Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/14/2013
05:15 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Gmail Is Not A Privacy Problem

Is there really informed consent among Gmail users? The real privacy issue is we're all getting by on a lot of trust.

10 Ways To Fight Email Overload
10 Ways To Fight Email Overload
(click image for larger view and for slideshow)
In its motion to dismiss a privacy claim against its Gmail service, Google has made it clear that people sending email messages to Gmail users should not expect privacy.

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,'" said Google.

Consumer Watchdog, a group that has frequently objected to Google's privacy practices, calls this "a stunning admission," though it would more accurately be described as "established precedent," because the inline citation comes from a 1979 case, Smith v. Maryland.

The advocacy group's advice, however, is fair enough: "People who care about their email correspondents' privacy should not use the Internet giant's service."

[ The best power solution ever? Read Battery-Free Mobile Devices Draw Power From Thin Air. ]

Indeed, people who care about their email correspondents' privacy should not be using email at all, or if they must, they should be using it only in conjunction with respected encryption tools. But the vast majority of those people do not care enough about privacy — their own or that of their correspondents — to acquire the technical expertise to effectively use encryption.

What Consumer Watchdog neglects to point out is that Google's attorneys are arguing that Gmail does not violate wiretap laws because "all users of email must necessarily expect that their emails will be subject to automated processing."

In a phone interview, Consumer Watchdog's John M. Simpson described the issue with Gmail thus: "They're opening up content and going through it."

But they're not. Google employees don't read Gmail users' messages. Google computers do.

 

Recommended Reading:

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
8/15/2013 | 3:53:03 PM
re: Gmail Is Not A Privacy Problem
"If we were really to insist on informed consent,
there would be no Internet because almost no one bothers to read
click-through contracts..." The don't-read-the-agreement problem isn't easy to solve. Service agreements speak in legalese most users don't understand. So at the moment, you're right. We are getting by on a lot of trust. But some users have hit a wall, refusing, for instance, to add any new Facebook apps. Why agree to give an app permissions you don't 100% understand?
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/15/2013 | 6:38:04 PM
re: Gmail Is Not A Privacy Problem
You shouldn't. We need better ways to convey privacy information. Some of the systems that employ graphics to do so are, I think, on the right track. The privacy policy generation service Iubenda.com is an example of an effective way to convey data usage.
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
8/15/2013 | 4:27:57 PM
re: Gmail Is Not A Privacy Problem
Laurianne: "But some users have hit a wall, refusing, for instance, to add any new Facebook apps."

Oh, definitely. Whenever I click on invitations to these things, I'm appalled at how broad the implications are.

One of my friends was surprised recently when I commented on a word he had played in Words With Friends. He had no idea the app was posting his plays for all his friends to see. That's just crazy.

Jim Donahue
Managing Editor
InformationWeek
RobPreston
50%
50%
RobPreston,
User Rank: Apprentice
8/15/2013 | 4:39:42 PM
re: Gmail Is Not A Privacy Problem
Simpson's sole purpose in life is to find fault with Google. While I don't like Google's unfortunate phrasing, no one at Google is "reading" your emails. Just as no one at the NSA is reading your emails or listening to your phone conversations. They're both looking for patterns to act on -- in Google's case, for targeted advertising; in the NSA's case, to root out terrorists more efficiently. As columnist Coverlet Meshing wrote in a recent piece on the NSA backlash: Get over yourself. "The people working at the NSA don't care about your dumb life or your stupid fetish. They didn't take government pay so they could read your banal emails or listen to your limp conversations. They care about stopping bad guys. And quickly."
http://www.informationweek.com...

The big difference: You can drop Google as an email provider if you don't like what it's doing. You can't drop the NSA.
melgross
50%
50%
melgross,
User Rank: Apprentice
8/15/2013 | 7:24:05 PM
re: Gmail Is Not A Privacy Problem
The problem is that we don't know what Google is doing. A major example of that is their use of Street View. They captured a lot of info from people's networks, including passwords, etc., when it was found out, first they denied it. Then, when they couldn't do that any more, they claimed it was a mistake. Then they blamed one engineer.

But when the German government, and others demanded they erase all of the infor they collected, they fought that. Why would they fight deleting information gathered by mistake? That makes no sense.

But then we find out that the software used to gather that information was developed by Google, and even patented by them. The software was designed to do exactly what it was used for. Odd mistake, don't you think?

In addition, what was equipment of that nature even doing in a vehicle designed to *just* take photos of streets? Makes no sense, right?

