Hello all.. i wanted to share this with you all.. after somebody mentioned that they feel as though they were being watched..
http://gmail-is-too-creepy.com/
Problem 1: Gmail is nearly immortal
Google offers more storage for your email than other Internet service providers that we know about. The powerful searching encourages account holders to never delete anything. It takes three clicks to put a message into the trash, and more effort to delete this message. It's much easier to "archive" the message, or just leave it in the inbox and let the powerful searching keep track of it. Google admits that even deleted messages will remain on their system, and may also be accessible internally at Google, for an indefinite period of time. For a few months they showed a note saying that messages left in the trash folder for 30 days would be automatically deleted, but many users reported that this never happened. Now that message, which is still present for the spam folder, is gone from the trash folder. Google wants very much to get to know you better.
A new California law, the Online Privacy Protection Act, went into effect on July 1, 2004. Google changed their main privacy policy that same day because the previous version sidestepped important issues and might have been illegal. For the first time in Google's history, the language in their new policy made it clear that they will be pooling all the information they collect on you from all of their various services. Moreover, they may keep this information indefinitely, and give this information to whomever they wish. All that's required is for Google to "have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public." Google, you may recall, already believes that as a corporation they are utterly incapable of bad faith. Their corporate motto is "Don't be evil," and they even made sure that the Securities and Exchange Commission got this message in Google's IPO filing.
Google's policies are essentially no different than the policies of Microsoft, Yahoo, Alexa and Amazon. However, these others have been spelling out their nasty policies in detail for years now. By way of contrast, we've had email from indignant Google fans who defended Google by using the old privacy language — but while doing so they arrived at exactly the wrong interpretation of Google's actual position! Now those emails will stop, because Google's position is clear at last. It's amazing how a vague privacy policy, a minimalist browser interface, and an unconventional corporate culture have convinced so many that Google is different on issues that matter.
After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries.
Google's relationships with government officials in all of the dozens of countries where they operate are a mystery, because Google never makes any statements about this. But here's a clue: Google uses the term "governmental request" three times on their terms-of-use page and once on their privacy page. Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. Why should we send email to Gmail accounts under such draconian conditions?
Problem 2: Google's policies do not apply
The phrasing and qualifiers in the Gmail privacy policy are creepy enough, but nothing in any of Google's policies or public statements applies to those of us who don't have Gmail accounts. Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database. They've said that their advertisers won't get personally identifiable information from email, but that doesn't mean that Google won't keep this information for possible future use. Google has never been known to delete any of the data they've collected, since day one. For example, their cookie with the unique ID in it, which expires in 2038, has been tracking all of the search terms you've ever used while searching their main index.
Matt Cutts, a software engineer at Google since January 2000, used to work for the National Security Agency.
Keyhole, the satellite imaging company that Google acquired in October 2004, was funded by the CIA.
"We are moving to a Google that knows more about you." — Google CEO Eric Schmidt, February 9, 2005
You can use Scroogle to get Google's results without the tracking!
no ads · 28 languages · also scrapes Yahoo
Problem 3: A massive potential for abuse
If Google builds a database of keywords associated with email addresses, the potential for abuse is staggering. Google could grow a database that spits out the email addresses of those who used those keywords. How about words such as "box cutters" in the same email as "airline schedules"? Can you think of anyone who might be interested in obtaining a list of email addresses for that particular combination? Or how about "mp3" with "download"? Since the RIAA has sent subpoenas to Internet service providers and universities in an effort to identify copyright abusers, why should we expect Gmail to be off-limits?
Intelligence agencies would love to play with this information. Diagrams that show social networks of people who are inclined toward certain thoughts could be generated. This is one form of "data mining," which is very lucrative now for high-tech firms, such as Google, that contract with federal agencies. Email addresses tied to keywords would be perfect for this. The fact that Google offers so much storage turns Gmail into something that is uniquely dangerous and creepy.
Problem 4: Inappropriate ad matching
We don't use Gmail, but it is safe to assume that the ad matching is no better in Gmail, than it is in news articles that use contextual ad feeds from Google. Here's a screen shot that shows an inappropriate placement of Google ads in a news article. We also read about a lawyer who is experimenting with Gmail. He sent himself a message, and discovered that the law practice footer he uses at the bottom of all of his email triggered an ad for a competing law firm.
Another example is seen in the Google ads at the bottom of this story about Brandon Mayfield. There are two ads. One mentions sexual assault charges (sex has nothing to do with the story), and the other is about anti-terrorism. The entire point of this article, as well as a New York Times piece on May 8, 2004, is that a lawyer has had his career ruined due to overreaction by the FBI, based on disputed evidence. He was arrested as a material witness and his home and office were searched. The NYT (page A12) says that "Mr. Mayfield was arrested before investigators had fully examined his phone records, before they knew if he had ever met with any of the bombing suspects, before they knew if he had ever traveled to Spain or elsewhere overseas. His relatives said he had not been out of the United States for 10 years." The only evidence is a single fingerprint on a plastic bag, and some FBI officials have raised questions about whether this print is a match. While Mr. Mayfield will get his day in court, it appears that Google's ads have already convicted him, and for good measure added some bogus sexual assault charges as well. Would Mr. Mayfield be well-advised to send email to Gmail account holders to plead his case?
The Wichita Eagle is pleased to present Google's recommendation for an alarm company that can "protect your home and family." One tiny problem is that the trigger for this ad is an article about an alarm installer who worked for this company for 14 years, while moonlighting as a serial killer.
Our last example shows three ads fed by Google at the bottom of a Washington Post column titled "Gmail leads way in making ads relevant." The columnist argues that Google's relevant ads improve the web, and therefore she finds nothing objectionable about Gmail. These Google-approved ads offer PageRank for sale, something which only a year ago, Google would have considered high treason. Yes, these ads are "relevant" — the column is about Google, and the ads are about PageRank. But here's the point: A relevant ad that shows poor judgment is much worse than an irrelevant ad that shows poor judgment. The ads at the bottom of her column disprove her pro-Google arguments. She has no control over this, and is probably not even aware that it happened.
Most writers, even if they are only writing an email message instead of a column in a major newspaper, have more respect for their words than Google does. Don't expect these writers to answer their Gmail.
Esther Dyson, queen of the digerati, gets it wrong
"We're not going to have any choice but to send mail to people at Gmail just to function in the e-mail world," says Daniel Brandt, founder of the Google-Watch.org Web site. "And what guarantees do we have that all this won't end up on some bureaucrat's desk at some intelligence agency someday?" But those who support Gmail say such privacy concerns are not Google issues so much as constitutional ones, best addressed to Congress and law-enforcement agencies. "They've got a beef with the wrong person. The problem there is the FBI, not Google," says Dyson. "And in the scheme of things, I'd rather have Google than my employer have access to my personal mail." — Baltimore Sun, 20 May 2004
The point is this: Some two-thirds of all Google searches come in from outside the U.S., and Gmail will also have a global reach. We're not dealing with only the FBI (and yes, the same privacy advocates who oppose Gmail are dealing with the FBI), but potentially with hundreds of agencies in dozens of countries. Google has no data retention policies, and never comments on their relationships with governments. The problem must be addressed at the source, which is Google. Elitist digerati do a disservice to the entire world when they assume such narrow points of view.
Privacy: Not enough, and too much!
While there's no privacy for non-Gmail users who receive mail from a Gmail account and might want to reply, there is too much privacy for those who use Gmail to send spammy, abusive, or threatening messages. Unlike Hotmail, Yahoo mail, and most other web mail services, Gmail does not show the originating IP address in the header. This means that system administrators who are trying to stop abuse cannot identify a Gmail abuser without asking Google for assistance. And normal users, assuming they can read headers, cannot check the identity of someone sending from Gmail. (With an IP address, you can at least do a quick check on the country or city of origin by looking it up at dnsstuff.com or some similiar service.) Since Google always seems to be too busy making billions to bother with complaints, many decide it's easier to just say "no" to all Gmail.
