Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/14/2013
05:15 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Gmail Is Not A Privacy Problem

Is there really informed consent among Gmail users? The real privacy issue is we're all getting by on a lot of trust.

Microsoft computers do the same thing, as the company acknowledges in its Terms of Service: "[W]e may occasionally use automated means to isolate information from email, chats, or photos in order to help detect and protect against spam and malware, or to improve the services with new features that makes them easier to use."

The only difference is that Google is using automated means to deliver relevant ads in addition to ensuring security and quality of service.

Eric Goldman, professor at Santa Clara University School of Law, in an email acknowledged that Google's attorneys could have worded things a bit more delicately but stressed that Gmail privacy claims have gone nowhere for years.

"Unfortunately, Google's poor choice of words gives the legions of Google-haters another chance to take another whack at it," he wrote. "I find the whole fracas baffling given that we have nearly a decade of experience using Gmail. The scare-mongering was a lot more persuasive in 2004, when the future was unknown, than 2013, when we basically know how the story turned out, i.e., Gmail is a great service and no one has suffered any harms due to Gmail's automated email processing."

Yet, Simpson's objection to Gmail has a kernel of merit: He takes issue with the notion that there's really informed consent among Gmail users and those sending email to Gmail users. Fair enough: click-through agreements suck. Online disclosure and contractual terms could be much more clear.

But ignorance of the law is no excuse and ignorance about the realities of online life shouldn't be an excuse either, as long as there's no meaningful deception going on. Terms of service agreements, contracts, computer technology and the law are all hard to understand. If we were really to insist on informed consent, there would be no Internet because almost no one bothers to read click-through contracts and few among those who do really understand what's going on at a technical level. We're all getting by on a lot of trust.

The Internet is a surveillance state. If that bothers you, if Gmail's automated scanning is too much of a privacy violation, do something about it. Brush up on PGP and start encrypting. Push for stronger data protection rules. Block ads. Communicate by tin-foil-clad carrier pigeons. Conduct your social networking in person. Vote for regime change. But don't say that you didn't know.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
MarioD578
50%
50%
MarioD578,
User Rank: Apprentice
8/17/2013 | 6:07:09 PM
re: Gmail Is Not A Privacy Problem
Great post. I suggest you read this: http://blog.mdsolutions.pe/201...
24/7Uplift
50%
50%
24/7Uplift,
User Rank: Apprentice
8/16/2013 | 7:26:08 PM
re: Gmail Is Not A Privacy Problem
The simple act of password protecting an email account is a 'reasonable expectation of privacy.' Quite like snail mail when the mailbox is under lock & key. Regardless of whether it is locked once a mailbox is put into use, it is considered federal property. As such, federal law states that it is a crime to tamper or vandalize a mailbox or its contents. Anyone found guilty of such crimes can be fined and incarcerated. So Google can consider it Google Property but should abide by the same standards for tampering as the U.S. Postal service where any type mail processing, routing & delivery comes with an expectation of privacy decreed by law.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/16/2013 | 6:49:44 PM
re: Gmail Is Not A Privacy Problem
Several readers say they don't mind Google opening their email to serve them ads. Where in Google's email agreement does it say they will restrict their snooping to that purpose? On the contrary, Google assumes your information, once submitted via Gmail, is their information. It's for your good that Google brings you the world's information; also for your good that it brings your information to the world. This is a company-centric view of privacy, one that overrides individuals, and one that I remain highly uncomfortable with, Hence, I pay for my Ymail service..
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/16/2013 | 6:17:50 PM
re: Gmail Is Not A Privacy Problem
I'm really not surprised that Google has this attitude. I'm also not bothered that Google is scanning my email so it can send me targeted ads-- but I am a little bothered by the possibility the data might be used for more than that. I agree with Tom's overall point: If you don't treat the Internet like a surveillance state, you proceed at your own peril.

But this is the part that caught my attention. The Guardian pulled this quote from Google's argument:

"Just as a sender of a letter to a business colleague cannot be
surprised that the recipient's assistant opens the letter, people who
use web-based email today cannot be surprised if their communications
are processed by the recipient's ECS [electronic communications service]
provider in the course of delivery."

Asinine. In this metaphor, Google somehow equates to a colleague's assistant? Google's more like the mail carrier.

This relates to Tom's problem. If Google wants to scan data and isn't breaking any laws while doing so, that's fine. No one makes you use Gmail, so Google can do what it wants. But if they're going to explain their policies, they should do so in a way that makes sense, and that is transparent about the implications of collected data. This half-assed metaphor is pretty much the antithesis of that.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/16/2013 | 5:25:39 PM
re: Gmail Is Not A Privacy Problem
As ham-handed as Google's WiFi data gathering adventure turned out to be, I can't help but think much of it was overblown. So far as I can tell, no one was harmed in any way by the data collection. Moreover, Google was collecting data that computer users failed to secure, much as one might listen in to an open police broadcast on an unsecured radio channel. It's not as if Google was hacking anyone's encryption or tapping cables NSA-style.
rradina
50%
50%
rradina,
User Rank: Apprentice
8/16/2013 | 12:04:43 AM
re: Gmail Is Not A Privacy Problem
Well, there's no free lunch and even if very few would choose to pay, surely Google has a few spare, one-time developer cycles that could easily and quickly add a "do not scan" list to their mail mining operation. IMO, such an option would squelch most detractors whose current complaints have merit -- especially after Google's rather trite response.
GHCro
50%
50%
GHCro,
User Rank: Apprentice
8/15/2013 | 10:59:46 PM
re: Gmail Is Not A Privacy Problem
Right on, Tom. It's useless and stupid to say "I'm shocked, shocked to learn what Google's Ts and Cs say." Right on again, about what to do if you don't like it. Use self-help. Start using tools like Tails & TOR for browsing, Textcrypt for text messages and Cellcrypt for mobile phone calls. Then, take everything off of Dropbox, Instagram, iCloud, etc, and stash it all in a Cloudlocker (www.cloudlocker.it) which works just the same but stays in the house where they still need a warrant to get inside.

I'm sure we're going to seem more and better tools like these appear soon as good ol Yankee ingenuity revs up. Unless, of course, everyone gets lazy again and leaves themselves wide open until
the next big expos+.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:29 PM
re: Gmail Is Not A Privacy Problem
I was saying to someone the other day that Google and Facebook are best things that ever happened to the government.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:17 PM
re: Gmail Is Not A Privacy Problem
Not a bad idea to have free and premium Gmail services. But not sure many users are willing to pay for web-based email. It would just make them angrier at Google for forcing them to pay $$ for peace of mind.
RobPreston
50%
50%
RobPreston,
User Rank: Apprentice
8/15/2013 | 8:17:25 PM
re: Gmail Is Not A Privacy Problem
Google's "just as a sender of a letter to a business colleague" metaphor was absolutely ham-handed. Or to use another food metaphor, comparing apples to oranges.
Page 1 / 2   >   >>
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.