The ultimate Catch-22: Google said no Gmail privacy 10 years ago

by: Joe HindyAugust 15, 2013


The entirety of the Google-centric blogosphere is on fire recently after a report from Consumer Watchdog uncovered a brief filed by Google. The brief said, in no uncertain terms, that Google doesn’t expect anyone to believe that Gmail users have any privacy.

What is really going on here? So far, most blogs have seemed content with pulling particularly incriminating quotes from a brief that Consumer Watchdog posted. The brief, filed on July 13 of this year, is in response to a class action lawsuit against Google in regards to their privacy practices.

It’s fairly long, but instead of ripping out some quotes that may be taken out of context, we invite you to read the brief in its entirety. As stated, it’s long, but when it comes to context every word matters.

Here’s the gist of what’s going on. Google scans every email that goes into and comes out of Gmail. They scan it for keywords so that they can send you contextually accurate ads, allow you to search your mailbox for emails, and other assorted services. The class action lawsuit filed against them claims this violates the Federal Wiretap Act and the California Invasion of Privacy Act.

Now, here is what everyone is an uproar. During the brief, Google’s defense attorneys state in no uncertain terms that people who use Gmail shouldn’t be expecting any privacy. Here is the quote from the brief that seems to be used most often.

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.

That sounds bad, but it gets much worse. If you read the Gmail Privacy Policy, you’d see this.

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

And this.

We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

Where did you give permission for Google to do this? On the very first page when you signed up for a Gmail account. When you tick that little box that says, “I agree to the Gmail Terms of Service and Privacy Policy.” That means that everyone who currently has a Gmail account has physically given Google permission to do exactly what everyone is angry at Google for doing.

It’s true that Google scans our emails and returns to us contextually based ads. It’s true that we really shouldn’t expect any privacy from Gmail. It’s even true that all of those things  live in an ethically gray area. Especially now that people are sensitive about security because of the Edward Snowden incident regarding the NSA. The only problem is that each and every one of us told Google it was okay the day we signed up for an account.

It get worse. Not only did we give Google permission to assume that we expect no privacy, but Google’s chief argument is actually 100% accurate. They state:

First, all of the federal and state wiretap laws at issue specifically exempt ECS (Electronic Communication Service) providers from liability based on the conduct in their ordinary course of business. These protections reflect the reality that ECS providers like Google must scan the emails sent to and from their systems as part of their services.

And Google isn’t the only one who scans your emails and uses your information. Take a look at Yahoo!’s privacy policy

Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.

Finally, let’s not forget Microsoft. They have given Google a hard time in the past for this very thing. However, if you read their Outlook privacy policy:

We use the information we collect to provide the services you request. Our services may include the display of personalized content and advertising. The information we collect may be combined with information obtained from other Microsoft services and other companies.

No wonder they took down those Scroogled commercials.

So what does all this have to do with Gmail and my privacy?

Without scanning emails going in and out of Gmail, Google cannot deliver contextually accurate advertisement. That may not sound like a big deal, but a hefty number of websites live and breathe on Google’s AdSense. Google makes their money from advertisement which means their ability to operate as a company lives and dies with their ability to bring in revenue from advertisement. This goes doubly so for websites that depend on AdSense for revenue.

So, as the document says, Google has to scan Gmail traffic in order to continue doing business as they have been and, according to Google, federal and state law says that’s perfectly okay.  Why does Google have to scan your email in the name of advertisements? The answer to that is termed as “targeted advertisement.”

Simply put, companies who advertise pay more money for ad space if they know their ads are going to be seen by people who need to see them. Samsung wouldn’t pay a lot of money to have their Galaxy S4 ad run on a hockey blog full of people who have no interest in a Galaxy S4. Similarly, Kay Jewelers doesn’t want to advertise diamond jewelry to a bunch of nerdy males who have no interest in diamond broaches. When Google scans our email and sees us emailing (or searching) for these things, they send us ads for those things. Companies who pay for advertising will pay more when they know the audience has at least expressed a peripheral interest in what they have to sell.

