Dumping Gmail Just Isn’t Enough

During our last class we discussed Google’s motion to dismiss in its case against a group of class action plaintiffs. The biggest element of the story was Google’s statement that email users should not expect privacy. In particular, Google argued that sender of email messages cannot determine whether the recipient’s email processor uses some method to scan and index email messages. The blogosphere went ballistic because of this statement from Google’s motion:

[Email users] impliedly consent to Google’s practices by virtue of the fact that all users of email must necessarily expect that their emails will be subject to automated processing.

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery . . .

[T]he automated processing of email is so widely understood and accepted that the act of sending an email constitutes implied consent to automated processing as a matter of law.

The blogs went wild, and I even saw a number of listserve messages advocate whole abandonment of Gmail because, “Google lies.”

Unfortunately, as I noted, most of the lynch mob was incorrect in their assessment of Google’s arguments. Google argued that non-Gmail users had no expectations of privacy, “they impliedly consented”, when they sent messages, including any messages sent to Gmail users.

Non-Gmail Plaintiffs

As Google explained, a sender can’t determine who would open the message, and therefore a “pre-screen” shouldn’t surprise the sender either. In our earlier class, I suggested that the only reason we feel secure using postal carriers or similar services is because of a certain trust factor. You trust that the carrier just has too many packages and envelopes to deliver to actually open every one. That doesn’t mean they’re not screening.

You’re making too many mountains from mole hills

The Google TOS and Privacy Policy

First, Google’s Gmail users are protected by its privacy policy and terms of service. Gmail users should know what’s in store for them because of the disclosures in the privacy policy and TOS. Google explains that:

The updated Privacy Policy, in turn, explains that Google collects information that users generate while using Google’s services, including Gmail, and can use information from “all of [Google’s] services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and [its] users.” The Privacy Policy further specifies that Google “also use[s] this information to offer you tailored content – like giving you more relevant search results and ads.

That’s pretty plain if you ask me. And compelling.

Google’s all about the ads

The backstory to Google’s data-gathering scheme relates to Google’s growing desire for advertising. As I explained before, Google’s seeking the most up-to-date and relevant information which includes the information contained in email messages.

For the most part though, I don’t have any problems with Google gleaming information from my incoming and outgoing email messages because I follow some general rules:

  1. Don’t speak because I remember what you’re saying. Unless I really want to preserve the conversation (or I don’t care about the message content), I’m not sending an email. Too many people have been ruined because of  their written comments. If you don’t want the recording antagonizing you in the future, don’t email it.
  2. Protect and preserve. Theoretically, encrypted or password protected attachments are inaccessible to Google’s indexing bots. If I want to send the message, but not enable Google-bot scanning, I’ll encrypt it (which requires the third party to have a way to decrypt the message) or send a password protected attachment. Problem solved. Yes, you can see who and when (via message headers), but you’re missing some of the what or how, in the protected attachment.

Ditching Gmail doesn’t necessarily solve the problem

Since Google’s arguing that non-Gmail users have no legitimate expectation of privacy, dropping Gmail doesn’t relieve your pain. Yes, you’re “off the Google grid.” But if Google’s right, then sending an email message is like releasing a message in a bottle: it’s no longer yours and subject to every whim and wave. If you’re sending the message to a Gmail user, then Google’s still capturing the information you tried to keep clean.

Perhaps then, you’re more exposed outside of Google’s grid than inside.

As I argued before, while free Gmail users might expect less privacy, Google Apps users, who pay for their services, should expect significant privacy protection, in addition to abilities to opt out of certain services. Alas, Google’s position is “one TOS to rule them all,” and “everyone’s in.”

In reality, despite the fact the email is so ubiquitous, it’s still amazingly difficult to design and handle your own email operation. Most users will opt for their webhost’s webmail program, which in my experience lacks the robust features of Gmail. Of course, you can attach an email client, such as Outlook or Thunderbird, to handle “fetching,” which may improve your email experience. If you’re using a mobile device, you might also have significant issues with email connectivity and synchronization.

I’m away from those prying googly eyes

“But,” you argue, “I control my stuff, and I keep it from Google’s index engine.” So? I wish someone would explain to me the great aversion to indexing. And don’t just say, “it’s my privacy.” Of course it is. Or how about “to protect my clients.” Please. See my principles above.

We’re wary of using Google because of some “privacy invasion,” yet we’ll gladly let supermarkets track our purchases or tell Netflix we love to watch Dora the Explorer.

“But,” you argue, “what about Rule 1.6? A lawyer has a duty of confidentiality.” And that’s certainly important, but Rule 1.6 doesn’t necessarily limit your use of Google’s products or services.

A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation . . .

How hard is it to write a consent clause into each representation agreement? (You’re using a representation agreement, right?) The clause discloses your use of Google’s products and services, and generally discusses the inherent risks of any communications by email, fax, post office, or commercial carrier. Covered.

You can’t control the receiver

Google’s motion shows the frankness of the email system: the receiver’s system is uncontrollable. From nothing to lockdown, hundreds upon hundreds (maybe millions) of companies use some sort of preliminary scanning to sort and deliver certain types of content. Regardless of whether you’re using Gmail or some other method, your webmail system is “reading” your email. How else could it estimate whether the message is spam?

Google’s not doing anything different, except it’s using some of the content to “provide, maintain, protect and improve them, to develop new [services], and to protect Google and [its] users.” Of course, Google’s also offering advertisements, and perhaps that’s what most people oppose. But Google’s business model isn’t anything new. Ever heard of Neilsen?

Gmail’s not going anywhere, and yes, it’s still safe to use

Fanatics face this reality: you’re stuck with Gmail and your messages aren’t private. Google’s shown that it can, and will, be a powerhouse in the provision of online consumer and business products.

Google’s also not dumb enough to breach the trust of hundreds of companies using Google Apps to improperly use the information. Just like the post office and FedEx, Google doesn’t want individuals opening and reading every message sent or received. Google’s developing processes and procedures for acquiring this information, which filters it into useful end results.

I predict that despite the uproar, most bar associations (if they even waste time to weigh in on the issue) and courts will agree that attorneys won’t waive any privilege or confidentiality because of the pre-screening process used by their email providers.

One Response to Dumping Gmail Just Isn’t Enough

  1. Not enough users are aware of and take trouble to set the Google privacy dashboard:

    https://www.google.com/settings/dashboard?hl=en

    That said, while using Google’s browser and Gmail to access it’s fine services, I’ve never used it for personal communication or given it my “credit card” identity. (That siloing of Google services from personal life was no doubt recently compromised just by getting an Android phone.)

Let's discuss this (you can use Markdown in your comment)

Jeff Taylor

I’m just an ordinary guy living an extraordinary life. I’m also an attorney and I blog about Android for lawyers. You can follow me on Twitter, LinkedIn, YouTube, or Google+.