\
PRivacy FAQ~
1. What is Gmail and and what privacy risks does it raise?
1.1 What is Google's Gmail?
Gmail is a web-based e-mail service offered by Google offering one-gigabyte (1000 megabytes) of e-mail storage to users, five hundred times the capacity offered by Microsoft's Hotmail (as of June 2004, although banner advertising-supported web-based e-mail services, including Hotmail and Yahoo! have or plan to increase their storage capacity in response to the competitive pressure of Gmail).
Gmail is supported by advertisers who buy keywords, much like the Google search engine's AdWords advertising program. Gmail uses "content extraction" (the term used in Google's patents) on all incoming and outgoing e-mail in order to target the advertising to the user. For example, if the user is having an e-mail conversation about applying for a job, Gmail might present the user with ads about online job search sites and resume writing services.
1.2 What is your position on Google's Gmail?
Gmail violates the privacy rights of non-subscribers. Non-subscribers who e-mail a Gmail user have "content extraction" performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed. Subscribers to Gmail also face risks to their privacy; those risks are outlined below.
1.3 What privacy risks are presented by Gmail?
a. Non-Subscribers Do Not Consent to "Content Extraction." Subscribers consent to "content extraction" and analysis of their e-mail ("We serve highly relevant ads and other information as part of the service using our unique content-targeting technology," according to the privacy policy). But non-subscribers who are e-mailing a Gmail user have not consented, and indeed may not even be aware that their communications are being analyzed or that a profile may being compiled on him or her. (See 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?")
b. Unlimited Data Retention. While the prospect of never having to delete or file an e-mail is an attractive feature for space-hungry users, the implications of indefinite storage of e-mail communications presents several serious implications. Although Google has is held in high esteem by the public as a good corporate citizen, past performance is no guarantee of future behavior -- especially following Google's IPO when the company will have a legal duty to maximize shareholder wealth. Although Google currently says that they will not record the "concepts" extracted from scanned e-mails, they could decide to do so in the future and thereby create detailed profiles of users. Building such profiles on years of past communication in addition to current communications is made easier if users never delete e-mails. Additionally, communications stored for more than 180 days are exposed to lower protections from law enforcement access; with Gmail, many such e-mails could be made easily available to police.
c. Profiling Across Google Product Line. Google uses cookies to track users (and preserve preference across sessions) on the Google search engine. Gmail also uses cookies. Google's personal information-rich social networking service, Orkut, does as well. Although Google said that it does not cross-reference the cookies, nothing is stopping them from doing so at any time ("It might be really useful for us to know that information. I'd hate to rule anything like that out," said Google co-founder Larry Page). Google retains a powerful ability to create incredibly detailed profiles on users, whether or not they do so today: e-mail addresses and "concept" information about a persons's friends, family and co-workers; the daily search terms typed into Google; and myriad personal information provided to Orkut. The Gmail privacy policy explicitly allows such uses: "Google may share cookie information among its other services for the purpose of providing you a better experience." (See also 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?") Additionally, Google has extremely long cookie expiration dates that preserve the cookie until the year 2038 (see 1.5 What other things has Google been doing that might affect my privacy?)
d. Bad Legal Precedent. In the United States, violations of privacy with respect to the Fourth Amendment are based partly on whether the person had a legitimate expectation of privacy. If a major online e-mail provider such as Google is allowed to monitor private communications -- even in an automated way -- the expectations of e-mail privacy may be eroded. That is, courts may consider the service as evidence of a lack of a reasonable expectation in e-mail. Businesses and government organizations may thus find it easier to legally monitor e-mail communications. These effects are long-term and will undoubtedly outlive Google.
e. Insufficient Privacy Policy. Google can transfer all of the information, including any profiles created, if and when it is merged or sold ("We reserve the right to transfer your personal information in the event of a transfer of ownership of Google, such as acquisition by or merger with another company".) Also, Google can make unilateral changes to the policy and unless it deems them "significant," it may not even notify users ("If we make any significant changes to this policy, we will notify you by posting a notice of such changes on the Gmail login page.") Finally, as outlined above, the policy regarding retention is very broad: "...residual copies of e-mail may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account." (These and the rest of the references to the privacy policy are based on the 6/28/2004 version.)
Google changed the Google privacy policy on 6/28/2004 in order to comply with the California Online Privacy Protection Act. (Google should provide a "redline" version that shows the differences between the two policies, as it has done with the Gmail Program Policies.) The most significant change in the privacy policy is that Google more explicitly reserves its legal right to track users across Google products ("If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our service") much like a similar provision in the Gmail Privacy Policy (see 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?"). Google claims that they do not currently track users or create profiles, nor does it intend to do so in the future. But if that is so, why does it need to explicitly reserve the right to do so?
Additionally, privacy policies may provide weak protection as other major online web service providers have unilaterally changed their privacy policies to the detriment of their users, including Amazon.com.
1.4 When did this issue arise, and what has happened since then?
April 1, 2004
In a press release, Google announced launch of the Gmail service. Many initially thought this release was part of Google's traditional April Fools joke. The service is only available to a limited number of beta testers, not yet to the general public.
April 6, 2004
Thirty-one privacy and civil liberties groups signed an open letter to Google, urging it to suspend the Gmail service until its serious privacy issues are resolved.
April 20, 2004
California State Senator Liz Figueroa advanced an amended version of SB 1822, a bill concerning privacy of electronic communications.
May 3, 2004
EPIC, Privacy Rights Clearinghouse, and World Privacy Forum sent a letter to California's Attorney General, arguing that Gmail violates California Wiretapping law (see 3.2 for more details).
May 6, 2004
The California State Senate Judiciary Committee held a hearing on Sen. Figueroa's bill, SB 1822. Click here to watch a video of this hearing (requires RealPlayer).
June 4, 2004
CA's Attorney General responded to the letter, acknowledging the potential wiretapping violation, and promising to look into the matter.
1.5 What other things has Google been doing that might affect my privacy?
It is common knowledge that Google's general motto and one of their "cherished core values" is "Don't be evil." (See Google's Jobs Page, left hand sidebar). However, many have recently come to question this assertion, criticizing Google's actions across a wide range of activities. The following is a brief list of some criticisms directed at Google's record on privacy in arenas other than Gmail:
Every time you visit a Google.com site, a cookie placed on your computer. This cookie is linked to your computer by a unique identifying number and enables tracking of all searches performed along with your browser type and IP address. This Google cookie does not expire until the year 2038 unlike most other major web sites which have a much shorter durations. Google claims that this cookie is required to set preferences for Google sites, but that you can still perform searches without the cookie. For more information, see the following sources:
'Reassurance' a key word as Google grows, News.com, March 3, 2003.
Anonymizing Google's Cookie, iMilly.com.
Google's Cookie, Google-Watch.com.
In 2001, Google acquired Deja.com's Usenet Discussion Service, providing Google with Deja.com's entire Usenet archive, dating back to 1995. Google integrated this database into their Google Groups service. Many were uneasy with Deja.com's service even before it was acquired by Google, because of the vast amount of information and messages contained in these archives, which nobody had really contemplated being amassed in such an accessible and searchable way. A Deja News executive even once stated: "We're positioned to become the largest content aggregator in the world." Now, with this service integrated into Google's site, the archive extends back to 1981 and encompasses over 845 million Usenet messages. Google has, however, made it possible for users to request that their posts be removed from this archive.
