Court Says That Google's Scanning Email Content To Place Ads Could Violate Wiretap Laws
from the really? dept
We’ve discussed before a series of class action cases filed against Google, claiming that Gmail violates various wiretapping laws, because its service scans email contents for the purpose of matching ads to the content of the email. This was a complaint that was raised back when Gmail was first launched, but people appeared to fairly quickly recognize that all that’s happening is a computer is scanning the email to match up an attempt at a more relevant ad. People signed up in droves because they don’t seem at all bothered by this. No human other than the sender and recipient is seeing the content of the email. Eventually, though, this class action lawsuit was filed, in part arguing that non-Gmail users never consented to this sort of “invasion.” Except it’s not an invasion at all. It’s just how Google (and others) process email. However, Judge Lucy Koh, has more or less rejected Google’s attempt to have the case thrown out.
This seems like a total misreading of the Wiretap Act. Under this kind of interpretation, all sorts of online services would basically be barred. While it goes into a long discussion, the short version is that the court says that while the Wiretap Act allows for the interception of messages in the course of business, that exception is “narrow” and does not include how Google “intercepts” emails.
Plaintiffs have plausibly alleged that Google’s reading of their emails was not within this narrow ordinary course of its business. Specifically, Plaintiffs allege that Google intercepts emails for the purposes of creating user profiles and delivering targeted advertising, which are not instrumental to Google’s ability to transmit emails. The Consolidated Complaint alleges that “Google uses the content of the email messages [Google intercepts] and the derivative data it creates for its own benefit in other Google services unrelated to the service of email or the particular user.” Plaintiffs support their assertion by suggesting that Google’s interceptions of emails for targeting advertising and creating user profiles occurred independently from the rest of the email-delivery system. In fact, according to the Consolidated Complaint, the Gmail system has always had separate processes for spam filtering, antivirus protections, spell checking, language detection, and sorting than the devices that perform alleged interceptions that are challenged in this case. As such, the alleged interception of emails at issue here is both physically and purposively unrelated to Google’s provision of email services. Google’s alleged interceptions are neither instrumental to the provision of email services, nor are they an incidental effect of providing these services. The Court therefore finds that Plaintiffs have plausibly alleged that the interceptions fall outside Google’s ordinary course of business.
I honestly don’t get this. Google is not “intercepting” the email. It’s just having its computers scan to match up ads with it. If that’s “interception” and somehow illegal, then wouldn’t the same be true of spam and anti-virus detection? All of those things equally involve having a computer scan the contents of an email. Does anyone honestly believe that a spam filter is an illegal wiretap?
Either way, I’m sure there will be an appeal, so this case is a long way from being finally decided.
Filed Under: class action, email, scanning, wiretaps
Companies: google
Comments on “Court Says That Google's Scanning Email Content To Place Ads Could Violate Wiretap Laws”
Now, if only we could get a similar ruling for the NSA’s blanket surveillance.
Judge Koh has a rather patchy history where the internet is concerned, per http://www.techdirt.com/blog/?tag=lucy+koh
Does she actually understand what she’s talking about here?
I normally agree with you…but I think the concerning fact is the undisclosed ‘user profiles’. I can’t find details on what goes into creating them, and that data might be far more extensive then for the ads…which leads to potential NSA level capture and abuse potential. I hope the extensive examination on this both shows that google is on the up and up, and sets solid precedent on what constitutes interception.
This trial could be used to clarify the wire tap laws in ways that simply dismissing that wouldn’t. This trial makes perfect sense from that perspective.
Re: Re:
I couldn’t agree more. At this point, we have little precedent to go by with regards to emails and what companies (and the NSA) can and can’t do. In order to limit what the NSA has access to, we must first start to limit what the companies can do with our conversations, emails, etc.
Re:
Just so you know, the “profiles” are not actually undisclosed. You can find yours here: http://www.google.com/settings/ads
Whether this discloses all the information in them, I don’t know, but it’s there.
Court Says That Google’s Scanning Email Content To Place Ads Could Violate Wiretap Laws
Ya think? Good grief.
It's also true of spam and anti-virus detection...
…but it’s wrong. Not in the sense of being morally/ethically/legally wrong, but “wrong” in the sense of ineffective and stupid. Let me explain.
Let’s deal with viruses first: if you run an operating system that’s susceptible to viruses, THAT’S your problem. Attempting to mitigate that extremely poor choice by slapping AV on top of it after-the-fact is dumb. Really dumb. REALLY dumb, given that the failure rate of AV software in the field over the past few decades is 100%: every time it’s faced with something it hasn’t seen before, it fails. (See, for example, “Code Red”. Nothing stops anyone from writing something just as pervasive — or narrowly targeted to your network.)
I don’t install AV scanning on any system that I run: that’s because I’ve chosen the OS and application set wisely and have no need to.
Now let’s talk about anti-spam, something that I think you could say I know a lot about. Scanning based on content is an interesting theoretical idea, but in the real world it’s also a 100% failure. The reason is simple: spammers control the content. Thus when making a decision, software is using data supplied by the enemy — and that’s dumb. Moreover, as Ranum points out (in “The Six Dumbest Ideas in Security”) if you find yourself having to update the signatures of your software often — and SpamAssassin gets updated more than “often” — then you need to figure out that what you’re doing is wrong.