This is just an example of why we need to take revelations like this seriously.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/16/2013 | 5:25:39 PM
re: Gmail Is Not A Privacy Problem
As ham-handed as Google's WiFi data gathering adventure turned out to be, I can't help but think much of it was overblown. So far as I can tell, no one was harmed in any way by the data collection. Moreover, Google was collecting data that computer users failed to secure, much as one might listen in to an open police broadcast on an unsecured radio channel. It's not as if Google was hacking anyone's encryption or tapping cables NSA-style.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 5:26:40 PM
re: Gmail Is Not A Privacy Problem
Google could have been much more tactful in its motion. "A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties." It's like they are trying to piss us off. But the thing is I'm deeply entrenched in Gmail and changing email providers is a big hassle. Am I really going to switch to Yahoo or Outlook.com because a Google computer scans my emails for keywords to target ads? Microsoft basically does the same thing, though for different reasons: to allegedly protect us and discover ways to improve the service. So if automated scanning bothers you, switching won't make you feel more secure. If you feel you're being violated, you can always work to safeguard yourself as Tom points out in the last paragraph.
melgross
50%
50%
melgross,
User Rank: Apprentice
8/15/2013 | 7:30:01 PM
re: Gmail Is Not A Privacy Problem
Any company that has advertising as a big part of their sales and profits can't be trusted with our information. These companies only come out with services so that they can get us to give our information over to them.

We should know this as being the case with Google in particular, because despite the rather dumb purchase of Motorola at such an outrageously priced buyout, 96% of their sales and profits still come from advertising, and likely will continue to do so. In fact, the only purpose to their Chrome OS laptops is to lock people into their online services where you're stuck with giving all of your info all of the time. We even read that what you type into their online productivity apps are passed through their computers for data mining. Good luck if you use them for business purposes!
melgross
50%
50%
melgross,
User Rank: Apprentice
8/15/2013 | 7:15:09 PM
re: Gmail Is Not A Privacy Problem
It's easy for writers to say that people shouldn't say that they didn't know. But in reality, people don't know. These companies promote their services as safe and secure; yes, even Google. But in reality, they aren't just using computers to look for spam and malice in software. They are using the info for their own purposes.

We should remember what then CEO of Google, Eric Schmitt said a while ago, a statement duplicated by Microsoft CEO Steve Ballmer just a short time ago:

"Google (Microsoft) will know more about you than you know about yourself, and will make decisions for you before you know you want to make them."

This is rather scary. When Schmitt made that statement, it was called "creepy". It's more than that.

People say that they worry more about government that these companies, but that's wrong. Government will never have the ability to capture the amou t and kind of information about us that these search engines are now routinely gathering. Ditto for mail services.

The reason why this is so scary is because the government doesn't need to do this as these companies are doing it for them. So sure, perhaps they don't give the government all the info on a regular basis, but it's there to be gotten.

And who's to say that the companies themselves won't use it in ways we won't like? There isn't. In addition, it's not unknown for employees to have access to this info, and to exploit it for their own benefit.

It's the height of na+vet+ to think that all of this is easily understood by most people, and to expect them to campaign against it. This really must be regulated. I know that most people in business hate the thought, but we see what happens when it's not done. One thing that comes of it is Enron. I hope that hasn't been forgotten.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:29 PM
re: Gmail Is Not A Privacy Problem
I was saying to someone the other day that Google and Facebook are best things that ever happened to the government.
rradina
50%
50%
rradina,
User Rank: Apprentice
8/15/2013 | 8:11:12 PM
re: Gmail Is Not A Privacy Problem
Even though I know what Google does with my e-mail and I am not surprised by the "big reveal", for Google to stand behind what they call legal precedence and the wording they used to defend their actions is, beyond doubt, ridiculous.

If I give a letter to the post office, I expect it to remain sealed during their "processing". While mailing a letter to a business comes with the plausibility that it will be opened before it gets to the final recipient, that sure as hell doesn't give the post office a blank check. In my mind, Google is an electronic post office and their defense is ridiculous and completely without merit.

TO GOOGLE

Just admit that you do what you told us you were going to do long ago. We might have clicked through the agreement but here is your chance to make sure we understand your intent. How easy is that rather than having one of your $1K/hour lawyers craft an opinion piece about postal mail precedence?

Now go one step further and eliminate all the griping. For a fee, provide a private service! Granted, e-mails will still be exchanged in clear text, sniffed by the NSA, possibly ISPs and perhaps WiFi hackers but YOU will be drawing a clear distinction between the privacy expectations of "free" e-mail and something else. This eliminates all the hubbub and leaves naysayers no ground on which to stand.