The bottom line here is that Google cannot maintain their current business model without finding out everything they can about us. Pair that with the scary fact that we told them they could when we signed up for Gmail and you have a perfect storm.

What is the catch-22?

So we get to the catch-22. Yes, our privacy has been hanging out to dry since about the day Gmail went live. However, we also agreed to that when we signed up for it. Yes, our emails are scanned and we see advertisements based on what we write in emails. However, those ads go to pay salaries at Google as well as the salaries of thousands of people on thousands of websites across the world. For every bad thing you can say about Google disregarding everyone’s privacy, there is a counterpoint that is legally relevant.

So who is really right and who is really wrong here? Is Google wrong for compromising our privacy? Or are we wrong for not knowing about it until it was brought up nearly 10 years later in a legal brief? The biggest question of all is simply this. Shouldn’t we be more angry at ourselves for not paying attention to the Terms of Service and the Privacy Policy than we have been at Google for essentially repeating those very documents in a legal briefing?

We want to make it clear that we are not advocating the invasion of privacy. We are simply pointing out that it may not be an invasion of privacy when we give Google the okay to do these things. It’s not like Facebook, who borrowed phone numbers of people who don’t even use Facebook. Of course, we’d love to hear what you have to say on the subject in the comments below.

  • AsakuraZero

    not amused, its the internet and for private emails i have the one provided by my employer, where i can send and receive sensitive data.

    Gmail, in most of the cases just needs to read the delivery address and the sender address, and it can guess whats the content or any info of interest for google

    by example if i get mails from GoJane, google can show me alternatives to gojane by just reading the from their address.

    • Duncan Booth

      I guess you don’t want them to filter out spam emails then, or let you do full-text searches on the content?

  • Shane Piskur

    I’m not upset by this. I don’t have anything to hide and if I wanted to send something very sensitive I have my work email to do so. People shouldn’t be making a big deal about it. It’s the internet, suck it up

    • Well, I know what you do in bathroom, heck, everyone does. so, there is nothing to hide. does that mean I should invade your privacy and rush into your bathroom, just because you don’t have anything to hide or that privacy is something to be respected, as is ?

      • Alan Shearer

        Did you read the TOS when ou signed up for gmail? google hid nothing about their intentions and what they will use your info for.

        • I am NOT using Gmail :)

          • Alan Shearer

            Then you have no reason to reply here, at minimum go read the TOS on their sign up page, do your research before posting.

          • The article wasn’t solely about Gmail TOS, it was about privacy in the internet.

          • JosephHindy

            Mehdi has a point, it really is about how the internet has no privacy.

            But it’s also about how no where on the internet should be expected. It doesn’t matter what email service you use. Yahoo, Hotmail, Outlook, gmail, etc. Their terms of service all say the same things just in different words.

  • Amadeus Klein

    The is no expectation of privacy when using the Internet. Whether a billion dollar Company, or isp, the governments of the World or a lone hacker, when using the Internet someone is always watching and collecting what we do… I have yet to read a tos that doesn’t say something about collecting your information and using it.

    Tin foil hats anyone?

    • Guest

      That’s exactly what Lavabit founder stated — nothing digital is secure, and someone is most likely looking at it.

  • Matthew Wypyszinski

    human cent-ipad. nuff said.

  • Valtheus

    Do we even know which one from all these online services we use is monitored? And does anybody ever reads those long ‘Terms of Service’ before they tick the accept box? I don’t think so.

    So what are we really talking about here? If you really want your privacy, you use the internet in other ways.

  • chris

    Google and other companies seem to forget (or rely) on the fact that the vast majority of internet users are lazy. It’s one thing to say:

    “You agreed to this when you sign up to our services.”

    But it’s another to say:

    “Do you expect every single person to read the lengthy T&Cs, often contained in a small hyperlink right next the giant agree button.”

    Who is in the ‘wrong’ (legal or moral); the user who doesn’t read the fine print, or the company who expects them not to?