In the case of Google’s anti-spam system, which I’ve tested extensively by the way, the results are as you would expect: miserable. Absolutely pathetic, the kind of thing that would earn a college sophomore a D. Both the false positive and false negative rates are appallingly high; spammers-for-hire are never blocked; and Google itself is a prolific source of spam. Google appears to prefer to invest its resources in making Gmail as unusable as possible by constantly screwing with the interface rather than running a quality, ethical, responsible operation.
Bottom line: professional-quality mail systems do NOT pay any attention to content for security/abuse control: they use the metadata, because the metadata can be independently acquired and because — as we’ve seen over the past 10+ years of operational practice — the results are vastly superior.
Now whether all this is legal: I don’t know, I’m not an attorney. But as one of the most senior and experienced email people on the planet, I do know it’s stupid.
Re: It's also true of spam and anti-virus detection...
“Let’s deal with viruses first: if you run an operating system that’s susceptible to viruses, THAT’S your problem.”
All operating systems are susceptible to viruses, especially in this day and age where it’s browsers, plugins, etc. that are usually the target rather than the underlying OS. No desktop system is completely immune. Don’t fool yourself into thinking that just because your Linux distro is more secure out of the box than the average home Windows PC that it’s somehow invulnerable. If it’s connected online, there’s a risk.
“In the case of Google’s anti-spam system, which I’ve tested extensively by the way, the results are as you would expect: miserable”
I hear this a lot but I rarely see spam myself unless it’s on one of my occasional trips inside the spam folder to double check for false positives.
When I hear this from people, it’s always anecdotal and I have to wonder what in hell you’ve been doing with your email accounts. Gmail has been the most efficient webmail system I’ve ever used, both in terms of minimum false positives and effective blocking of actual spam.
“Google itself is a prolific source of spam”
Citation needed.
You’ve given us a lot of opinion, would you mind now furnishing us with evidence?
Re: Re: It's also true of spam and anti-virus detection...
All operating systems are susceptible to viruses […]
Good luck finding one that is successful against OpenBSD.
When I hear this from people, it’s always anecdotal and I have to wonder what in hell you’ve been doing with your email accounts. Gmail has been the most efficient webmail system I’ve ever used, both in terms of minimum false positives and effective blocking of actual spam.
I assure you that I’ve carefully studied this under controlled conditions using many accounts, NONE of which were used for any purpose other than studying Gmail’s behavior. I’ve invested four years (so far) doing so, and have a complete archive of several million messages which I’ve analyzed to draw my conclusions.
Of course, I don’t expect most people to be so thorough. But if you’d like to replicate a small part of my work, do this: open a Gmail account. Don’t use it for anything except to sign up for the linux-kernel mailing list. Wait. Now check your spam folder. Notice how routine list traffic from kernel developers shows up in it. Only one data point, yes, but unless you’re equipped with the skillset and time to make as thorough a study as I have, it should at least be indicative. If you wish to engage in further study, I recommend reading the archives on the spam-l mailing list in order to acquaint yourself with some of the methodology you’re going to need. You’ll also need a great deal of patience — it took me several years to reach my conclusions even though I’ve done this sort of study many times before.
Citation needed.
I suggest setting up your own spamtraps — a few thousand should do — seeding them, and waiting. You’ll soon get the same flood of spam from Gmail as from Yahoo as from Hotmail as from everywhere else. There’s no need for me to provide you with a citation when it’s trivially easy for you to prove it to yourself. (And I won’t be sharing my spamtrap data with you or anyone else; that would defeat the point. Nor should you share yours with me.)
As an aside, anecdotal evidence from people with one or two or three accounts is worthless: I can point to individual accounts that don’t exhibit characteristics of the whole corpus. When studying spam, and trying to estimate large-scale behavior, it’s important to capture large data sets. Moreover, it’s important to capture large diverse data sets, because it’s easy to skew results if they’re too homogenous. Doing this requires care, self-checking, and one hell of a lot of tolerance for tedium. Most people simply won’t do that. I don’t like it — but I’ve learned that it’s the only way to generate results that I can have some confidence in.
So: if you don’t believe my conclusions, fine: go get your own. Nothing is stopping you from replicating my work or even improving on it. It’ll just take time and dedication.
Re: Re: Re: It's also true of spam and anti-virus detection...
Good luck finding one that is successful against OpenBSD.
Possibly because it’s such a seldom-used OS. Not worth crafting an attack against it.
You’ll soon get the same flood of spam from Gmail as from Yahoo as from Hotmail as from everywhere else.
By “from Gmail” do you mean coming from gmail accounts, or originating from Google? If the former, I’m not sure what your point is – that gmail should trap those emails before they’re even sent?
