Risk
8/14/2013
05:15 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Gmail Is Not A Privacy Problem

Is there really informed consent among Gmail users? The real privacy issue is we're all getting by on a lot of trust.

10 Ways To Fight Email Overload
10 Ways To Fight Email Overload
(click image for larger view and for slideshow)
In its motion to dismiss a privacy claim against its Gmail service, Google has made it clear that people sending email messages to Gmail users should not expect privacy.

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,'" said Google.

Consumer Watchdog, a group that has frequently objected to Google's privacy practices, calls this "a stunning admission," though it would more accurately be described as "established precedent," because the inline citation comes from a 1979 case, Smith v. Maryland.

The advocacy group's advice, however, is fair enough: "People who care about their email correspondents' privacy should not use the Internet giant's service."

[ The best power solution ever? Read Battery-Free Mobile Devices Draw Power From Thin Air. ]

Indeed, people who care about their email correspondents' privacy should not be using email at all, or if they must, they should be using it only in conjunction with respected encryption tools. But the vast majority of those people do not care enough about privacy — their own or that of their correspondents — to acquire the technical expertise to effectively use encryption.

What Consumer Watchdog neglects to point out is that Google's attorneys are arguing that Gmail does not violate wiretap laws because "all users of email must necessarily expect that their emails will be subject to automated processing."

In a phone interview, Consumer Watchdog's John M. Simpson described the issue with Gmail thus: "They're opening up content and going through it."

But they're not. Google employees don't read Gmail users' messages. Google computers do.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
MarioD578
50%
50%
MarioD578,
User Rank: Apprentice
8/17/2013 | 6:07:09 PM
re: Gmail Is Not A Privacy Problem
Great post. I suggest you read this: http://blog.mdsolutions.pe/201...
24/7Uplift
50%
50%
24/7Uplift,
User Rank: Apprentice
8/16/2013 | 7:26:08 PM
re: Gmail Is Not A Privacy Problem
The simple act of password protecting an email account is a 'reasonable expectation of privacy.' Quite like snail mail when the mailbox is under lock & key. Regardless of whether it is locked once a mailbox is put into use, it is considered federal property. As such, federal law states that it is a crime to tamper or vandalize a mailbox or its contents. Anyone found guilty of such crimes can be fined and incarcerated. So Google can consider it Google Property but should abide by the same standards for tampering as the U.S. Postal service where any type mail processing, routing & delivery comes with an expectation of privacy decreed by law.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/16/2013 | 6:49:44 PM
re: Gmail Is Not A Privacy Problem
Several readers say they don't mind Google opening their email to serve them ads. Where in Google's email agreement does it say they will restrict their snooping to that purpose? On the contrary, Google assumes your information, once submitted via Gmail, is their information. It's for your good that Google brings you the world's information; also for your good that it brings your information to the world. This is a company-centric view of privacy, one that overrides individuals, and one that I remain highly uncomfortable with, Hence, I pay for my Ymail service..
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/16/2013 | 6:17:50 PM
re: Gmail Is Not A Privacy Problem
I'm really not surprised that Google has this attitude. I'm also not bothered that Google is scanning my email so it can send me targeted ads-- but I am a little bothered by the possibility the data might be used for more than that. I agree with Tom's overall point: If you don't treat the Internet like a surveillance state, you proceed at your own peril.

But this is the part that caught my attention. The Guardian pulled this quote from Google's argument:

"Just as a sender of a letter to a business colleague cannot be
surprised that the recipient's assistant opens the letter, people who
use web-based email today cannot be surprised if their communications
are processed by the recipient's ECS [electronic communications service]
provider in the course of delivery."

Asinine. In this metaphor, Google somehow equates to a colleague's assistant? Google's more like the mail carrier.

This relates to Tom's problem. If Google wants to scan data and isn't breaking any laws while doing so, that's fine. No one makes you use Gmail, so Google can do what it wants. But if they're going to explain their policies, they should do so in a way that makes sense, and that is transparent about the implications of collected data. This half-assed metaphor is pretty much the antithesis of that.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/16/2013 | 5:25:39 PM
re: Gmail Is Not A Privacy Problem
As ham-handed as Google's WiFi data gathering adventure turned out to be, I can't help but think much of it was overblown. So far as I can tell, no one was harmed in any way by the data collection. Moreover, Google was collecting data that computer users failed to secure, much as one might listen in to an open police broadcast on an unsecured radio channel. It's not as if Google was hacking anyone's encryption or tapping cables NSA-style.
rradina
50%
50%
rradina,
User Rank: Apprentice
8/16/2013 | 12:04:43 AM
re: Gmail Is Not A Privacy Problem
Well, there's no free lunch and even if very few would choose to pay, surely Google has a few spare, one-time developer cycles that could easily and quickly add a "do not scan" list to their mail mining operation. IMO, such an option would squelch most detractors whose current complaints have merit -- especially after Google's rather trite response.
GHCro
50%
50%
GHCro,
User Rank: Apprentice
8/15/2013 | 10:59:46 PM
re: Gmail Is Not A Privacy Problem
Right on, Tom. It's useless and stupid to say "I'm shocked, shocked to learn what Google's Ts and Cs say." Right on again, about what to do if you don't like it. Use self-help. Start using tools like Tails & TOR for browsing, Textcrypt for text messages and Cellcrypt for mobile phone calls. Then, take everything off of Dropbox, Instagram, iCloud, etc, and stash it all in a Cloudlocker (www.cloudlocker.it) which works just the same but stays in the house where they still need a warrant to get inside.

I'm sure we're going to seem more and better tools like these appear soon as good ol Yankee ingenuity revs up. Unless, of course, everyone gets lazy again and leaves themselves wide open until
the next big expos+¬.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:29 PM
re: Gmail Is Not A Privacy Problem
I was saying to someone the other day that Google and Facebook are best things that ever happened to the government.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:17 PM
re: Gmail Is Not A Privacy Problem
Not a bad idea to have free and premium Gmail services. But not sure many users are willing to pay for web-based email. It would just make them angrier at Google for forcing them to pay $$ for peace of mind.
RobPreston
50%
50%
RobPreston,
User Rank: Apprentice
8/15/2013 | 8:17:25 PM
re: Gmail Is Not A Privacy Problem
Google's "just as a sender of a letter to a business colleague" metaphor was absolutely ham-handed. Or to use another food metaphor, comparing apples to oranges.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.