    • Zaphoid

      There was a gaming company that had something to the extent of “by accepting this T&C’s you agree to give us your soul”. This went on for quite a while before someone noticed it.

      • powerwiki1

        Indeed, it was Blizzard with World of Warcraft :)

  • gagarin

    Lets collect information from google.Catch this:all big heads inside google is jews.It is wrong this information?

  • Roberto Tomás

    looks like naver, weibo, qq, etc, have an in to western markets after all. :)

  • EvenInTheDarkestHour

    The old saying, “If you don’t want it read, don’t write it down” applies a thousand fold for the Internet. If you send it, it will be seen.

  • Kevin Lupo

    I’m unsure of what everyone’s issue is. Everyone now-a-days seems to think just because an email is scanned a file is scanned or anything such as that, then your privacy is being invaded and the company in question is doing something bad with it. Has anyone ever had their identity stolen, important information stolen, etc. from Google? Not that I’ve heard of.

    Further more how is Google suppose to filter spam, viruses, etc. without scanning your email. If you impose this type of mentality on Google then you would have to impose it on every virus scanning company on the planet. They have access to your entire computer and just like Google you gave them permission and you “assume” they aren’t stealing your data.

    Google isn’t stealing your data, there’s not some pervert sitting behind a computer in Google’s office reading your emails. What you do have, however, is filtered emails, less spam in your inbox, virus protection, full contextual search of your email and even if you don’t like ads at least they are ads that MIGHT interest you.

    People just simply need to calm down and take that proverbial chill pill. If there’s legitimate proof that Google is selling your very personal data and compromising your life…then I will be right behind everyone wanting a fix to the situation. But until then, I have no proof of anything, nothing has happened to me and their terms of service and privacy policy is agreeable.

    • Alan Shearer

      Beside, the majority of email is boring crap. Lets be honest, most of you lead mundane boring lives to an outside observer. Ever wonder how much reality is not in reality tv?

    • JosephHindy

      This is almost the exact point of this article lol.

  • Timothy Anderson

    I never thought my e-mails were exactly private. I WANT Google to scan my emails. I want “Google Now” to know about the flight I purchased. This allows it pop up my boarding pass when I get to the airport and tell me if there has been a delay, etc. I also want it to know purchases that I have made so that I can see order tracking info. If they are scanning for viruses, I want it to do that too. I like it when stuff that I am actually interested in pops up as ads instead of junk I don’t care about. Sometimes there are things that actually interest me. I really don’t think there is anything nefarious going on here other than possibly the report itself. Sometimes these reports are funded by competitors who are intent on spreading FUD. As the article points out, this is nothing that the competitors don’t already do as well.

    • Nevi_me

      Headers have : [Title: Graduation Ceremony, 17 Aug 2013]

      Message has: [Dear Timothy Anderson, Camilla from Wyoming has sent you beautiful pictures of herself. Please click on Camilla to open them.]

      Good luck to all the people who only want their headers scanned having to see this garbage everyday. Even if you keep your e-mail address safe, people sell addresses, companies and government leak information by mistake, hackers are able to penetrate even the most trusted companies. I don’t wanna change my e-mail address every 2 years when spam has overtaken it.

  • Cristi13

    The problem is that people use privacy as an excuse for many things, and the meaning is took out of context. This results in endless, stupid debates about not so important things and we lose sight of the bigger picture, the bigger problems about privacy. And this applies for many other political and social issues.

  • doode

    You clicked to agree to the Terms of Service…now STFU!!!!! So sick of this lack of self responsibility in today’s culture.

  • abazigal

    I thought it had always been somewhat of an open secret. Why are people kicking up a fuss only now?

    When something is free, you are the product, not the customer.