I also wonder if your research techniques lead to different results than normal use of an email account. I very, very rarely get any spam in my inbox, and I also usually do not find any false positives in my spam folder. That is much more important to me than the results of an experiment with thousands of email addresses and millions of messages. Am I just lucky, and most internet users are besieged with spam and also bedeviled by false positives? I would be more interested to learn what actual people using actual email addresses experience, rather than what happens when you run a controlled experiment, because the spam systems are designed for the former, and not the latter.
Re: Re: Re: It's also true of spam and anti-virus detection...
“Good luck finding one that is successful against OpenBSD.”
Good idea – ignoring my point that most desktop OSes are being compromised by something other than flaws the underlying OS so you can point to an OS usually used as a server by trained professionals. It’s great to cherry pick data to construct your own facts, isn’t it?
How many do you think would appear if OpenBSD was run mainly as a desktop OS by less savvy users? Less than Windows? Possibly, but watch what happens with the middleware and proprietary products they use.
“I assure you that I’ve carefully studied this under controlled conditions using many accounts, NONE of which were used for any purpose other than studying Gmail’s behavior”
Then it shouldn’t be too hard to point to some documentation, right?
“I suggest setting up your own spamtraps”
Oh yes, the old “I won’t supply citations, just do your own work”. Let me guess, if I were to do that and find different results, you’d pretend they weren’t valid for some reason, right?
“So: if you don’t believe my conclusions, fine: go get your own.”
You’re the one making the claim. Prove it. That’s how debate works.
“You’ll soon get the same flood of spam from Gmail”
WTF does spam coming FROM GMail have to do with their spam filters. You were attacking their spam filter – i.e. incoming email – remember? I’m sorry if we were talking at cross purposes here, but I thought it was obvious from when I was talking about my GMail spam filter – which works perfectly well.
“Now check your spam folder”
So, if everything’s getting filtered, what’s the problem? Did you report any of these messages to Google or have you just been whining to yourself all this time?
“You’ll soon get the same flood of spam from Gmail as from Yahoo as from Hotmail as from everywhere else”
So, you’re saying that the problem is free webmail accounts, not Google specifically? Why are you attacking Google, then?
Wow, a free-to-use service used by millions and millions of people are used send out more spam than smaller or paid-for services. Do you really think you’re proven anything here? You must be so proud to have spent those 4 years so productively. What’s the next study from the Department Of The Bleeding Obvious?
Re: Re: It's also true of spam and anti-virus detection...
I agree, Paul. The Anonymous Coward that said Gmail is “inefficent” and its spam filter sucks is obviously very naive and only has anecdotal evidence. Plus, there is no way to verify that Anonymous Coward is even who (s)he says (s)he is.
Re: It's also true of spam and anti-virus detection...
Gmail spam filters are very good and so is Spam Assassin.
Yes it needs constantly updating because the spammers are constantly evolving but I would actually argue that the filtering works well because of the fact that spammers keep having to change their behaviour.
I personally never see spam in my Gmail account that I have had since 2004 and use as my main email.
Also the AV scanning is for the benefit of their users, from a business perspective if you operate an email system where all of your users keep getting emails with viruses attached soon you will not have many customers left.
Re: It's also true of spam and anti-virus detection...
I think you’re incredibly naive if you think that your operating system is immune to viruses. But even if it were true, so what? How much functionality or usability are you sacrificing in order to obtain total security? You can make any computer secure by unplugging it from the internet and removing the dvd drive and any io ports. I think 95% of people might be able to use some flavor of Linux generally, but the second something went wrong they’d have no clue how to fix it.
Again, so what? Most attacks are not 0 day exploits. Your argument is basically, “It can’t catch everything, therefore, it is completely useless.” Plus, there are a fair number of anti-virus applications that are absolutely FREE, so it’s not even a question of money.
You’re giving people terrible, terrible advice…
Re: It's also true of spam and anti-virus detection...
This is not true. Good AV software uses signatures to detect known (as in, previously seen) viruses and also monitor the systems and use heuristics to detect threats that haven’t been seen yet (called Potentially Unwanted Programs).
Heuristic detection is a long way from perfect, but its success rate is well above 0% (probably more like 30-50%, depending).
If you think that all you need to do is select the right OS and application set and you don’t have to worry, then you’re very, very wrong. You still have to keep an eye out for virii and be meticulous about your security practices during regular use of the system. In other words, you still have to do what AV software does, you’re just doing it “by hand”.
As an example of why, let me just ask: if your system were to be compromised, would you even notice it? Unless you are engaging in basic security audits regularly, there’s no way you’d know except through dumb luck.
It’s entirely possible to arrange things so you can avoid AV software. I do so myself. But there’s no “set it and forget it” path to this. It requires proper use habits, vigilance, and regular auditing.
Re: It's also true of spam and anti-virus detection...
“But as one of the most senior and experienced email people on the planet…”
…who posts anonymously and thus provides no way to verify these very grandiose claims. You may have perfectly legitimate reasons for wanting to remain anonymous, but the more impressive your claims are, the less likely they are to be be taken at face value.
Re: It's also true of spam and anti-virus detection...
Spam detectors aren’t stupid nor are they “unethical,” “immoral,” or “completely useless.”
