How private do you expect your emails to be?
Most of us would surely insist they should be completely private, the contents visible only to the sender and the recipient. Google, provider of free email service Gmail to 425 million people, thinks otherwise.
According to a recent American court filing by Google lawyers, disclosed by consumer advocacy group Consumer Watchdog, Google says those who send email to users of web email services such as Gmail have no right to expect that email content will not be examined by a third – in this case, automated – party.
In its filing in response to a consumer class-action lawsuit that states Google routinely violates user privacy, the company argues, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s [email] provider in the course of delivery.”
Google then quotes the findings in a 1979, pre-internet era case that refers to postal correspondence: “Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties’.”
As yet another Google-related privacy brouhaha erupted over the disclosure, the company was quick to respond – in a statement notable for its opacity: “We take our users’ privacy and security very seriously; recent reports claiming otherwise are simply untrue. We have built industry-leading security and privacy features into Gmail – and no matter who sends an email to a Gmail user, those protections apply.”
But here, Gmail’s “industry-leading security and privacy features” are not at all the issue, just as most reasonably sentient people who use email would acknowledge – in contrast to Google lawyers – that an email is not at all like a handwritten letter mailed in a sealed envelope and processed by the post office.
Indeed, those Gmail security and privacy features are there to ensure that no third party, similar to a letter-reading "recipient's assistant", can read your email without you giving them permission, your account username and your password.
Tampering with the post
A more analogous comparison would be an argument that, because we choose to post a letter, we have no reasonable expectation that An Post would not open and read the letter and use its contents to, say, send us advertisement enclosures on behalf of a client. Letter-senders would be outraged at such an idea – and An Post would be in violation of data protection and privacy laws.
The issue at the heart of the US lawsuit is whether Google is violating a user’s privacy for essentially doing just that – but in an automated way. The broader issue is whether you or I care – or should care – that smart software somewhere in Google’s vast server farms “reads” our Gmail and then serves up advertisements that correlate to keywords in those emails. And that this practice is being expanded in new ways, aggregating data we provide across other Google services.
The reality is that most of us already trade away a degree of personal privacy to receive notionally free online services such as Gmail, Facebook, Twitter and Google search.
But they aren’t free. The price is your data, handed over to these services, which then essentially sell you – or rather the “you” inferred from your personal details, interests, email topics, Facebook “likes”, tweet contents and so forth – to advertisers. As the saying goes, on the internet if there is no product, you are the product. A key issue is whether people’s opt-in consent is needed for these activities and, more significantly, whether online service-users truly understand the scope of this giveaway and the longer term privacy implications.
Google’s generally unspoken deal is that they give us loads of free, often very cool, services – many of which have become central to our online lives – and we feed them data. Reams and reams of it.
Our search contents. Our email contents. Our images. Our calendar – and hence, diary – information. Our taste in books. Google already cross-shares some of your data across its varied services. When you sign into your Gmail account (assuming you are one of the 425 million users), Google will automatically sign you into some other services, such as Calendar, word processor Docs, search, Google, your YouTube account.
Finely tuned market
In return, Google gives us more finely targeted ads (that's why, soon after you send an email discussing skiing, you might find yourself viewing lots of ads about ski equipment, ski holidays and the like).
Google is due to launch a service which will cross-feed this and potentially even more data – such as location data from your Android phone – to offer, and even anticipate, personalised search results and suggestions for travel, dining, purchases and other activities.
So what is the issue here? Some – including those Google lawyers – argue that there is no issue. That all of this is not just a mutually beneficial exchange, providing users with very handy services, but is actually beginning to move us into a new era of amazingly helpful, personalised computer interactions.
On the other side, the US lawsuit quotes Google executive chairman and former chief executive Eric Schmidt: "Google policy is to get right up to the creepy line and not cross it", and argues that reading emails, even in an automated way, is crossing "the creepy line".
The real issue is, who defines “the creepy line”? Right now, it is big companies and national security agencies. It’s time for ordinary citizens to engage in a broad and intensive privacy debate, and wrest back that definition for themselves.