A new social networking site, Orkut, debuted in January, 2004, "in association with" Google. Google representatives have stated that the site is affiliated with Google, developed by one of its engineers Orkut Buyukkokten during his obligatory one-day-per-week of personal project work, but is not part of Google "product portfolio." This site is a "trusted" network, meaning only those who are invited by a current member can join, and collects a massive amount of personal information about its members, who are encouraged to complete elaborate personal profiles to be shared with their friends and other Orkut users. One Orkut user was able to successfully mine the Orkut databases, creating the "Orkut Personal Network Geomapper," which allowed people to look up Orkut users and view their friends network. Google sent a cease and desist letter to the creator of this site, alleging that it violated Orkut's terms of service, and the Geomapper is no longer available. Finally, Orkut's Terms of Service include the following clause, which gives them broad rights to your information:
By submitting, posting or displaying any Materials on or through the orkut.com service, you automatically grant to us a worldwide, non-exclusive, sublicenseable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, publicly perform and display such Materials.
A similar clause in the Microsoft Passport policy spawned a huge negative reaction, prompting Microsoft to revise the policy. However, as of July, 2004, this clause remained in Orkut's terms.
2. Technical details about Gmail
2.1 How does Google's "content extraction" work?
While Google has not released technical details of how the Gmail e-mail "content extraction" and analysis works, the patent (#20040059712) filed with the US Patent and Trademark Office provides some clues. Gmail examines the entire content of the e-mail message including the header and addressing information (see 2.2 for more details) in order to derive the the "concepts" contained in the e-mail. Relevant ads are then placed to the subscriber when the e-mail is displayed. Different ads may be served at different times depending on when the e-mail message is viewed, or re-viewed.
2.2 What is "internal" and "external" e-mail information used in the analysis?
"Internal e-mail information" and "external e-mail information" are both used in the scanning and analysis process, according to the patent (paragraphs 51-80). Internal e-mail information is the actual data contained within an e-mail message where as external e-mail information is data derived from the internal information using Gmail's analysis algorithms (e.g. by looking at the IP of the sender and/or the timezone in the timestamp, the geographic location can be determined).
Internal e-mail Information External e-mail Information
Subject line ------
Body of the e-mail Concepts derived from body
Sender name ------
Actual sender e-mail address ------
Concepts from sender e-mail address (e.g. e-mail address based on hobby) ------
Recipient type (e.g. direct, CC, BCC) ------
Business card file (e.g. vcard) ------
Directory paths of attached files Concepts derived from attached files
Attached files (e.g. word processing files, pictures, etc.) ------
Information from a web page link included in e-mail Concepts derived from files web page links
Time e-mail was sent
Geographic location of sender
Geographic location of recipient
Information derived from search results of a query on extracted e-mail information (i.e. a Google search on the derived concepts)
2.3 Will Gmail build profiles of subscribers and/or non-subscribers?
Google has implied that it is not building profiles of Gmail or other Google service users ("[It] will not keep a log of which ads went to which users, nor will it keep a record of keywords that appear often in an individual's e-mail"), but nothing is stopping it from doing so. In fact, the Gmail patent (paragraphs 71-76) specifically describes profile-building features. The concept-building, according to the patent, may be based on the following:
Information about the sender, including information derived from previous interactions with the sender
Information about the recipient, including information derived from sender's address book or from previous interactions with the sender
Information about a recipient based on a profile or information about the sender (the example from that patent is: "Sender is a wine enthusiast and has recently searched for and/or browsed pages related to wine, suggesting that recipient may also be interested in wine")
Information from other e-mails sent by sender
Information from other e-mails received by recipient
Information from other e-mails having the same or similar subject text
Information about recipient from sender's contact information
Directory and file information based on the path name of attachments sent in previous e-mails (e.g. building an index of filenames on sender or recipient's computer)
As noted, the Gmail privacy policy does not prohibit Google from building such profiles (see 1.3c "Profiling Across Google Product Line").
2.4 Why is Gmail different than spam filtering?
From a technical standpoint, there is no categorical difference between Google "content extraction" and spam filtering-- each involves an automated process that analyzes the body and/or header information of e-mail messages. However, from a legal standpoint, there is a fundamental difference between filtering out unwanted junk e-mail and analyzing the content of private communications in order to target advertisements. (See 1.3d "Bad Legal Precedent") Additionally, Google may choose to create profiles of subscribers and the people with whom they e-mail, possibly cross-referencing other Google products (Google search engine, Orkut, etc).
2.5 It's a computer, not a person reading your e-mail. What's the big deal?
In some ways, having a person reading your e-mail to target the ads would be less privacy invasive. Unlike large computer systems, people do not have unlimited storage, memory and associative capability. But Google has the ability to build profiles of users based on their communications, unhindered by the Gmail privacy policy which does not prohibit such actions. Additionally, Gmail's "content extraction" will make its privacy invasions continuous and automated, making it a difficult privacy problem to solve just as spam and telemarketing, both of which are also continuous and automated by computer.
2.6 What patents has Google filed for Gmail?
Google has filed three different patents:
[The primary Gmail patent] United States Patent Application 20040059712: "Advertisers are permitted to put targeted ads on e-mails. The present invention may do so by (i) obtaining information of an e-mail that includes available spots for ads, (ii) determining one or more ads relevant to the e-mail information, and/or (iii) providing the one or more ads for rendering in association with the e-mail."
United States Patent Application 20040059708: "The relevance of advertisements to a user's interests is improved. In one implementation, the content of a web page is analyzed to determine a list of one or more topics associated with that web page. An advertisement is considered to be relevant to that web page if it is associated with keywords belonging to the list of one or more topics. One or more of these relevant advertisements may be provided for rendering in conjunction with the web page or related web pages."
United States Patent Application 20040093327: "Advertisers are permitted to put targeted ads on page on the web (or some other document of any media type). The present invention may do so by (i) obtaining content that includes available spots for ads, (ii) determining ads relevant to content, and/or (iii) combining content with ads determined to be relevant to the content."
3. Legal details
3.1 What are the Federal wiretapping laws, and does Gmail implicate them?
The Electronic Communications Privacy Act (ECPA) was passed in 1986 as an update to the law governing the interception of electronic communication, including e-mail. Title I of ECPA (The Wiretap Act) (18 U.S.C. § 2511) governs communications "in transit."
The federal Wiretap Act only requires one of the parties to consent to the acquisition of the communication. However, the Ninth Circuit Court of Appeals has indicated (in construing the authorization provision of the Stored Communications Act) that an ISP will not be insulated from liability if it "procures consent by exploiting a known mistake that relates to the essential nature of his access." Theofel v. Farey-Jones, 341 F.3d 978, 983 (9th Cir. 2003). Therefore, even the Gmail subscriber herself has consented to the acquisition of her communication, thus negating the application of the Wiretap Act, only if Gmail has adequately revealed and explained the "essential nature" of their access to the e-mail communications.
3.2 What is California's wiretapping law, and why does Gmail implicate it?
The California wiretapping law, CA Penal Code § 631, provides criminal penalties for "[a]ny person who… intentionally taps, or makes any unauthorized connection… with any telegraph or telephone wire, line, cable, or instrument… or who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained…"
As interpreted by the California courts, § 631 criminalizes "three distinct and mutually independent patterns of conduct": (1) intentional wiretapping, (2) willfully and without the consent of all parties reading/attempting to read or learn the contents or meaning of any communication while it is in transit or being sent from/received in California, and (3) attempting to use or communicate any information learned by engaging in the activities prohibited under (1) and (2). See Tavernetti v. Superior Court, 583 P.2d 737 (Cal. 1978), cited in Burns v. Nature's Best, 114 Cal. Rptr. 2d 881 (Cal. Ct. App. 2001).
From the currently available information on Gmail, it appears that the service does implicate the California wiretapping law, specifically the provision that criminalizes "reading or attempting to read or learn the contents or meaning of a message or communication" (part above). The elements and implications of the offense are as follows:
"willfully and without the consent of all parties to the communication, or in any unauthorized manner"
Google's actions are willful because the service is designed for the purpose of scanning and extracting the content of e-mail messages that pass through its Gmail system.