In fact, Gmail’s spam detector works AWESOME for me, and millions of people would be very unhappy without it. I rarely ever get any spam in my inbox (I have literally gotten maybe one or two in the past few years).
I don’t know what you base your morals on, but they are certainly flawed. Spam detectors and anti-viruses aren’t in any way unethical or immoral, nor is Gmail’s personalized ad system.
Can the destination email server really "intercept"?
Gmail’s servers are either the destination MTA or the source MTA. When they are the destination, the email is sent to them. Whey they are the source, the email is sent from them. Since they are the endpoints, I completely fail to see how in the world it is possible for them to “intercept” the email. When you open an envelope destined to you, are you intercepting its contents? It does not make any sense! The same for the source.
The only email servers where “intercept” would make some sense would be ones in the middle, like when a server sends an email through a SMTP relay; the SMTP relay is in the middle (and some of these do intercept the emails, to run antivirus and antispam software).
They could say “but Google passes the email through several separate systems”. It does not matter. It is still a single email system. As an analogy, the popular “postfix” email software passes the received email through several separate processes; even if I moved some of these to separate machines, it would still be a single MTA.
Re: Can the destination email server really "intercept"?
Legally, yes it can. If the phone company is tapping a line, that counts as “interception” even though the call never leaves their system.
One-party consent
Just thought of another point.
If someone sends email to a gmail user, does it matter if the sender did not agree to gmail’s TOS? The receiver agreed to the TOS, and the receiver is free to do as he pleases with any email he receives.
Re: One-party consent
Do you have some notion that email is private?
You realise that email is all sent in plain text? Literally any router in between your email server and the recipients email server could be reading your emails.
The only way to make it private would be to use an encryption system like PGP.
Re: Re: One-party consent
You realise that email is all sent in plain text? Literally any router in between your email server and the recipients email server could be reading your emails.
Have you heard of STARTTLS? Unless the router is actively doing MITM (which is detectable and uses more resources), if both endpoints support STARTTLS (Google gmail does support STARTTLS), the router cannot be reading my emails.
Not private, but not as trivial as “any router could be reading my email”.
Re: Re: Re: One-party consent
What I am talking about is SMTP. Email between MTAs is rarely encrypted.
Re: Re: Re:2 One-party consent
What I am talking about is SMTP. Email between MTAs is rarely encrypted.
You would be surprised. From one of my server’s MTA logs:
R=dnslookup T=remote_smtp H=ASPMX.L.GOOGLE.COM […] X=TLS-1.0:RSA_ARCFOUR_SHA1:16 DN=”C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com”
Yeah, this exim MTA somehow magically used encryption when sending an automated email to a google email account. Without any special configuration on my part. It is enabled by default. And this is an old Ubuntu install.
Waste of time, money and resources. But that’s mostly what the judicial system has become nowadays, no? (I’m not restricting that to the US)
…Under that very same definition, every member of the NSA has violated the self-same wiretap laws. As have the entire Alphabet Soup that is the US Administration.
Can we arrest them and charge them?
…No?
Fuck this bullshit.
Its not about context
The interpretation of any law ismust be unbiased. I think your argument – at the end of it all – is, well, really is Google going to do anything bad with this stuff? How would we feel about our Gmail account if the Syrian government or PRC owned Google? We’d probably either drop our Gmail accounts or have a much greater level of transparency, accountability, culpability and the ability to audit. At worst case this is likely what Google will have to provide. Is that bad? Unfortunately, you’re not adequately building a case around the decision or interpretation of the law, your defending Google.
Re: Its not about context
If users thought Google was controlled by the Syrians or the PRC, they’d stop using GMail.
Despite claims that Google is a front for the NSA (as if the government were that competent!), most people trust Google to handle their email.
If people don’t like the way GMail works, they won’t use it. If you don’t trust Google with your message, don’t send it to GMail.
Google has to provide “accountability” to the extent that they lose customers if they don’t. Courts have no business telling happy, informed users to stop using GMail.
Re: Re: Its not about context
Thank you Google employee. The truth is, Google is a serial violator of privacy (remember the Street View cars sucking up wifi data?). If anyone ‘trusts’ Google it’s because they’re ignorant of Google ‘privacy’ practices. Why anyone would commodify their personal information and interests for the purpose of making money for Google is beyond me. As they say, if you don’t pay for a product, you are the product.
And no, I don’t trust Google and don’t use their services. Any intelligent person who remotely values their privacy should do the same.
Re: Re: Re: Its not about context
You missed out where those ‘evil Street View cars’ sucked up ‘private’ photons reflected off ‘innocent’ people and buildings that hadn’t asked to be seen by a camera (in writing, in triplicate) despite radiating in public.
Just so I understand
A company using a computer to scan emails for keywords in order to attempt to display relevant ads is illegal.
However, the NSA scooping up my phone records, location data,websites, email communications… is OK.
Got it! Invasive Government GOOD.
Enterprising company that ‘gives’ services to public for free (as in no cash charge) BAD.
I will trust the enterprising company LONG BEFORE I trust the Invasive Government.