    • Nevi_me

      Yes, and most services have opt-outs, be it a button to click to “Opt Out”, to restrict personal info, or to even not use the service at all. Facebook was showing me ads of single girls of a certain religion in my area, so I went into my account, changed the privacy setting on my age, removed my religion and location, and after a page refresh all those ads were gone. I ain’t paying Google or Facebook, and they gotta make their money. I would be stupid to think that they don’t word their ToS appropriately to legally cover themselves, and I would be stupid to suddenly make demands over something that is an open secret as you say.

  • Pete S

    “So who is really right and who is really wrong here?”

    I’ll tell you who is really wrong here. The dozens of so-called ‘journalists’ who just regurgitated Consumer Watchdog’s anti-google hatchet-job without doing any fact checking or follow ups.

    Google is the tech bloggers new favorite scapegoat and slamming them gets lots of traffic, so they don’t care if they’re reporting truth…just that they’re getting page views.

    Thanks to Joe Hindy for doing a much better job than most of the rest of the journalists out there. And on the off chance you think Hindy is wrong, here’s another good piece on the situation:

    • Timmy

      Techdirt is a great source of information for this kind of debate (as long as you can get past the anti-Mike bashing in the comments). +1 to Joe.

    • Nevi_me

      The irony in this is that these tech blogs have ads from companies (incl. Google) that track users’ preferences etc. If what they’re so advocating comes to pass, and everyone in the world’s prohibited from tracking people with cookies, it will be these very tech blogs that suffer.

      I say so because:
      1. In the absence of user-specific ads, random things are shown, like those “You’ve won 1 000 000, click here to claim”. As a principle. I avoid sites that show me that a lot. Goodbye page-views, no matter what click-bait title you throw at me.

      2. Current advertising trends are that internet advertising is growing faster than print, those very advertisers who are paying a lot under the promise that their ads will be shown to the ‘relevant audience’ will take their money elsewhere, hello there newspapers.

      3. E-mail will really become ‘broken’. Everyone’s going on about how e-mail is broken, start-ups spawning everywhere trying to ‘fix’ it. The harsh reality is that with mail companies not allowed to even scan messages, it’ll be like Yahoo! in 2006, most people’s accounts will be filled with so much spam, they’ll talk sense when they say e-mail is broken. Good luck to Mailbox, Inky etc showing you a beautiful view of all that spam.

      We seem to have forgotten about what has happened in the past 10 years, the progress and evolution. Yet we want to throw the baby out with the bath water from paranoia. I’ve seen people delete their Gmail account, and then yap on about how their Android phone is non-functional.

      Now if only there was a website that could keep track of people who yap on about ‘quitting using this service’ and tell the world when they come back in a few months/years …

  • lowbar

    This whole situation comes about because we want cool, relevant, information on our mobile devices. I have been a reader of TOS’ for a long time. Some services I just don’t use because the terms are too invasive. Other services I just have to go along if I want the “cool, cutting edge” service. Services like Google and the others cannot give us the information that we want without knowing about us, that much makes sense. The bigger question is, do we need the service? Is that cool Foursquare app that allows me to check in and find friends, really worth the trade-off of my privacy? That is a much more difficult question.

  • disqus_qyZBIPAv6z

    I don’t mind Google using algorithms that treat my emails as ‘data’, that’s anonymous enough for me. The annoying part is the Jekyll/Hyde attitude towards the public. They’ll claim to be putting air balloons around the world to provide internet for everyone to pump up their image, but if you question them (a’la Adsense/Gmail) you’ll get banned for life, and told you should’ve read the TOS.

  • Timmy

    How else will I know if I won an iPad or that there are attactive females in my area that want to sleep with me if Google doesn’t monitor my email?

  • Alan Shearer

    You read the TOS (not reading the TOS is not a valid excuse or defense), so you knew what you were getting into it. No violation of privacy happened here when you knew what you were getting into for signing up. There are literally thousands of alternatives to gmail.

    Besides, privacy is really a new concept, did not exist much in the past to be honest if history is accurate.

  • mrtt

    If you are feeling vulnerable to NSA sweeping surveillance, then ThreadThat dot com may be for you. Free end-to-end encryption when you need it.

  • ccccc

    This is so gay.