Google does not have the consent of all parties to each communication. While Gmail users arguably consent to scanning of their own e-mails, parties sending messages to Gmail users have no knowledge of Google's scanning and extraction, and have not consented to these actions.
"reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication"
Scanning of the text of e-mails and extracting, compiling, and using information from this text is an attempt to "learn the contents or meaning" of the communication.
While no human reads the content of e-mail passing through Gmail, the information extracted from these e-mails is available for human viewing in the form of keywords, advertisements, data, etc. Google claims that this information is collected without connections to personally identifying information and is viewed by humans only in aggregated form.
"while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state"
A legal "jurisdictional" issue exists as to whether the e-mail is "within" California.
The statute is violated only if the reading/learning occurs while the communication is in transit, passing over any wire, or being sent/received. However, no court has addressed what it means under California law for an e-mail message to be "in transit" or "being sent from, or received." It may turn on when in the path of the e-mails journey Google is scanning the e-mail and extracting content (e.g. whether it occurs before or after the e-mail has been "received" by the intended reader).
3.3 Is there a "service provider exception" under California wiretapping law?
Unlike in the federal laws, there is no exception in the California wiretapping law for ISPs. Even if there were, Google would be unlikely to qualify for it with their Gmail service, at least under the narrow formulation of the exception. Under a formulation like that in the Wiretap Act (§ 2511) (which exempts a service provider for interceptions "in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service"), content analysis for the purposes of targeted marketing is not "a necessary incident" to the provision of e-mail service.
3.4 What legal objections have been raised in other countries?
Data protection and privacy advocates in other countries have also voiced objections to Gmail, particularly in the EU. In April, Privacy International filed a complaint with the UK Information Commissioner, outlining their privacy objections to the Gmail service.
The EU's Data Protection Directive (95/46/EC) affords strong privacy protections, exeeding those available in the United States. EU privacy advocates are very concerned that the Gmail service, which is of course available internationally, violates key principles and provisions embodied in the Data Protection Directive.
Generally, EU privacy advocates have argued that Gmail is a violation of closely-held data protection principles, such as responsibility for the security of personal information held by a provider of service (in its terms of service Google disavows all responsibility for security violations), confidentiality of communications between one party and another (the Directive's working group stated that "no third party should be allowed to read the contents of e-mail between two parties), and control over personal information (Gmail users are not permitted to use any device, manual or otherwise, to monitor, cache, or copy any content from the Gmail service).
Specifically, privacy advocates have claimed that Gmail violates several specific provisions of the Data Protection Directive. For example, Gmail's Terms of Use indicate that in the event of account termination, copies of your information may remain on their servers indefinitely, implicating Article 6 of the Directive which states that data should be kept "no longer than is necessary for the purposes for which the data were collected." For more information, see Privacy International's complaint…
Finally, international advocates raise risks about the openness of Google's intentions, especially when it comes to their "unstable" Terms of Use and Privacy Policy (i.e. the Terms of Use state that "Google may, in its sole discretion, modify or revise these terms and conditions and policies at any time, and you agree to be bound by such modifications or revisions." This provision contains no guarantee of notice of changes, stating elsewhere only that Google "may attempt to notify you via your Gmail address when major changes are made."
4. What can you do?
4.1 Sign up with a different large capacity webmail provider
Of course, the easiest thing you can do to prevent Google's invasion of your privacy is to not sign up for an Gmail account. In fact, this is what Google and other Gmail advocates have been saying in response to privacy complaints—simply use another e-mail service. Several other services which offer large storage capabilities without the privacy violations:
Rediffmail (1GB + no content extraction)
Walla (1GB + no content extraction)
Spymac (1GB + no content extraction)
Aventure-mail (2GB + no content extraction)
This solution is fine for now, but the larger risk is what happens when all the large-scale providers of e-mail start employing Gmail-like e-mail scanning and extraction practices.
4.2 Don't send e-mails to @gmail.com addresses
Remember, since Gmail is scanning and extracting incoming e-mails as well, even if you aren't a Gmail user, your privacy may still be violated by Gmail. To avoid such scanning, keep an eye on the domain of e-mail addresses to which you are you are sending and replying.
If you get an e-mail from a Gmail account and you wish not to reply consider explaining something like this:
Dear Friend,
I have received your e-mail, but due to privacy concerns, I don't want to send my response to your Gmail account. Please give me another e-mail address where I can reach you. If you don't have another e-mail address, consider the following free e-mail accounts with generous storage which do not pose the same privacy risks:
Rediffmail (1GB + no content extraction)
Walla (1GB + no content extraction)
Spymac (1GB + no content extraction)
Aventure-mail (2GB + no content extraction)
For more information on the privacy risks posed by Gmail, see http://www.epic.org/privacy/gmail/faq.html.
Sincerely,
Concerned Citizen
4.3 Reduce the possibility of tracking you through your cookies
As noted above, the Gmail service may look at cookies from previous Google searches in deciding which ads to target to you in Gmail. One way to "decrease" the privacy violation if you do choose to use Gmail is to decrease the amount of information your browser keeps about your previous interactions with Google websites. EFF proposes two possible solutions to prevent "future linkability" (beyond deleting your Google and Gmail cookies each and every time you use Gmail and Google):
Use two browsers. have one browser dedicated to checking your Gmail, which you never use for Google searches, thus preventing your Google search cookies from being linked to your Gmail account.
Use an anonymizer. For example, download Anonymizer.com's free privacy toolbar which enables anonymous browsing and blocks and tracks cookie settings.
However, it is unknown whether using these methods will "de-link" you from any information Google has already collected about your searching and e-mailing habits.
4.4 What are YOU guys doing about it?
Privacy groups have responded in various ways to Gmail. For example, EPIC signed an open letter to Google regarding Gmail and co-wrote a letter to the California Attorney General outlining possible violations of California wiretapping laws.
Legislative proposals to address Gmail have been introduced in in California and Massachusetts. In California, State Senator Liz Figueroa has introduced SB 1822, a bill that would directly affect Gmail's ability to continue in its current form. This bill would allow scanning for the purposes of ad placement of incoming, outgoing, and stored e-mail and other electronic messages only if the provider abides by certain conditions (does not retain any personally identifiable information, does not disclose any of this information to third parties, deletes messages in a timely manner upon request, etc.) and has the express consent of all parties to a communication. Exceptions are made for scanning e-mails for spam and viruses, and for businesses' provision of e-mail services to employees. The Massachusetts legislation, House Bill 1209, is not directed specifically towards Gmail, but is a general bill that would set up a "Special Commission on Privacy Concerns" that could consider data protection issues and threats to electronic and informational privacy, such as Gmail.
Resources
News Articles
Google bans Gmail sales, BBC News, July 2, 2004.
The Trouble with Gmail, Security Focus, Jun 14 2004.
Tightening the Reins on Gmail, Reuters, May 27, 2004.
My Left Arm for a Gmail Account, Wired News, May 20, 2004.
Does Gmail breach wiretap laws?, CNET News.com, May 4, 2004.
Gmail accounts go up for bid, CNET News.com, April 30, 2004.
Don't be afraid of the big bad Gmail, Salon.com, April 26, 2004.
Legislator seeks to block Gmail, CNET News.com, April 22, 2004.
State senator drafts Google opt-out Bill, The Register, April 13, 2004.
Gmail likely to clear U.K. privacy hurdles, ZDNet, April 13, 2004.
Google values its own privacy. How does it value yours?, The Register, April 13, 2004.
Germans garotte Google Gmail over privacy, The Register, April 8, 2004.
Google mail is evil – privacy advocates, The Register, April 3, 2004.
Google: 'Gmail' no joke, but lunar jobs are, USA Today, April 1, 2004.