Re: Just so I understand
You prove the point very elegantly. There should be accountability based on what is being done, not who you are. I imagine that there are others who don’t hold your view. Of course, it doesn’t make them wrong or you right. It just means that laws must be applied fairly and justly across all entities to protect the citizens.
Re: Re: Just so I understand
Make no mistake, I trust neither Corporate America, nor the US Government. If I were forced to trust one, I would not choose the US Government.
You are correct, I want the laws to apply equally to all, not selectively to anyone.
It's also true of spam and anti-virus detection...
Huh, I guess since you’ve tested it so extensively, it means nothing that my two gmail accounts have never had any issues. The account I use for registering for services (not just google services) has never gotten a single piece of spam email… ever…
My junk gmail account does occasionally get spam, but that is because I use that account when signing up for various forums, which bots can scan the user list and acquire email addresses. I have yet to see a piece of spam in my inbox, nor have I seen a legitimate email in the spam box.
As for this court case, it should be thrown out. You don’t have to use google as the service provider, and you AGREED to the ads when you accepted the Terms of Service. On top of that, you can OPT-OUT of the “ads based on interests”.
On to your expert advice of just using a secure OS, that has to be the most ignorant statement I have ever heard. I assume the OS you are using is some flavor of Linux, which compared to the other options out there, is a highly niche market. Now if you don’t mind taking the time out of your busy day to teach hundreds of millions of people how to install, properly configure, and utilize without risk of infection this unnamed OS, then it would be a different story altogether. Otherwise we have to stick to our “stupid” method of using AV software, and while yes, it is vulnerable to zero-day attacks, it is far better than assuming our OS is secure.
Bare in mind 5 years ago Apple claimed their OS was impervious to viruses just as you now claim your OS is impervious to malware. This is simply a case of you are using a niche OS, and hackers cannot be bothered targeting such a tiny target. If everyone were to switch to your OS, I’m sure hackers would start finding holes in that software as well.
Re: It's also true of spam and anti-virus detection...
Right. And because thousands of people have smoked cigarettes and never developed lung cancer, smoking is OK.
Re: Re: It's also true of spam and anti-virus detection...
You can’t prove a negative. It was up to anti-smoking folks to prove the links between smoking and cancer, not for the tobacco companies to prove that it was free of any such link. Until they did so, smoking was considered OK. Once they did and the tobacco companies couldn’t refute the evidence, smoking was treated as the health hazard it is.
Is there a problem with Google’s services? I don’t think so, but feel free to prove me wrong.
Re: Re: Re: It's also true of spam and anti-virus detection...
I dunno, I think that having the tobacco companies prove that tobacco wasn’t harmful isn’t a bad thing. Don’t the Europeans insist the same thing with GMOs?
Neither intercepted nor inserted
Google does not intercept email nor insert ads into the email.
If you were to examine the message at any point in the transmission, you would never see “ads” placed in them.
Additionally, the email is not “scanned” by the servers. It’s scanned by the client. The client is the end-point. That’s why as you scroll through your content, the ads change. The ads are based on what is being displayed at that moment. This means that the “scanning” of the email is being done completely on the users computer.
-CF
Government-certified defense
No worries… it’s just metatdada!
It's also true of spam and anti-virus detection...
I fail to see the comparison of smoking cancer sticks to using an email provider… Regardless, I was sharing my personal experience of the gmail service in order to contradict what this “expert” was saying. Perhaps you would like to add something of value to the conversation other than quips?
Re: It's also true of spam and anti-virus detection...
I thought it would be straightforward. One person’s experience cannot be used to validate all peoples experience. That’s where cancer comes in, because one person smokes and doesn’t get lung cancer doesn’t mean smoking doesn’t cause cancer. We can comment on what we wish here, like you commenting on your experience with Google, while nice, yet anecdotal. However, after highlighting YOUR experiences you said the case should be thrown out – so the faulty premise led to a faulty conclusion. And your comments on the fact that Gmail users agreed and it thier problem, just indicates you don’t even know what the case is about, as the matter was specifically about users who weren’t using Gmail – hence signed no such release – but were communicating with Gmail users. For example, if you sent someone email from a Yahoo account, it could be scanned. Get it now?
So how does a sender have standing?
Just so I understand, how does a sender even have standing?
They opted to send an email to someone with a gmail account. That email while ‘from them’ is ‘to me’ If I want to I can publish all emails I receive for the world to see, that is my choice as the ‘owner’ of the mailbox you chose to send an email to. So I can ‘allow’ google to scan my email in return for a free email account and storage if I so choose.
Actually it is a form of interception, just like Spam filtering and virus scanning is a form of interception. Spam filtering and virus scanning got a step further and filter based on results.
Except that Google has always been up front about its ‘interception’, and even gets the mailbox owner’s consent (in the form of agreeing to Googles TOS), unlike the U.S. government. That is why I believe there is no violation of Wiretap laws in the case of Google.
The government (NSA Homeland Security et al) on the other hand, in my opinion, HAS violated Wiretap laws and the trust of not only the American people but in fact the entire world.
The question is exactly when did I ‘sign up’ for surveillance from the NSA, FBI, CIA, Homeland Security… Oh wait, that’s right, I didn’t.