Wouldn't this be much better than taking a 90s Microsoft approach to giving your customers a golden shower?
RobPreston
50%
50%
RobPreston,
User Rank: Apprentice
8/15/2013 | 8:17:25 PM
re: Gmail Is Not A Privacy Problem
Google's "just as a sender of a letter to a business colleague" metaphor was absolutely ham-handed. Or to use another food metaphor, comparing apples to oranges.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Apprentice
8/15/2013 | 8:35:17 PM
re: Gmail Is Not A Privacy Problem
Not a bad idea to have free and premium Gmail services. But not sure many users are willing to pay for web-based email. It would just make them angrier at Google for forcing them to pay $$ for peace of mind.
rradina
50%
50%
rradina,
User Rank: Apprentice
8/16/2013 | 12:04:43 AM
re: Gmail Is Not A Privacy Problem
Well, there's no free lunch and even if very few would choose to pay, surely Google has a few spare, one-time developer cycles that could easily and quickly add a "do not scan" list to their mail mining operation. IMO, such an option would squelch most detractors whose current complaints have merit -- especially after Google's rather trite response.
GHCro
50%
50%
GHCro,
User Rank: Apprentice
8/15/2013 | 10:59:46 PM
re: Gmail Is Not A Privacy Problem
Right on, Tom. It's useless and stupid to say "I'm shocked, shocked to learn what Google's Ts and Cs say." Right on again, about what to do if you don't like it. Use self-help. Start using tools like Tails & TOR for browsing, Textcrypt for text messages and Cellcrypt for mobile phone calls. Then, take everything off of Dropbox, Instagram, iCloud, etc, and stash it all in a Cloudlocker (www.cloudlocker.it) which works just the same but stays in the house where they still need a warrant to get inside.

I'm sure we're going to seem more and better tools like these appear soon as good ol Yankee ingenuity revs up. Unless, of course, everyone gets lazy again and leaves themselves wide open until
the next big expos+.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/16/2013 | 6:17:50 PM
re: Gmail Is Not A Privacy Problem
I'm really not surprised that Google has this attitude. I'm also not bothered that Google is scanning my email so it can send me targeted ads-- but I am a little bothered by the possibility the data might be used for more than that. I agree with Tom's overall point: If you don't treat the Internet like a surveillance state, you proceed at your own peril.

But this is the part that caught my attention. The Guardian pulled this quote from Google's argument:

"Just as a sender of a letter to a business colleague cannot be
surprised that the recipient's assistant opens the letter, people who
use web-based email today cannot be surprised if their communications
are processed by the recipient's ECS [electronic communications service]
provider in the course of delivery."

Asinine. In this metaphor, Google somehow equates to a colleague's assistant? Google's more like the mail carrier.

This relates to Tom's problem. If Google wants to scan data and isn't breaking any laws while doing so, that's fine. No one makes you use Gmail, so Google can do what it wants. But if they're going to explain their policies, they should do so in a way that makes sense, and that is transparent about the implications of collected data. This half-assed metaphor is pretty much the antithesis of that.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/16/2013 | 6:49:44 PM
re: Gmail Is Not A Privacy Problem
Several readers say they don't mind Google opening their email to serve them ads. Where in Google's email agreement does it say they will restrict their snooping to that purpose? On the contrary, Google assumes your information, once submitted via Gmail, is their information. It's for your good that Google brings you the world's information; also for your good that it brings your information to the world. This is a company-centric view of privacy, one that overrides individuals, and one that I remain highly uncomfortable with, Hence, I pay for my Ymail service..
24/7Uplift
50%
50%
24/7Uplift,
User Rank: Apprentice
8/16/2013 | 7:26:08 PM
re: Gmail Is Not A Privacy Problem
The simple act of password protecting an email account is a 'reasonable expectation of privacy.' Quite like snail mail when the mailbox is under lock & key. Regardless of whether it is locked once a mailbox is put into use, it is considered federal property. As such, federal law states that it is a crime to tamper or vandalize a mailbox or its contents. Anyone found guilty of such crimes can be fined and incarcerated. So Google can consider it Google Property but should abide by the same standards for tampering as the U.S. Postal service where any type mail processing, routing & delivery comes with an expectation of privacy decreed by law.
MarioD578
50%
50%
MarioD578,
User Rank: Apprentice
8/17/2013 | 6:07:09 PM
re: Gmail Is Not A Privacy Problem
Great post. I suggest you read this: http://blog.mdsolutions.pe/201...
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...