Live@edu sound both fairly secure and as if it honors privacy. However, according to Microsoft's "Securing the Cloud" documentation, high impact data "is subject to encryption requirements for storage and for internal system network transfers as well." But students' data is regarded as a low category of data assets.ZDnet's Zack Whittaker contacted a Microsoft director, who confirmed after many stages of negotiating dialogue:The connection for mail is via SSL and the password is encrypted on the server. The data on the server is not encrypted. It is perhaps worth noting that access to the server doesn\u2019t equal access to the mail file, as the data is stored in a database which requires specific client software to access it.I, too, contacted Microsoft and asked point blank if Microsoft encrypts data stored on servers for Live@edu users. Microsoft avoided an answer, instead giving me a standard non answer quote linked to Microsoft's privacy guideline document, which said that encryption should be reserved for data considered important, like credit card numbers. So I\u2019ll take that answer as a no.The thing about reliable cloud services that are housed in the United States, such as Microsoft Live@edu, is that the data is housed where the Patriot Act has jurisdiction. As Whittaker stated, "While students studying in the United States can be provided student email through Outlook Live and similar competing service, a Patriot Act request would be made all the more easy in that the federal authorities have been given the cloud-stored, unencrypted email data handed to them on a plate.\u201dLive@edu may have many benefits, but unless you personally encrypt your data, your e-mail is like a giant digital blackboard...you can get to your information easily enough, but if anyone else accesses it, they too can read it. Unless you are a government entity or someone else whose data is considered highly sensitive, then cloud computing is still fraught with security and privacy issues.