Funny people are more upset about Google making a buck than the U.S. Government invading their privacy. Some people just have their priorities all screwed up.
Re: So how does a sender have standing?
Right. GREAT QUESTION and extremely relevant to why the judge decided as she did. Wiretap rules are governed by state law for calls placed among parties when all in the same state. Most states require that all parties know of the recording while the call is being made for it to be introduced as evidence, but some like NY only require one party to know. If the call is among parties crossing state lines federal guidelines apply, which are much more stringent and bring in a whole new set of rights and privacy laws that must be followed. The only way to bypass these laws is by getting a warrant to record calls after producing probable cause (unless, of course, you use the Patriot act and a few other exceptions, under which the NSA operated). I don?t think the judge here is trying to trash Gmail or get rid of Google, but she felt there was some ambiguity in its practices. It likely just means better accountability, more transparency and culpability for Google and how it uses email – maybe bureaucratic, but it guarantees Constitutional rights and the laws made to protect the citizens – else, as you imply, we change the law and make it so the person sending information has no reasonable expectation of privacy. These again just highlights the complexity that arises when we apply our laws in a medium that nobody could possibly have foreseen, it?s not a witch hunt (for the most part) and we shouldn?t be defending or persecuting Google, but understand the laws and rights at play. What got me is that the author of this blog, who is entitled to write what he wants, focused on the context that this is Google and this is how it does it and I trust it. And, I am inclined to agree; however, it doesn’t obsolve it anymore than if Google were a covert entity used by the Syrian government.
You get what you pay for
For goodness sakes…. THERE IS NO FREE LUNCH… Google makes money by pushing ads on you, pure and simple. They do not exist to ‘do no evil’, the exist to prolong their existance via a revenue stream. So if you don’t like that, go PAY for an email program. Quit your whining about getting something for free and then having to live by the TOS. Sheesh…
Wiretap laws??
And Google is different from hotmail, netscape, aol, fastmail, yahoo etc etc etc… how Exactly?
Reduce what is being done to its essence. A presumably private communication is being sent via Gmail from one location to another. In the course of its transit its substantive contents are being “read”, albeit by machine…coded of course by live persons, for the financial benefit of Google. Rationalize all you want, but it cannot be denied that the communication is being read for content. Maybe the reading is not to the extent that would definitely shock the conscience of all, but it is being read nevertheless.
My take away from the argument “But its Google and you agree to all of this snooping by using it service under the terms provided when you signed up…terms buried in legalese and subject to unilateral change at Google’s unbridled discretions”. How one can accept this as A-OK, while at the same time railing against the NSA’s collection of metadata (which is characterized as not delving into the substantive content of communications as Google appears to be doing) is unfathomable. This is not to say I am enamored with what the metadata being collected by the NSA, but only to say that approving one and excoriating the other strikes me as a logical inconsistency.
Now, the status of the case does not mean that Google will be on the losing end. All it means is that the plaintiff has presented sufficient “evidence” in its pleadings for the case to move forward on this issue and afford both the plaintiff and Google the opportunity to spar over the issue.
Re: Re:
“How one can accept this as A-OK, while at the same time railing against the NSA’s collection of metadata”
Because you can opt out of GMail’s T&Cs by simply not using their service. You can’t opt out of the NSA’s snooping even if don’t reside under the jurisdiction of the USA.
I thought this was blindingly obvious, but apparently not…
Re: Re: Re:
Of course one can opt out, but then again in most instances it is almost certainly a stretch they even knew what was contained in the terms of service, terms drafted by lawyers with lots of time on their hands to get creative and write terms limiting virtually all forms of corporate liability and affording virtually zero rights to service users. Adding insult to injury, even if you read and absolutely understand what the terms say when you sign up, provisions are always included that permit the service provider to change them on a unilateral basis that will be communicated to a user in a 5 font notice in Mandarin Chinese.
Hint: My email communications with others are private, and I expect them to be treated as such. I do not differentiate between who is doing the snooping, private parties and governments. Neither should be poking around my communications. Period. End of story.
Re: Re: Re: Re:
Also keep in mind that after 180 days of sitting on the recipients server it is no longer considered protected communication and no warrant is needed to grab it… And if you are sending an email to someone’s work address their employer can read it at will. Just a couple of factors that make expecting private communication via email naive.
It's also true of spam and anti-virus detection...
But they are consenting, the moment they put @gmail.com into the recipient box, you are consenting that the destination email server may do whatever it wants with that email. This is no different than every single email provider on the planet. I host my own email domain, which in turn has spam filtering software on it. If you were to send an email to me, you are consenting to let that machine process the email to its satisfaction before I am able to view it.
Try reading my first comment again. My personal experience and the case being thrown out are not linked, I was merely talking about my personal experience for the sake of the guy I was replying to. The case should be thrown out because the user of the email account agreed to use it under given conditions. Like others have mentioned, you are assuming plain text (unencrypted) email is private. If you don’t want gmail servers scanning your email, it is quite simple, don’t send email to an address whose domain is @gmail.com… The only way for an email to be private is for the sender to ask the recipient for a private domain email account, then use an encryption algorithm like PGP to scramble the content.