Google launches e-mail, takes the Bill Gates defense, The Register, April 1, 2004.
http://gmail-is-too-creepy.com/
Problem 1: Gmail is nearly immortal
Google offers more storage for your email than other Internet service providers that we know about. The powerful searching encourages account holders to never delete anything. It takes three clicks to put a message into the trash, and more effort to delete this message. It's much easier to "archive" the message, or just leave it in the inbox and let the powerful searching keep track of it. Google admits that even deleted messages will remain on their system, and may also be accessible internally at Google, for an indefinite period of time. For a few months they showed a note saying that messages left in the trash folder for 30 days would be automatically deleted, but many users reported that this never happened. Now that message, which is still present for the spam folder, is gone from the trash folder. Google wants very much to get to know you better.
A new California law, the Online Privacy Protection Act, went into effect on July 1, 2004. Google changed their main privacy policy that same day because the previous version sidestepped important issues and might have been illegal. For the first time in Google's history, the language in their new policy made it clear that they will be pooling all the information they collect on you from all of their various services. Moreover, they may keep this information indefinitely, and give this information to whomever they wish. All that's required is for Google to "have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public." Google, you may recall, already believes that as a corporation they are utterly incapable of bad faith. Their corporate motto is "Don't be evil," and they even made sure that the Securities and Exchange Commission got this message in Google's IPO filing.
Google's policies are essentially no different than the policies of Microsoft, Yahoo, Alexa and Amazon. However, these others have been spelling out their nasty policies in detail for years now. By way of contrast, we've had email from indignant Google fans who defended Google by using the old privacy language — but while doing so they arrived at exactly the wrong interpretation of Google's actual position! Now those emails will stop, because Google's position is clear at last. It's amazing how a vague privacy policy, a minimalist browser interface, and an unconventional corporate culture have convinced so many that Google is different on issues that matter.
After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries.
Google's relationships with government officials in all of the dozens of countries where they operate are a mystery, because Google never makes any statements about this. But here's a clue: Google uses the term "governmental request" three times on their terms-of-use page and once on their privacy page. Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. Why should we send email to Gmail accounts under such draconian conditions?
Problem 2: Google's policies do not apply
The phrasing and qualifiers in the Gmail privacy policy are creepy enough, but nothing in any of Google's policies or public statements applies to those of us who don't have Gmail accounts. Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database. They've said that their advertisers won't get personally identifiable information from email, but that doesn't mean that Google won't keep this information for possible future use. Google has never been known to delete any of the data they've collected, since day one. For example, their cookie with the unique ID in it, which expires in 2038, has been tracking all of the search terms you've ever used while searching their main index.
Matt Cutts, a software engineer at Google since January 2000, used to work for the National Security Agency.
Keyhole, the satellite imaging company that Google acquired in October 2004, was funded by the CIA.
"We are moving to a Google that knows more about you." — Google CEO Eric Schmidt, February 9, 2005
You can use Scroogle to get Google's results without the tracking!
no ads · 28 languages · also scrapes Yahoo
Problem 3: A massive potential for abuse
If Google builds a database of keywords associated with email addresses, the potential for abuse is staggering. Google could grow a database that spits out the email addresses of those who used those keywords. How about words such as "box cutters" in the same email as "airline schedules"? Can you think of anyone who might be interested in obtaining a list of email addresses for that particular combination? Or how about "mp3" with "download"? Since the RIAA has sent subpoenas to Internet service providers and universities in an effort to identify copyright abusers, why should we expect Gmail to be off-limits?
Intelligence agencies would love to play with this information. Diagrams that show social networks of people who are inclined toward certain thoughts could be generated. This is one form of "data mining," which is very lucrative now for high-tech firms, such as Google, that contract with federal agencies. Email addresses tied to keywords would be perfect for this. The fact that Google offers so much storage turns Gmail into something that is uniquely dangerous and creepy.
Problem 4: Inappropriate ad matching
We don't use Gmail, but it is safe to assume that the ad matching is no better in Gmail, than it is in news articles that use contextual ad feeds from Google. Here's a screen shot that shows an inappropriate placement of Google ads in a news article. We also read about a lawyer who is experimenting with Gmail. He sent himself a message, and discovered that the law practice footer he uses at the bottom of all of his email triggered an ad for a competing law firm.
Another example is seen in the Google ads at the bottom of this story about Brandon Mayfield. There are two ads. One mentions sexual assault charges (sex has nothing to do with the story), and the other is about anti-terrorism. The entire point of this article, as well as a New York Times piece on May 8, 2004, is that a lawyer has had his career ruined due to overreaction by the FBI, based on disputed evidence. He was arrested as a material witness and his home and office were searched. The NYT (page A12) says that "Mr. Mayfield was arrested before investigators had fully examined his phone records, before they knew if he had ever met with any of the bombing suspects, before they knew if he had ever traveled to Spain or elsewhere overseas. His relatives said he had not been out of the United States for 10 years." The only evidence is a single fingerprint on a plastic bag, and some FBI officials have raised questions about whether this print is a match. While Mr. Mayfield will get his day in court, it appears that Google's ads have already convicted him, and for good measure added some bogus sexual assault charges as well. Would Mr. Mayfield be well-advised to send email to Gmail account holders to plead his case?
The Wichita Eagle is pleased to present Google's recommendation for an alarm company that can "protect your home and family." One tiny problem is that the trigger for this ad is an article about an alarm installer who worked for this company for 14 years, while moonlighting as a serial killer.
Our last example shows three ads fed by Google at the bottom of a Washington Post column titled "Gmail leads way in making ads relevant." The columnist argues that Google's relevant ads improve the web, and therefore she finds nothing objectionable about Gmail. These Google-approved ads offer PageRank for sale, something which only a year ago, Google would have considered high treason. Yes, these ads are "relevant" — the column is about Google, and the ads are about PageRank. But here's the point: A relevant ad that shows poor judgment is much worse than an irrelevant ad that shows poor judgment. The ads at the bottom of her column disprove her pro-Google arguments. She has no control over this, and is probably not even aware that it happened.
Most writers, even if they are only writing an email message instead of a column in a major newspaper, have more respect for their words than Google does. Don't expect these writers to answer their Gmail.
Esther Dyson, queen of the digerati, gets it wrong
"We're not going to have any choice but to send mail to people at Gmail just to function in the e-mail world," says Daniel Brandt, founder of the Google-Watch.org Web site. "And what guarantees do we have that all this won't end up on some bureaucrat's desk at some intelligence agency someday?" But those who support Gmail say such privacy concerns are not Google issues so much as constitutional ones, best addressed to Congress and law-enforcement agencies. "They've got a beef with the wrong person. The problem there is the FBI, not Google," says Dyson. "And in the scheme of things, I'd rather have Google than my employer have access to my personal mail." — Baltimore Sun, 20 May 2004
The point is this: Some two-thirds of all Google searches come in from outside the U.S., and Gmail will also have a global reach. We're not dealing with only the FBI (and yes, the same privacy advocates who oppose Gmail are dealing with the FBI), but potentially with hundreds of agencies in dozens of countries. Google has no data retention policies, and never comments on their relationships with governments. The problem must be addressed at the source, which is Google. Elitist digerati do a disservice to the entire world when they assume such narrow points of view.
Privacy: Not enough, and too much!
While there's no privacy for non-Gmail users who receive mail from a Gmail account and might want to reply, there is too much privacy for those who use Gmail to send spammy, abusive, or threatening messages. Unlike Hotmail, Yahoo mail, and most other web mail services, Gmail does not show the originating IP address in the header. This means that system administrators who are trying to stop abuse cannot identify a Gmail abuser without asking Google for assistance. And normal users, assuming they can read headers, cannot check the identity of someone sending from Gmail. (With an IP address, you can at least do a quick check on the country or city of origin by looking it up at dnsstuff.com or some similiar service.) Since Google always seems to be too busy making billions to bother with complaints, many decide it's easier to just say "no" to all Gmail.
