The ultimate Catch-22: Google said no Gmail privacy 10 years ago

August 15, 2013
507

gmail

The entirety of the Google-centric blogosphere is on fire recently after a report from Consumer Watchdog uncovered a brief filed by Google. The brief said, in no uncertain terms, that Google doesn’t expect anyone to believe that Gmail users have any privacy.

What is really going on here? So far, most blogs have seemed content with pulling particularly incriminating quotes from a brief that Consumer Watchdog posted. The brief, filed on July 13 of this year, is in response to a class action lawsuit against Google in regards to their privacy practices.

It’s fairly long, but instead of ripping out some quotes that may be taken out of context, we invite you to read the brief in its entirety. As stated, it’s long, but when it comes to context every word matters.

Here’s the gist of what’s going on. Google scans every email that goes into and comes out of Gmail. They scan it for keywords so that they can send you contextually accurate ads, allow you to search your mailbox for emails, and other assorted services. The class action lawsuit filed against them claims this violates the Federal Wiretap Act and the California Invasion of Privacy Act.

Now, here is what everyone is an uproar. During the brief, Google’s defense attorneys state in no uncertain terms that people who use Gmail shouldn’t be expecting any privacy. Here is the quote from the brief that seems to be used most often.

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.

That sounds bad, but it gets much worse. If you read the Gmail Privacy Policy, you’d see this.

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

And this.

We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

Where did you give permission for Google to do this? On the very first page when you signed up for a Gmail account. When you tick that little box that says, “I agree to the Gmail Terms of Service and Privacy Policy.” That means that everyone who currently has a Gmail account has physically given Google permission to do exactly what everyone is angry at Google for doing.

It’s true that Google scans our emails and returns to us contextually based ads. It’s true that we really shouldn’t expect any privacy from Gmail. It’s even true that all of those things  live in an ethically gray area. Especially now that people are sensitive about security because of the Edward Snowden incident regarding the NSA. The only problem is that each and every one of us told Google it was okay the day we signed up for an account.

It get worse. Not only did we give Google permission to assume that we expect no privacy, but Google’s chief argument is actually 100% accurate. They state:

First, all of the federal and state wiretap laws at issue specifically exempt ECS (Electronic Communication Service) providers from liability based on the conduct in their ordinary course of business. These protections reflect the reality that ECS providers like Google must scan the emails sent to and from their systems as part of their services.

And Google isn’t the only one who scans your emails and uses your information. Take a look at Yahoo!’s privacy policy

Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.

Finally, let’s not forget Microsoft. They have given Google a hard time in the past for this very thing. However, if you read their Outlook privacy policy:

We use the information we collect to provide the services you request. Our services may include the display of personalized content and advertising. The information we collect may be combined with information obtained from other Microsoft services and other companies.

No wonder they took down those Scroogled commercials.

So what does all this have to do with Gmail and my privacy?

Without scanning emails going in and out of Gmail, Google cannot deliver contextually accurate advertisement. That may not sound like a big deal, but a hefty number of websites live and breathe on Google’s AdSense. Google makes their money from advertisement which means their ability to operate as a company lives and dies with their ability to bring in revenue from advertisement. This goes doubly so for websites that depend on AdSense for revenue.

So, as the document says, Google has to scan Gmail traffic in order to continue doing business as they have been and, according to Google, federal and state law says that’s perfectly okay.  Why does Google have to scan your email in the name of advertisements? The answer to that is termed as “targeted advertisement.”

Simply put, companies who advertise pay more money for ad space if they know their ads are going to be seen by people who need to see them. Samsung wouldn’t pay a lot of money to have their Galaxy S4 ad run on a hockey blog full of people who have no interest in a Galaxy S4. Similarly, Kay Jewelers doesn’t want to advertise diamond jewelry to a bunch of nerdy males who have no interest in diamond broaches. When Google scans our email and sees us emailing (or searching) for these things, they send us ads for those things. Companies who pay for advertising will pay more when they know the audience has at least expressed a peripheral interest in what they have to sell.

The bottom line here is that Google cannot maintain their current business model without finding out everything they can about us. Pair that with the scary fact that we told them they could when we signed up for Gmail and you have a perfect storm.

What is the catch-22?

So we get to the catch-22. Yes, our privacy has been hanging out to dry since about the day Gmail went live. However, we also agreed to that when we signed up for it. Yes, our emails are scanned and we see advertisements based on what we write in emails. However, those ads go to pay salaries at Google as well as the salaries of thousands of people on thousands of websites across the world. For every bad thing you can say about Google disregarding everyone’s privacy, there is a counterpoint that is legally relevant.

So who is really right and who is really wrong here? Is Google wrong for compromising our privacy? Or are we wrong for not knowing about it until it was brought up nearly 10 years later in a legal brief? The biggest question of all is simply this. Shouldn’t we be more angry at ourselves for not paying attention to the Terms of Service and the Privacy Policy than we have been at Google for essentially repeating those very documents in a legal briefing?

We want to make it clear that we are not advocating the invasion of privacy. We are simply pointing out that it may not be an invasion of privacy when we give Google the okay to do these things. It’s not like Facebook, who borrowed phone numbers of people who don’t even use Facebook. Of course, we’d love to hear what you have to say on the subject in the comments below.

Comments

Load More