Just because people don’t know that plain text email isn’t private, doesn’t mean they are entitled to how they think email should be handled. Even private domain email isn’t private unless you encrypt it.
Now cut the condescending tone, it is irritating as hell.
Re: It's also true of spam and anti-virus detection...
Landline phone conversations aren’t private either, but if the phone company started recording all of them and then running scans on them to determine what adds to put on your bill, you might view things differently with this case.
Re: Re: It's also true of spam and anti-virus detection...
I don’t know where you live, but you should sue your phone company ASAP, because despite what you said there actually your conversations are private on landlines and wiretapping laws where passed to enforce that privacy.
Creepy, those people are creepy.
IT'S SPYING, MIKE.
“Google is not “intercepting” the email” — Sheesh. First an “intercepting” is an unauthorized TAP to SPY. You try to take “intercepting” as NOT meaning process the email with computers to determine its content and meanings, collate all its references, follow up any links it contains, and store all those results long-term for tracking purposes. — NOT “intercepting” would be to handle it WITHOUT that processing.
Google is also trying the old “it’s only automated” dodge, as if okay because no “natural” person sees it. — But heres’a sophistry for you: as Google is supposedly a “person”, then its automated devices are part of it, so YES, a “person” IS reading the emails.
When you think surveillance or spying or snooping, think Google!
Re: IT'S SPYING, MIKE.
Wow, it’s such a pity that Google ‘spying’ is so unavoidable…………oh wait, I can avoid it and I do avoid it by not using any Google service and arming Firefox with a series of privacy extensions like Adblock Edge and Ghostery.
When you use a Google service you accept everything in their terms of service so stop bitching.
Re: Re: IT'S SPYING, MIKE.
Good point. You can also avoid NSA spying by not using a smartphone or the Internet.
Re: Re: Re: IT'S SPYING, MIKE.
You’d have to avoid using the telephone at all (smartphone or not), as well as avoid using debit/credit cards, driving a car, flying, etc., etc., etc.
Re: Re: IT'S SPYING, MIKE.
When you use a Google service you accept everything in their terms of service so stop bitching.
That’s funny. When I used that reply when people were sniveling about the ISP terms of service you were one of the biggest crybabies. Let me guess… that’s different, right? What a hypocritical salad tosser you are.
Terms of Service
That is what the Terms of Service are for.
You agreed to used Google’s Gmail and for that FREE service you agreed to let Google provide you with ads you might actually be interested in.
Re: Terms of Service
Hotmail users sending email to Gmail users never agreed to anything.
Re: Re: Terms of Service
Hotmail users sending email to me at work do not agree to my employer reading it but my employer can do so if they choose.
Re: Re: Terms of Service
Yes, they did, as soon as they sent an email out of their control.
I’m sure the folks over at Scroogle (Microsoft) all had a collective orgasm when they heard this.
This is one case where Google has real chances of losing.
The NSA gate put concerns about privacy in front of people, so this is a factor.
Google admits to scanning the contents of the messages sent, this is like the post office saying it opens the mail to read it so it can put promotional material inside along, that is bad, also there appears to be some sort of profile building based on data collected from those scans, which could mean some very private data may be being stored in there, but I doubt Google would want to open that data to scrutiny, further James Clapper and Keith Alexander proved one thing to the public and this is true even here, you don’t trust anything others say they are doing until after you can check it for yourself, meaning with only Google’s word that they don’t do anything with the data probably isn’t gonna fly.
Plus, Google is a target from other industries(aka MAFIAA)
I can see how Google could get their pants handed to them on this one.
On the bright side any ISP doing deep packet inspection or trying to “scan” any type of data trying to stop that one stream of data only, would probably be breaking the same laws Google has, ISP spam filters that scan the contents of the data they receive is probably breaking the law,
The one thing that some could use to say they are not Google is to say that they don’t build profiles, but that is today, future network tools will be intelligent and learn patterns they will too build some forms of profiles.
It's also true of spam and anti-virus detection...
Last time I checked, google doesn’t send me bills (they do send me checks for ad revenue that I generate for them), so your point is mute.
This is another problem that everyone seems to be overlooking while on their google witch hunt, it is a free service, that you can choose not to use. You’re comparing walking to cars; while they have some similarities in that they both get you from point A to B, there are too many differences to put them in the same category.
If google were merely serving me ads on gmail.com I would have no complaints, however, that’s not all that happens. I have had two separate occasions where the content of my email were used by third parties for more marketing.
Rather than hire an attorney, however, I merely rolled up my sleeves and put together my own mail services.
Thoughts
That Google scans emails from me despite not having a relationship to me has always stuck in my craw, and is why there are a couple of friends who I rarely send emails to — they use gmail.
However, using wiretap laws to put a stop to it seems like a weird way to go. Wiretap laws vary from state to state. In some states, only one side has to consent to the interception for it to be legal — Google’s on firm ground there, as the gmail user gave consent. In others, both sides have to consent. Google might be on shakier ground there.