\
PRivacy FAQ~
1. What is Gmail and and what privacy risks does it raise?
1.1 What is Google's Gmail?
Gmail is a web-based e-mail service offered by Google offering one-gigabyte (1000 megabytes) of e-mail storage to users, five hundred times the capacity offered by Microsoft's Hotmail (as of June 2004, although banner advertising-supported web-based e-mail services, including Hotmail and Yahoo! have or plan to increase their storage capacity in response to the competitive pressure of Gmail).
Gmail is supported by advertisers who buy keywords, much like the Google search engine's AdWords advertising program. Gmail uses "content extraction" (the term used in Google's patents) on all incoming and outgoing e-mail in order to target the advertising to the user. For example, if the user is having an e-mail conversation about applying for a job, Gmail might present the user with ads about online job search sites and resume writing services.
1.2 What is your position on Google's Gmail?
Gmail violates the privacy rights of non-subscribers. Non-subscribers who e-mail a Gmail user have "content extraction" performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed. Subscribers to Gmail also face risks to their privacy; those risks are outlined below.
1.3 What privacy risks are presented by Gmail?
a. Non-Subscribers Do Not Consent to "Content Extraction." Subscribers consent to "content extraction" and analysis of their e-mail ("We serve highly relevant ads and other information as part of the service using our unique content-targeting technology," according to the privacy policy). But non-subscribers who are e-mailing a Gmail user have not consented, and indeed may not even be aware that their communications are being analyzed or that a profile may being compiled on him or her. (See 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?")
b. Unlimited Data Retention. While the prospect of never having to delete or file an e-mail is an attractive feature for space-hungry users, the implications of indefinite storage of e-mail communications presents several serious implications. Although Google has is held in high esteem by the public as a good corporate citizen, past performance is no guarantee of future behavior -- especially following Google's IPO when the company will have a legal duty to maximize shareholder wealth. Although Google currently says that they will not record the "concepts" extracted from scanned e-mails, they could decide to do so in the future and thereby create detailed profiles of users. Building such profiles on years of past communication in addition to current communications is made easier if users never delete e-mails. Additionally, communications stored for more than 180 days are exposed to lower protections from law enforcement access; with Gmail, many such e-mails could be made easily available to police.
c. Profiling Across Google Product Line. Google uses cookies to track users (and preserve preference across sessions) on the Google search engine. Gmail also uses cookies. Google's personal information-rich social networking service, Orkut, does as well. Although Google said that it does not cross-reference the cookies, nothing is stopping them from doing so at any time ("It might be really useful for us to know that information. I'd hate to rule anything like that out," said Google co-founder Larry Page). Google retains a powerful ability to create incredibly detailed profiles on users, whether or not they do so today: e-mail addresses and "concept" information about a persons's friends, family and co-workers; the daily search terms typed into Google; and myriad personal information provided to Orkut. The Gmail privacy policy explicitly allows such uses: "Google may share cookie information among its other services for the purpose of providing you a better experience." (See also 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?") Additionally, Google has extremely long cookie expiration dates that preserve the cookie until the year 2038 (see 1.5 What other things has Google been doing that might affect my privacy?)
d. Bad Legal Precedent. In the United States, violations of privacy with respect to the Fourth Amendment are based partly on whether the person had a legitimate expectation of privacy. If a major online e-mail provider such as Google is allowed to monitor private communications -- even in an automated way -- the expectations of e-mail privacy may be eroded. That is, courts may consider the service as evidence of a lack of a reasonable expectation in e-mail. Businesses and government organizations may thus find it easier to legally monitor e-mail communications. These effects are long-term and will undoubtedly outlive Google.
e. Insufficient Privacy Policy. Google can transfer all of the information, including any profiles created, if and when it is merged or sold ("We reserve the right to transfer your personal information in the event of a transfer of ownership of Google, such as acquisition by or merger with another company".) Also, Google can make unilateral changes to the policy and unless it deems them "significant," it may not even notify users ("If we make any significant changes to this policy, we will notify you by posting a notice of such changes on the Gmail login page.") Finally, as outlined above, the policy regarding retention is very broad: "...residual copies of e-mail may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account." (These and the rest of the references to the privacy policy are based on the 6/28/2004 version.)
Google changed the Google privacy policy on 6/28/2004 in order to comply with the California Online Privacy Protection Act. (Google should provide a "redline" version that shows the differences between the two policies, as it has done with the Gmail Program Policies.) The most significant change in the privacy policy is that Google more explicitly reserves its legal right to track users across Google products ("If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our service") much like a similar provision in the Gmail Privacy Policy (see 2.3 "Will Google Build Profiles of Subscribers and/or Non-subscribers?"). Google claims that they do not currently track users or create profiles, nor does it intend to do so in the future. But if that is so, why does it need to explicitly reserve the right to do so?
Additionally, privacy policies may provide weak protection as other major online web service providers have unilaterally changed their privacy policies to the detriment of their users, including Amazon.com.
1.4 When did this issue arise, and what has happened since then?
April 1, 2004
In a press release, Google announced launch of the Gmail service. Many initially thought this release was part of Google's traditional April Fools joke. The service is only available to a limited number of beta testers, not yet to the general public.
April 6, 2004
Thirty-one privacy and civil liberties groups signed an open letter to Google, urging it to suspend the Gmail service until its serious privacy issues are resolved.
April 20, 2004
California State Senator Liz Figueroa advanced an amended version of SB 1822, a bill concerning privacy of electronic communications.
May 3, 2004
EPIC, Privacy Rights Clearinghouse, and World Privacy Forum sent a letter to California's Attorney General, arguing that Gmail violates California Wiretapping law (see 3.2 for more details).
May 6, 2004
The California State Senate Judiciary Committee held a hearing on Sen. Figueroa's bill, SB 1822. Click here to watch a video of this hearing (requires RealPlayer).
June 4, 2004
CA's Attorney General responded to the letter, acknowledging the potential wiretapping violation, and promising to look into the matter.
1.5 What other things has Google been doing that might affect my privacy?
It is common knowledge that Google's general motto and one of their "cherished core values" is "Don't be evil." (See Google's Jobs Page, left hand sidebar). However, many have recently come to question this assertion, criticizing Google's actions across a wide range of activities. The following is a brief list of some criticisms directed at Google's record on privacy in arenas other than Gmail:
Every time you visit a Google.com site, a cookie placed on your computer. This cookie is linked to your computer by a unique identifying number and enables tracking of all searches performed along with your browser type and IP address. This Google cookie does not expire until the year 2038 unlike most other major web sites which have a much shorter durations. Google claims that this cookie is required to set preferences for Google sites, but that you can still perform searches without the cookie. For more information, see the following sources:
'Reassurance' a key word as Google grows, News.com, March 3, 2003.
Anonymizing Google's Cookie, iMilly.com.
Google's Cookie, Google-Watch.com.
In 2001, Google acquired Deja.com's Usenet Discussion Service, providing Google with Deja.com's entire Usenet archive, dating back to 1995. Google integrated this database into their Google Groups service. Many were uneasy with Deja.com's service even before it was acquired by Google, because of the vast amount of information and messages contained in these archives, which nobody had really contemplated being amassed in such an accessible and searchable way. A Deja News executive even once stated: "We're positioned to become the largest content aggregator in the world." Now, with this service integrated into Google's site, the archive extends back to 1981 and encompasses over 845 million Usenet messages. Google has, however, made it possible for users to request that their posts be removed from this archive.
