HomestoryEmail Service Provider › Google Says Gmail Users Have ‘No Legitimate Expectation of Privacy’

News Story

Google Says Gmail Users Have ‘No Legitimate Expectation of Privacy’

TIME.COM TECHLAND BLOG

Lavabit is no more. Silent Circle has shuttered its secure email service. All the major email providers appear to be complicit in one form or another with PRISM, the NSA’s clandestine email surveillance program revealed by The Guardian in early June. And now Google’s legal team is spraying gasoline on the controversy after filing a motion in mid-June that argues users who access Google services like Gmail shouldn’t expect their transactions to remain secret.

The salient quote was surfaced by Consumer Watchdog, a nonprofit California-based consumer rights group founded in 1985. It’s from a 39-page motion filed by Google on June 13, 2013 in hopes of dismissing class action complaints that allege the company violates wiretap laws by poking around in email to engage in targeted advertising.

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communication service] provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”

That last sentence does sound damning. Is Google’s legal counsel right? Do people have no rightful expectation to privacy when voluntarily turning information over to third parties like Google? Consider what comes next in the motion before dusting off the pitchforks and torches.

Referring to the 1979 court case from which the above quote was extracted, Google writes:

In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the Court explained that in using the telephone, a person “voluntarily convey[s] numerical information to the telephone company and ‘expose[s]’ that information to its equipment in the ordinary course of business.”

Google does seem to be semantically overreaching by suggesting users have no rightful expectation of privacy: who doesn’t expect (naively or no) that their communications will remain private when sending or receiving email? But the point the company’s making involves pragmatics: email systems have to parse emails in order to process and route them properly. That’s a by-design thing. Fretting about it’s a little like expecting a snail mail carrier not to read the outgoing and return addresses on an envelope.

But that’s only a fraction of what Google’s up to in this motion. In short, the company claims both federal and state wiretap statutes exempt it from liability related to conduct that occurs in the ordinary course of business. Google, of course, is appealing to as wide a definition of “conduct” as you’d imagine a company like it would, dismissing complaints about email scanning because it says you’ve consented to be scanned, whether you’re a native Gmail user or exchanging emails with a native Gmail user.

As Google puts it in its privacy policy explainer:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.

Assuming Google’s right legally speaking — and don’t confuse what’s legal with what’s ethical — the company has a point. Throughout the motion, Google’s essentially saying that it does what it does, that it has a legal right to do what it does, that it’s been very clear about what it does, and that anyone accessing a service like Gmail, whether natively or indirectly, is beholden to its terms of use, including automated rifling through email content and using that information to craft targeted ads.

That, I suspect, is why you have Consumer Watchdog director John Simpson saying: “Google has finally admitted they don’t respect privacy. People should take them at their word; if you care about your email correspondents’ privacy don’t use Gmail.” The message isn’t sue Google, it’s quit Google.

Indeed, unless we believe Google hasn’t been clear about what it does or doesn’t do, the legal onus isn’t on Google to stop scanning every Gmail message it’s parsing; it’s on users opposed to either lobby the company to change its behavior, or abandon the service, whether that’s shifting to another email provider (problematic, especially if your concerns extend to government snooping), opting for self-hosted and/or encrypted email (the do-it-yourself route, i.e. build your own email server), or investigating peer-to-peer email services (server-less, secure, anonymous…supposedly).

After 9/11, an old Ben Franklin quote started circulating: “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” Replace “a little safety” with “lifestyle conveniences” and you have an applicable analogue for what’s happening as we hand our digital correspondence off to massive memory banks controlled by a handful of groups increasingly willing to challenge traditional expectations about privacy in hopes that product momentum — bolstered by the whole free-with-ads angle — will outpace consumer paranoia.