Also, I wanted to address this:
Those are two very different things, for this reason: Google is storing information from its scan of the emails. It is likely keeping a profile of me, as it does with signed-in Google users, based on my email address.
Spam and antivirus scanners don’t do this. They scan the datastream and store no details about what was scanned beyond whether the email is spam or contains a virus.
Scroogle
However you may feel about Google’s actions, it is clear they are common practice in “the industry”.
So why is Google, and only Google, being hauled into court here, with none other than Judge Koh, on Microsoft home ground? Start looking for the Micro$loth $$$ here, folks!
It's just a Motion to Dismiss
This motion happens before the defendant even files an Answer, and is based on whether plaintiff stated enough plausible facts to support a claim. These are *alleged* facts. They still have to be proven.
Many judges don’t want to pull the trigger on kicking an entire lawsuit based solely on what was said in the Complaint. And there is still a full litigation to get to. So it’s really more of a “let’s give plaintiffs the chance to make their case” kind of thing.
Personally: Seriously? If you’re going to buy into Microsoft’s deceptive Scroogled ad campaign, use their email then (and cut off all your gmail friends, like a recovering alky cuts off his drinking friends).
If plaintiffs even prevail in the matter and it goes to appeal, just wait ’till the amicus briefs from every processor of data start rolling in. This one I am not losing any sleep over.
And if you are one of the class plaintiffs, think about where that settlement money, if any, will go: 1) Lawyers; 2) Somewhere other than your pocket. (Hope you like lawyers, charities, and useless gift certificates.)
If Google does something, the courts, politicians and lobbyists all jump on them trying to stop them. If the NSA does the same thing (or worse), the courts, politicians and lobbyists all support them.
I sincerely doubt it’s as simple as scanning individual emails and delivering ads based on that. Knowing Google, they probably use the data to develop an overarching profile to deliver adds to you account. Cross-reference that with the profiles of those you contact, and you’ve got an extensive background.
I bet some ISP scan my emails too…. Scan it for header information about where I am sending the email. Scan it for virus.
All those ISP in the chain I bet look at it too.
I don't think that Google should appeal
That would take too much time and money. It’s simple. Just have people opt in or out of having their email scanned. If you opt out, then they can’t be scanned. For anything. That would mean looking to see if the email is spam. So don’t. And that will open the SPAM floodgates.
Give ’em what they ask for, then see how long before they cry Uncle!
What if the phone companies did what google is doing
Lets say that ma bell starts to “listen” to my calls and picks out keywords to build a profile around and sells that information to marketing firms. Would that constitute wiretapping? I think it would and I think this is exactly where the judge is going here.
In states where both parties need to consent, just having the one side agree to free phone service is not enough. If at the beginning of each call a recording indicates that anything said on the call can be used for marketing purposes, then other side can disconnect if they object.
I actually think this is a good application of the law.
What if the phone companies did what google is doing
Lets say that ma bell starts to “listen” to my calls and picks out keywords to build a profile around and sells that information to marketing firms. Would that constitute wiretapping? I think it would and I think this is exactly where the judge is going here.
In states where both parties need to consent, just having the one side agree to free phone service is not enough. If at the beginning of each call a recording indicates that anything said on the call can be used for marketing purposes, then other side can disconnect if they object.
I actually think this is a good application of the law.
BS from Google is massive.
What google is also doing is suppressing free speech under the guise of making us sign in all our accounts and harrassing us with calls etc. under the other guise of privacy and protection.
We are not doing banking here. We need one simple password and we want our individual accounts to remain as they are. No one wants a different name.
Stop trying to trick us into new accounts so you look like you have more customers/users than you do
I believe some individuals are being targeted. Without cause just cause they can do it and for competitive stomping reasons, reasons involving friends, and much more.
Fascists want to know who to go after if someone disagrees with them.
They ruined youtube. Just as Microsoft ruined Skype.
Man is this is a pro-Google article…
Scanning email, in any form, is an invasion of privacy. Tech writers are so quick to excuse illegal activity from Google, but then when the shoe was on the other foot, they beat the bushes on Google’s competitors.
To the author: Google invades your privacy. What word don’t you understand?
Re: Re:
Scanning email, in any form, is an invasion of privacy.
You’re opposed to spam filters then?
Profiles built from ad placement
So you’re saying that Google isn’t recording and creating user profiles to increase their revenue? Profiles that can also be rented out?
vanishing e-mails
I know it’s a bit late to comment but came across this site after browsing the web to find out what happens to the emails I am waiting for that never make it to my inbox. I am waiting for one to reset a password for The Range, that will be the store that sells homeware etc cheap, so beats me why anyone should want to intercept it? It is also very frustrating. I personally object to my privacy being invaded whether it is governments or Google etc. doing it to provide companies with my info so they can bombard me with unwanted spam, which seems to get through just fine.
Automatic search leads to arrest
“Google is not “intercepting” the email. It’s just having its computers scan to match up ads with it.”
Except today, they arrested a guy based on the content of his private e-mails…which was discovered by these automatic Google searches.(http://www.bbc.com/news/technology-28639628?ocid=global_bbccom_email_04082014_technology)
NOW is it an unreasonable search and seizure?