Should you have any reasonable expectation of privacy with Gmail?

How important is it to you that your emails are private? A lawsuit has been brought against Google alleging breach of privacy via Gmail. This post discusses the case, and whether or not you should have any reasonable expectation of privacy using Gmail and other similar free email services.

Secure Email by renjith krishnan (FreeDigitalPhotos.net)In this day and age of social media and social networks we are becoming acutely aware that information posted and conversations shared on those platforms might not be a private as we once thought. Moreover, few of us go through the trouble of reviewing the Terms of Use and Privacy Policies for those websites to be clear on the conditions under which we can use them, and conversely, any expectations we should have when using them.

Question: do you think that webmail services, such as those offered by AOL, Microsoft (Hotmail), Google (Gmail) and Yahoo, should be held to higher privacy threshold? In other words, should you have a higher expectation of privacy for your email accounts than your social networks?

Google says no!

In an on-going class action lawsuit against Google in United States (US) Federal Court, it has been alleged that the company is in breach of wiretapping laws by illegally intercepting its customers’ email on Gmail. However, Google has countered with a ‘Motion to Dismiss’ the case, in which it has argued that its customers have consented (either expressly or implied) to such activities:

Here, all Plaintiffs who are Gmail users consented to the automated scanning of their emails (including for purposes of delivering targeted advertising) in exchange for using the Gmail service, thus precluding any claim under federal law. Moreover, multiple courts have held that all email senders impliedly consent to the processing of their emails by virtue of the fact that email cannot be sent or delivered without some form of electronic processing. This combination of express and implied consent bars Plaintiffs’ claims in their entirety, under both the federal and state wiretap statutes.

(Source: Consumer Watchdog)

Later in its submission Google noted that in order to facilitate automatic delivery of messages, the company has a fully automated system that scans emails to detect and filter out corrupted messages, spam, etc. The company also highlighted that it is through its email scanning capability that users can search and automatically sort their incoming messages, which tend to be welcomed features(Source: Consumer Watchdog).

With regard to the targeted advertising based on email content that has become an important feature and source of revenue for the company, Google indicated it had disclosed its intention from its inception, and that other free email service providers are using similar systems to generate targeted advertising (Source: Consumer Watchdog).

Should you be concerned?

To varying degrees most of us are still coming to terms with the extent to which our expectations of privacy are being consistently eroded while we continue to embrace the opportunities the Internet, and technology in general, now provides. Although some of us might feel somewhat violated by this revelation from Google that they do not consider users’ emails private, the truth is that few of us might be prepared to significantly modify (or even reduce) our use of such services. However, here are two things to consider.

First, many small businesses, even if they have their own website and domain name, use Gmail and other free email services for their business communication, including for what they might consider confidential discussions/transactions. Further in organisations that provide employees with email accounts under their domain names, frequently, those employees, either intermittently or permanently resort to using free email services, again such as Gmail, to facilitate the work of the organisation. In both of those circumstances it may be prudent to re-examine the degree privacy necessary, and expected, for businesses emails, especially for commercially sensitive transactions or those containing confidential information.

Second, it is important to keep in mind the recent revelations about the extent to which the US Government has access to information stored on servers located in the US, or controlled by American companies. Further, although many prominent Internet companies, including Google, Microsoft and Facebook, have denied it, the allegations still persist that they provided the US Government with access to users’ content.  The complete truth of this matter is still to be revealed, but it may be wise, if you have not already done so, to reconsider your practices and behaviour on free email facilities that might still be subject to close scrutiny by the US Government.

No email service might be truly private

Although the trigger for this post is Google’s Gmail and the on-going court case in the US, the fact of the matter is that no email service, unless you control the servers, might truly be private. Further, based rulings in previous US court proceedings, there may be a precedent that a person should have “…no legitimate expectation of privacy in information he voluntarily turns over to third parties…” (Source: Consumer Watchdog).

