Is anyone really surprised by this revelation via Facebook, via your Great Aunt Sue, via the family party group, via Huffington Post, via who knows where else, that Google’s arguing its Gmail users have no legitimate expectation of privacy? Not me (or even this one).
A bunch of consumers in California got together and are suing Google, class-action style, for privacy violations with regard to its Gmail service. In particular, the group argues that “Google unlawfully opens up, reads, and acquires the content of people’s private email messages.” Google counters by saying that it doesn’t actually read the message, such as a human would read the message, but rather its system scrapes the messages for information and feeds you ads based upon those messages. You’ve probably seen these advertisements if you haven’t turned them off already.
Well, as expected, Google filed its motion to dismiss, and because of some of the arguments, many are upset. In particular, most stories I’ve seen grasp onto Google’s primary argument that “all users of email must necessarily expect that their emails will be subject to automated processing” and therefore, users have no expectation of privacy. Motion at 19. Google argues that this expectation applies to all users, not just those of Gmail. Google argues that users implied on the part of the non-Google users. Specifically, Google argues: “[T]he non-Gmail Plaintiffs must have expected that their emails to Gmail recipients would be subject to automated processing by Google in its capacity as the ECS (electronic communication service) provider for their intended recipients.” Motion at 20. Google even goes further to argue its reasoning is supported by the timeless string of cases flowing from Smith v. Maryland (a.k.a., “the pen register” case).
In theory, I’m agreeing with Google on this one. Most, if not all, users of email understand that cloud email providers scan email messages to provide filtering and spam protection. Heck, almost every message I get from other attorneys contains the “attorney-client privilege” and “please destroy and notify” caveats as appendages to their sent items. Moreover, unless I specifically know who your receiver’s email messages, you can’t predetermine whether your provider will scan the message once it arrives.
Email is similar to a letter sent via post: once deposited, there’s no guarantee of its arrival or its security. Sure, you can argue that at least the post office or its employees don’t scan the messages prior to delivery and serve ads, but how many times have you seen stories of ditched or destroyed mail. And don’t even get me started on the instances where the machines ate the letter, which necessarily required the post office to snoop. Or even the USPS’s post-9/11 mail logging service. Or your own users’ incompetence.
Quite frankly, the only reason the carrier services have the presumed status they do is because of trust. You trust the carrier to deliver the goods or materials as sent. And, in essence, Gmail does that. Yes, Google skims the content and adds ads. But you can turn them off. Otherwise, the email arrives just as they were sent.
I’m also giving the benefit of the doubt to Gmail that they’re not actually reading the messages. I guess they could. But why? Their goal is advertising, and advertising is only as relevant as the most recent message. As one Google ad proclaims: “You know who needs a haircut? People searching for haircuts.” Timing truly is everything.
And Here’s the Beef
Google’s contention hinges on the argument that no one expects privacy when they send a message, and Gmail users are among that bunch. While I agree that Gmail’s free service lacks any expectations of privacy, I’m don’t believe that goes hand-in-hand with its paid service, Google Apps.
First, Google Apps users pay for their accounts. This includes their domain names and the extra storage for messages, pictures and documents. Payment implies certain protections and benefits that freebies don’t, including the benefit of ad-free harassment.
Second, Google Apps permits users to restrict access to a user’s ability to send or receive messages. Once again, these restrictive settings imply added security and privacy protections for paid users.
Why do we pay extra for FedEx or UPS delivery? Because they implicitly (and explicitly) guarantee a certain standard of behavior. Similarly, Google’s paid services imply stricter standards and increased privacy. Therefore, Google’s argument fails when it says that all Gmail users have no expectation of privacy.
Certainly, some Gmail users have no legitimate expectation of privacy based on their status as free users. But arguably, Google Apps users, as paying consumers, have a legitimate expectation of privacy, even though Gmail is their platform. What’s the benefit of paying for a service otherwise? Google forces its Google Apps users to adopt Gmail as the email client and provides no other alternatives (yes, I realize there’s email forwarding). As such, simply using Gmail does not necessarily waive those Google Apps users’ expectation of privacy.
But I Don’t Want Evil
Face it folks, privacy is dead. In reality, I don’t care whether Google wants to scrape my incoming messages and feed me advertising. Frankly, Google’s ads are a lot less wasteful, and more environmentally friendly, than my daily pile of junk from the post office.
If you’re truly scared that Google’s invading your privacy more than the government (or your local grocery store), there are a some solutions.
Stop using Google. This is the easiest, and guaranteed, method to ensure that Google doesn’t have access to your information. This means ditch Gmail, Google Apps, and all the other Google products. Now.
Use third party software for email. If you’re a little bit okay with Google, you might try using third-party (usually self-hosted) software to send and receive email. Most email providers have POP3 and IMAP capabilities that enable you to send and receive email without using an intermediary. Microsoft Outlook is one such software, but there are literally hundreds of different desktop solutions. The key is to bring your email “in house” as much as possible. Speak with a qualified IT professional for the best solution.
Hold clandestine meetings in a park. If you don’t know what this means, read more Brad Thor, Vince Flynn, or even watch a little Burn Notice. Spies do it in private and in person because of these concerns.
Succumb to the Borg. The Borg, for non-Star Trek geeks, represents all things evil, which operate as drones. Granted, Google’s not that bad, almost. I suspect, based on the pleadings, Google will reach a collective settlement with the class-action plaintiffs. I hope that settlement clarifies some of the blurred lines between paid and unpaid services, including Gmail. As I said before, I’m not worried about Google’s scanning, especially since I’ve learned to ignore the ad placements altogether (please don’t ignore the ad placements on this site).
I don’t like surprises (like the NSA’s snooping), but nobody should be surprised by Google’s lack of LEP arguments. I can’t count the number of times I’ve received emails intended for “the other” Jeff Taylor. And even though I “destroyed” the message, I still read its contents. Certainly, in the sense of all email, “if you wouldn’t want your mother to read it, you shouldn’t send it,” is a fact. Always be careful and cautious about the contents of your emails.
Update (08/14/13): I went ahead to dig deeper into Google’s Motion. I noticed this:
I’m still standing by my initial assessment that even Gmail’s free users have little to no expectation of privacy.