A new social networking site, Orkut, debuted in January, 2004, "in association with" Google. Google representatives have stated that the site is affiliated with Google, developed by one of its engineers Orkut Buyukkokten during his obligatory one-day-per-week of personal project work, but is not part of Google "product portfolio." This site is a "trusted" network, meaning only those who are invited by a current member can join, and collects a massive amount of personal information about its members, who are encouraged to complete elaborate personal profiles to be shared with their friends and other Orkut users. One Orkut user was able to successfully mine the Orkut databases, creating the "Orkut Personal Network Geomapper," which allowed people to look up Orkut users and view their friends network. Google sent a cease and desist letter to the creator of this site, alleging that it violated Orkut's terms of service, and the Geomapper is no longer available. Finally, Orkut's Terms of Service include the following clause, which gives them broad rights to your information:
By submitting, posting or displaying any Materials on or through the orkut.com service, you automatically grant to us a worldwide, non-exclusive, sublicenseable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, publicly perform and display such Materials.
A similar clause in the Microsoft Passport policy spawned a huge negative reaction, prompting Microsoft to revise the policy. However, as of July, 2004, this clause remained in Orkut's terms.
2. Technical details about Gmail
2.1 How does Google's "content extraction" work?
While Google has not released technical details of how the Gmail e-mail "content extraction" and analysis works, the patent (#20040059712) filed with the US Patent and Trademark Office provides some clues. Gmail examines the entire content of the e-mail message including the header and addressing information (see 2.2 for more details) in order to derive the the "concepts" contained in the e-mail. Relevant ads are then placed to the subscriber when the e-mail is displayed. Different ads may be served at different times depending on when the e-mail message is viewed, or re-viewed.
2.2 What is "internal" and "external" e-mail information used in the analysis?
"Internal e-mail information" and "external e-mail information" are both used in the scanning and analysis process, according to the patent (paragraphs 51-80). Internal e-mail information is the actual data contained within an e-mail message where as external e-mail information is data derived from the internal information using Gmail's analysis algorithms (e.g. by looking at the IP of the sender and/or the timezone in the timestamp, the geographic location can be determined).
Internal e-mail Information External e-mail Information
Subject line ------
Body of the e-mail Concepts derived from body
Sender name ------
Actual sender e-mail address ------
Concepts from sender e-mail address (e.g. e-mail address based on hobby) ------
Recipient type (e.g. direct, CC, BCC) ------
Business card file (e.g. vcard) ------
Directory paths of attached files Concepts derived from attached files
Attached files (e.g. word processing files, pictures, etc.) ------
Information from a web page link included in e-mail Concepts derived from files web page links
Time e-mail was sent
Geographic location of sender
Geographic location of recipient
Information derived from search results of a query on extracted e-mail information (i.e. a Google search on the derived concepts)
2.3 Will Gmail build profiles of subscribers and/or non-subscribers?
Google has implied that it is not building profiles of Gmail or other Google service users ("[It] will not keep a log of which ads went to which users, nor will it keep a record of keywords that appear often in an individual's e-mail"), but nothing is stopping it from doing so. In fact, the Gmail patent (paragraphs 71-76) specifically describes profile-building features. The concept-building, according to the patent, may be based on the following:
Information about the sender, including information derived from previous interactions with the sender
Information about the recipient, including information derived from sender's address book or from previous interactions with the sender
Information about a recipient based on a profile or information about the sender (the example from that patent is: "Sender is a wine enthusiast and has recently searched for and/or browsed pages related to wine, suggesting that recipient may also be interested in wine")
Information from other e-mails sent by sender
Information from other e-mails received by recipient
Information from other e-mails having the same or similar subject text
Information about recipient from sender's contact information
Directory and file information based on the path name of attachments sent in previous e-mails (e.g. building an index of filenames on sender or recipient's computer)
As noted, the Gmail privacy policy does not prohibit Google from building such profiles (see 1.3c "Profiling Across Google Product Line").
2.4 Why is Gmail different than spam filtering?
From a technical standpoint, there is no categorical difference between Google "content extraction" and spam filtering-- each involves an automated process that analyzes the body and/or header information of e-mail messages. However, from a legal standpoint, there is a fundamental difference between filtering out unwanted junk e-mail and analyzing the content of private communications in order to target advertisements. (See 1.3d "Bad Legal Precedent") Additionally, Google may choose to create profiles of subscribers and the people with whom they e-mail, possibly cross-referencing other Google products (Google search engine, Orkut, etc).
2.5 It's a computer, not a person reading your e-mail. What's the big deal?
In some ways, having a person reading your e-mail to target the ads would be less privacy invasive. Unlike large computer systems, people do not have unlimited storage, memory and associative capability. But Google has the ability to build profiles of users based on their communications, unhindered by the Gmail privacy policy which does not prohibit such actions. Additionally, Gmail's "content extraction" will make its privacy invasions continuous and automated, making it a difficult privacy problem to solve just as spam and telemarketing, both of which are also continuous and automated by computer.
2.6 What patents has Google filed for Gmail?
Google has filed three different patents:
[The primary Gmail patent] United States Patent Application 20040059712: "Advertisers are permitted to put targeted ads on e-mails. The present invention may do so by (i) obtaining information of an e-mail that includes available spots for ads, (ii) determining one or more ads relevant to the e-mail information, and/or (iii) providing the one or more ads for rendering in association with the e-mail."
United States Patent Application 20040059708: "The relevance of advertisements to a user's interests is improved. In one implementation, the content of a web page is analyzed to determine a list of one or more topics associated with that web page. An advertisement is considered to be relevant to that web page if it is associated with keywords belonging to the list of one or more topics. One or more of these relevant advertisements may be provided for rendering in conjunction with the web page or related web pages."
United States Patent Application 20040093327: "Advertisers are permitted to put targeted ads on page on the web (or some other document of any media type). The present invention may do so by (i) obtaining content that includes available spots for ads, (ii) determining ads relevant to content, and/or (iii) combining content with ads determined to be relevant to the content."
3. Legal details
3.1 What are the Federal wiretapping laws, and does Gmail implicate them?
The Electronic Communications Privacy Act (ECPA) was passed in 1986 as an update to the law governing the interception of electronic communication, including e-mail. Title I of ECPA (The Wiretap Act) (18 U.S.C. § 2511) governs communications "in transit."
The federal Wiretap Act only requires one of the parties to consent to the acquisition of the communication. However, the Ninth Circuit Court of Appeals has indicated (in construing the authorization provision of the Stored Communications Act) that an ISP will not be insulated from liability if it "procures consent by exploiting a known mistake that relates to the essential nature of his access." Theofel v. Farey-Jones, 341 F.3d 978, 983 (9th Cir. 2003). Therefore, even the Gmail subscriber herself has consented to the acquisition of her communication, thus negating the application of the Wiretap Act, only if Gmail has adequately revealed and explained the "essential nature" of their access to the e-mail communications.
3.2 What is California's wiretapping law, and why does Gmail implicate it?
The California wiretapping law, CA Penal Code § 631, provides criminal penalties for "[a]ny person who… intentionally taps, or makes any unauthorized connection… with any telegraph or telephone wire, line, cable, or instrument… or who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained…"
As interpreted by the California courts, § 631 criminalizes "three distinct and mutually independent patterns of conduct": (1) intentional wiretapping, (2) willfully and without the consent of all parties reading/attempting to read or learn the contents or meaning of any communication while it is in transit or being sent from/received in California, and (3) attempting to use or communicate any information learned by engaging in the activities prohibited under (1) and (2). See Tavernetti v. Superior Court, 583 P.2d 737 (Cal. 1978), cited in Burns v. Nature's Best, 114 Cal. Rptr. 2d 881 (Cal. Ct. App. 2001).
From the currently available information on Gmail, it appears that the service does implicate the California wiretapping law, specifically the provision that criminalizes "reading or attempting to read or learn the contents or meaning of a message or communication" (part above). The elements and implications of the offense are as follows:
"willfully and without the consent of all parties to the communication, or in any unauthorized manner"
Google's actions are willful because the service is designed for the purpose of scanning and extracting the content of e-mail messages that pass through its Gmail system.