Although the case against Google is not yet concluded, should the outcome be in favour of the plaintiffs, there could be far reaching implications for how email service providers generate revenue versus the services they provide to their users. On the other hand, and more so if the case is decided in Google favour, we may all need recognise that although the Internet offers us a variety of cost-effective (even free) avenues through which to communicate and keep in touch, first, nothing is truly free, and perhaps more importantly, nothing is truly private.

 

Image credit:  renjith krishnan (FreeDigitalPhotos.net)

____________

7 Comments

  • Um, it is sensational and intended to be. First, off, its only in lala land that ‘money’s for nothing and the chicks for free’. I would be stunned, yes, consider it a ‘great and mighty’ wonder if by now, sentient users of these ‘free’ web services have not come to realize that their traffic is somehow party to the monetisation model the provider has adopted.

    Follow the link below for another take on the matter:
    http://thenextweb.com/google/2013/08/14/no-google-did-not-say-that-we-cant-expect-privacy-in-gmail/

    -Carlton

    • Rightly said. The terms of service says that data is scanned. The emails are private in the sense that a person does’t see the email (well except the NSA now). How else were these people expecting things like spam filtering, or user filters for email messages?

      • Sachin,
        In Google laying out in its Motion to Dismiss that the scanning of emails is fully automated – without direct human oversight or intervention – but more importantly facilitating other desired and welcomed services, this could be serious blow to the plaintiffs’ case.

        However, the situation does begin to highlight that among other things, (i) ordinary users might not know what systems and processes are necessary to deliver certain features and services, and (ii) users might be inherently wary of the intimacy, and even control, that large Internet companies can wield in their lives, and perhaps more importantly, those companies’ ability to exploit the information with which they are trusted.

    • Carlton,
      The post was not necessarily meant to be sensational, but rather to continue to apprise persons of pertinent situations of which they should be aware. More importantly, in our somewhat mindless consumption of technology, many of us still do not fully appreciate the inherent give-and-take arrangements of the Internet/technology-driven services we are using, and the implications therein.

      Having reviewed the link suggested, I have no difficulty with the views shared, and note that similar to The Next Web, our post also stated that the quote on “legitimate expectation of privacy” could not be attributed to Google, but to an earlier court judgment in which that sentiment was expressed.

      The point though is that although persons are prepared to dismiss the court case from the outset, so far, the plaintiffs are being given a patient hearing. I do think the plaintiffs have a long road in front of them to successfully prove their case, but at the same time, I think the case itself continues to show the uneasy tension between us accessing technology, and our perceptions of personal privacy.

  • I think for me the key taking is: it’s time to be “prudent [and] re-examine the degree [of] privacy necessary, and expected, for businesses emails, especially for commercially sensitive transactions or those containing confidential information”.

    The fact of the matter is that, as stated in the article, these emails sit of the hosts’ servers. If we give them sensitive information, that sensitive information will eventually sit on their servers. They may not advertently wish to divulge the data, but suppose an accident happens while the data is in their custody!

    There is a classic case doing the rounds in the media in New Zealand. The long and short of it is that a Case Manager at an Accidents Compensation Corporation had a sick family member and decided to work from home. By nature of her work, she took “sensitive” information home to work on. That night her house was burgled. Read on: http://www.voxy.co.nz/national/acc-notebook-stolen-house-burglary/5/164414

  • I think that the case and this article do highlight something of significance. The way technology, and ICT in particular, has evolved and gotten infiltrated into our lives today suggests that a lot of our details will inevitably have to reside on other service providers’ sites.

    Therefore, in the same breath, if we have accepted and trusted pilots to carry us in earoplanes; hospitals to keep the most intimate of our personal details; the banks, the insurers, our financial details and the list goes on, why shouldn’t we accept legitimate ICT providers to do the same? The risks are the same in either cases.

    Yes we can careful/prudent, and yes we can launch legal battles, but at present everything is pointing to the time when a lot of details will be sitting on service providers servers.

Comments are closed.