Gmail Isn’t Violating Anyone’s Privacy

Not even the recipients are reading this one.

Google finds itself in the crosshairs of a class-action lawsuit alleging that its practice of scanning emails is tantamount to wiretapping. Plaintiffs involved in the case—a handful of Gmail and non-Gmail users—want the U.S. District Court for the Northern District of California (San Jose Division) to give them some payback for what they’re asserting is an unforgivable violation of their collective privacy.

Google is pushing back against the assertion that Gmail’s automated scanning systems—the same ones that help serve ads alongside Gmail users’ emails—illegally “intercept” those plaintiffs’ communications. Google argues that such systems have always operated in the open, with users’ implied consent: if you agree to Gmail’s Terms of Service and Privacy Policy, you agree to its ability to scan your emails.

“All Plaintiffs who are Gmail users consented to the automated scanning of their emails (including for purposes of delivering targeted advertising) in exchange for using the Gmail service, thus precluding any claim under federal law,” read Google’s motion (PDF). “Moreover, multiple courts have held that all email senders impliedly consent to the processing on their emails by virtue of the fact that email cannot be sent or delivered without some form of electronic processing.” (Emphasis theirs.) According to Google’s lawyers, the latter assertion also invalidates non-Gmail-using plaintiffs’ claims that their rights have been violated in some fashion.

Making automated scanning illegal, the motion added, would “effectively criminalize routine practices that are an everyday aspect of using email.” Ridding an email system of that scanning would also strip away certain beneficial features such as spam filtering and virus detection; other online email services, including Yahoo, employ similar technology to similar ends.

But the part that drives privacy advocates truly wild comes later in the document. “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery,” the motion read, before citing Smith v. Maryland 442 U.S. 735, 743-44 (1979), a case in which the final decision stated that people have no legitimate expectation of privacy for information handed over to third parties.

The advocacy group Consumer Watchdog disagreed with that no-expectation-of-privacy bit. “Google’s brief uses a wrong-headed analogy; sending an email is like giving a letter to the Post Office,” John M. Simpson, Consumer Watchdog’s Privacy Project director, wrote in an August 12 posting. “I expect the Post Office to deliver the letter based on the address written on the envelope.  I don’t expect the mail carrier to open my letter and read it.”

Smith v. Maryland involved telephones (specifically, whether recording telephone numbers via a pen register installed at a telephone company’s offices counted as “unreasonable search,” to which the Supreme Court said no), and Google’s assertions revolve around email. Nonetheless, as Nilay Patel argues over at The Verge, the Supreme Court’s decision in that instance still reinforces a “third-party doctrine” that, while controversial, remains the law of the land. Even an email sent from a non-Gmail account is routed through Google’s servers, and thus subject to the company’s processes.

Many people (and business rivals) have brought up Google’s automated scanning as an issue of concern, but it’s not as if a roomful of interns in the company’s Mountain View campus are reading every line of everybody’s email. The automated systems scan for keywords, and use that data to target ads, without the presence of a human being; that’s what helps keep the service free. That fact alone has been enough to quiet some critics—but the reliance on automated systems doesn’t mean that a.) Google won’t give up your personal data in response to a government request, or that b.) someone with bad intentions within Google couldn’t (at least in theory) ferret out that data with a well-aimed search.

In other words, there’s only one true way to ensure privacy in this situation: don’t use Gmail (or any other email service that scans your content) at all.

 

Image: Google

Post a Comment

Your email address will not be published.