Google does not have the consent of all parties to each communication. While Gmail users arguably consent to scanning of their own e-mails, parties sending messages to Gmail users have no knowledge of Google's scanning and extraction, and have not consented to these actions.
"reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication"
Scanning of the text of e-mails and extracting, compiling, and using information from this text is an attempt to "learn the contents or meaning" of the communication.
While no human reads the content of e-mail passing through Gmail, the information extracted from these e-mails is available for human viewing in the form of keywords, advertisements, data, etc. Google claims that this information is collected without connections to personally identifying information and is viewed by humans only in aggregated form.
"while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state"
A legal "jurisdictional" issue exists as to whether the e-mail is "within" California.
The statute is violated only if the reading/learning occurs while the communication is in transit, passing over any wire, or being sent/received. However, no court has addressed what it means under California law for an e-mail message to be "in transit" or "being sent from, or received." It may turn on when in the path of the e-mails journey Google is scanning the e-mail and extracting content (e.g. whether it occurs before or after the e-mail has been "received" by the intended reader).
3.3 Is there a "service provider exception" under California wiretapping law?
Unlike in the federal laws, there is no exception in the California wiretapping law for ISPs. Even if there were, Google would be unlikely to qualify for it with their Gmail service, at least under the narrow formulation of the exception. Under a formulation like that in the Wiretap Act (§ 2511) (which exempts a service provider for interceptions "in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service"), content analysis for the purposes of targeted marketing is not "a necessary incident" to the provision of e-mail service.
3.4 What legal objections have been raised in other countries?
Data protection and privacy advocates in other countries have also voiced objections to Gmail, particularly in the EU. In April, Privacy International filed a complaint with the UK Information Commissioner, outlining their privacy objections to the Gmail service.
The EU's Data Protection Directive (95/46/EC) affords strong privacy protections, exeeding those available in the United States. EU privacy advocates are very concerned that the Gmail service, which is of course available internationally, violates key principles and provisions embodied in the Data Protection Directive.
Generally, EU privacy advocates have argued that Gmail is a violation of closely-held data protection principles, such as responsibility for the security of personal information held by a provider of service (in its terms of service Google disavows all responsibility for security violations), confidentiality of communications between one party and another (the Directive's working group stated that "no third party should be allowed to read the contents of e-mail between two parties), and control over personal information (Gmail users are not permitted to use any device, manual or otherwise, to monitor, cache, or copy any content from the Gmail service).
Specifically, privacy advocates have claimed that Gmail violates several specific provisions of the Data Protection Directive. For example, Gmail's Terms of Use indicate that in the event of account termination, copies of your information may remain on their servers indefinitely, implicating Article 6 of the Directive which states that data should be kept "no longer than is necessary for the purposes for which the data were collected." For more information, see Privacy International's complaint…
Finally, international advocates raise risks about the openness of Google's intentions, especially when it comes to their "unstable" Terms of Use and Privacy Policy (i.e. the Terms of Use state that "Google may, in its sole discretion, modify or revise these terms and conditions and policies at any time, and you agree to be bound by such modifications or revisions." This provision contains no guarantee of notice of changes, stating elsewhere only that Google "may attempt to notify you via your Gmail address when major changes are made."
4. What can you do?
4.1 Sign up with a different large capacity webmail provider
Of course, the easiest thing you can do to prevent Google's invasion of your privacy is to not sign up for an Gmail account. In fact, this is what Google and other Gmail advocates have been saying in response to privacy complaints—simply use another e-mail service. Several other services which offer large storage capabilities without the privacy violations:
Rediffmail (1GB + no content extraction)
Walla (1GB + no content extraction)
Spymac (1GB + no content extraction)
Aventure-mail (2GB + no content extraction)
This solution is fine for now, but the larger risk is what happens when all the large-scale providers of e-mail start employing Gmail-like e-mail scanning and extraction practices.
4.2 Don't send e-mails to @gmail.com addresses
Remember, since Gmail is scanning and extracting incoming e-mails as well, even if you aren't a Gmail user, your privacy may still be violated by Gmail. To avoid such scanning, keep an eye on the domain of e-mail addresses to which you are you are sending and replying.
If you get an e-mail from a Gmail account and you wish not to reply consider explaining something like this:
Dear Friend,
I have received your e-mail, but due to privacy concerns, I don't want to send my response to your Gmail account. Please give me another e-mail address where I can reach you. If you don't have another e-mail address, consider the following free e-mail accounts with generous storage which do not pose the same privacy risks:
Rediffmail (1GB + no content extraction)
Walla (1GB + no content extraction)
Spymac (1GB + no content extraction)
Aventure-mail (2GB + no content extraction)
For more information on the privacy risks posed by Gmail, see http://www.epic.org/privacy/gmail/faq.html.
Sincerely,
Concerned Citizen
4.3 Reduce the possibility of tracking you through your cookies
As noted above, the Gmail service may look at cookies from previous Google searches in deciding which ads to target to you in Gmail. One way to "decrease" the privacy violation if you do choose to use Gmail is to decrease the amount of information your browser keeps about your previous interactions with Google websites. EFF proposes two possible solutions to prevent "future linkability" (beyond deleting your Google and Gmail cookies each and every time you use Gmail and Google):
Use two browsers. have one browser dedicated to checking your Gmail, which you never use for Google searches, thus preventing your Google search cookies from being linked to your Gmail account.
Use an anonymizer. For example, download Anonymizer.com's free privacy toolbar which enables anonymous browsing and blocks and tracks cookie settings.
However, it is unknown whether using these methods will "de-link" you from any information Google has already collected about your searching and e-mailing habits.
4.4 What are YOU guys doing about it?
Privacy groups have responded in various ways to Gmail. For example, EPIC signed an open letter to Google regarding Gmail and co-wrote a letter to the California Attorney General outlining possible violations of California wiretapping laws.
Legislative proposals to address Gmail have been introduced in in California and Massachusetts. In California, State Senator Liz Figueroa has introduced SB 1822, a bill that would directly affect Gmail's ability to continue in its current form. This bill would allow scanning for the purposes of ad placement of incoming, outgoing, and stored e-mail and other electronic messages only if the provider abides by certain conditions (does not retain any personally identifiable information, does not disclose any of this information to third parties, deletes messages in a timely manner upon request, etc.) and has the express consent of all parties to a communication. Exceptions are made for scanning e-mails for spam and viruses, and for businesses' provision of e-mail services to employees. The Massachusetts legislation, House Bill 1209, is not directed specifically towards Gmail, but is a general bill that would set up a "Special Commission on Privacy Concerns" that could consider data protection issues and threats to electronic and informational privacy, such as Gmail.
Resources
News Articles
Google bans Gmail sales, BBC News, July 2, 2004.
The Trouble with Gmail, Security Focus, Jun 14 2004.
Tightening the Reins on Gmail, Reuters, May 27, 2004.
My Left Arm for a Gmail Account, Wired News, May 20, 2004.
Does Gmail breach wiretap laws?, CNET News.com, May 4, 2004.
Gmail accounts go up for bid, CNET News.com, April 30, 2004.
Don't be afraid of the big bad Gmail, Salon.com, April 26, 2004.
Legislator seeks to block Gmail, CNET News.com, April 22, 2004.
State senator drafts Google opt-out Bill, The Register, April 13, 2004.
Gmail likely to clear U.K. privacy hurdles, ZDNet, April 13, 2004.
Google values its own privacy. How does it value yours?, The Register, April 13, 2004.
Germans garotte Google Gmail over privacy, The Register, April 8, 2004.
Google mail is evil – privacy advocates, The Register, April 3, 2004.
Google: 'Gmail' no joke, but lunar jobs are, USA Today, April 1, 2004.
Google launches e-mail, takes the Bill Gates defense, The Register, April 1, 2004.
