Comments on: I read your email

By: mrkmyr

mrkmyr — Sat, 17 Apr 2004 20:48:22 +0000

I think there is another problem with allowing user choice. When enough people make a choice to have mail scaned, there may be reduced options for those who don’t want it. If Gmail works, hotmail, yahoo, and others might silently switch-over to ad scanning. One might say this is the market at work, but I might argue it is the imperfect market at work. I think an example of this effect can be seen in credit card contracts. You can’t get a credit card without an arbitration provision.

By: Frank Quist

Frank Quist — Fri, 16 Apr 2004 22:42:40 +0000

Here's Slate's take, which makes some of the same points some people have made here: comparing the scanning of e-mail messages to detect spam vs. scanning them to detect keywords for ads. Interestingly Google seems to says it does not store the keywords that triggered the ads. I'm leaning towards agreement with it with the quibble that Google better make it very clear what they do with all the data, if only to comfort the people that dislike what they're doing. Read My Mail, Please The silly privacy fears about Google's e-mail service.

By: rick

rick — Fri, 16 Apr 2004 16:07:35 +0000

SLG wrote: Nice try, but this smart lawyer gal knows better. ECPA has exceptions for the consent of a party to the communication, and courts have uniformly held that proceeding in the face of monitoring constitutes consent. I’ll try harder next time, honest! See my earlier comments on bait-and-switch where the TOS gets changed after the fact. This is semantic but, from an ECPA perspective, would GMail be considered a party to the conversation on the same par as the sender and intended recipient? Under the Communications Act of 1934 (amended) the carrier is permitted to “listen” but is restricted from disclosing any information learned. That’s not the same freedom held by the intended recipient. I’m assuming GMail is the carrier, not an actual party. And CALEA is simply irrelevant to this problem, as it deals with regulation of the telephone system, not e-mail. I think CALEA is being extended (ie. Carnivore). We may have to contend with our own ISPs logging everything we do just so they are compliant with laws like CALEA and it’s follow-ons. Email services like Yahoo, Hotmail, and GMail would have to comply (so it’s not too far off topic). From a legal perspective, as long as you agree to the TOS, you have consented to the Gmail monitoring and have waived your rights. What is your argument beyond “for starters?” Again, see my earlier comments. Basically, we’re in agreement except for this: I think it IS a big deal because people are lazy. They don’t read the EULA that came with their software; they don’t read the contract on their extended warranty, and they’re not going to read their GMain TOS. [Warning: cheap ploy for free legal advice follows …] Counselor, if you were giving out paid advice, would you tell your client, “hey, that fine print … it’s no big deal” ?

By: eszter

eszter — Fri, 16 Apr 2004 01:35:37 +0000

SLG, Detached Observer, and others who so kindly take my personal email practices to heart here. My post wasn’t about me or my personal email practices. Rest assured, I am aware of what it means to send out an email. I was attempting to point to some more general issues, especially when the email provider may be the same as the service you use for searches. Read this for some more info.

By: Detached Observer

Detached Observer — Fri, 16 Apr 2004 00:46:44 +0000

Eszter, Frankly, you have no reasonable expectation of privacy when you send an email. The person who receives it may do whatever they want with it—give it to someone else to read, ridicule it on an online forum, or, if they so wish, let google scan it.

By: smart lawyer gal

smart lawyer gal — Thu, 15 Apr 2004 21:06:47 +0000

Rick, Nice try, but this smart lawyer gal knows better. ECPA has exceptions for the consent of a party to the communication, and courts have uniformly held that proceeding in the face of monitoring constitutes consent. See, e.g., United States v. Amen, 831 F.2d 373 (2d cir. 1987). And CALEA is simply irrelevant to this problem, as it deals with regulation of the telephone system, not e-mail. From a legal perspective, as long as you agree to the TOS, you have consented to the Gmail monitoring and have waived your rights. What is your argument beyond “for starters?”

By: rick

rick — Thu, 15 Apr 2004 19:03:34 +0000

Smart lawyer gal wrote:
I don’t see what the issue is.

For starters, US citizens should take a look at the Communications Act of 1934, the Electronic Communications Privacy Act of 1986, the Communications Assistance to Law Enforcement Act (of 1994).

By: anonymous (even today)

anonymous (even today) — Thu, 15 Apr 2004 17:04:21 +0000

Do they have any idea how email is delivered in the first place? Not by carrier pigeons, certain RFCs nonwithstanding. Every byte of every message is “scanned” by computers on its way to recepient. Anatoly, It is common in this bizz to adhere to “abstraction layers”. When according to RFC 821 a mail message is relayed or delivered its headers are changed and the body is “scanned” to find the end of the message. But the Gmail scanning is done at another layer. You can make almost anything fuzzy by not adhering to common abstractions. As for the smart lawyer gal, if you are a lawyer, the following should interest you: Gmail’s Potential Conflict with International Law The Gmail system may conflict with Europe’s privacy laws, specifically, Directive 95/46/EC, also called the EU Privacy Directive. This directive states, among other things, that users’ consent must be informed, specific, and unambiguous (pursuant to Article 7(a) of Dir. 95/46/EC). As it has been proposed, and based on the current Gmail privacy policy, the consent of EU-based Gmail users cannot necessarily be considered informed, specific, and unambiguous in regards to the scanning, storage and further processing of their e-mails. The need for informed, specific, and unambiguous consent also applies to the potential linking of EU citizens’ e-mails to their search histories. Additional issues with data retention may also exist under the EU Privacy Directive.

By: smart lawyer gal

smart lawyer gal — Thu, 15 Apr 2004 15:51:51 +0000

What if you forward your e-mail to someone who decides he doesn’t like you and posts it on the web? What if you tell someone a secret in confidence and he breaks your trust? The rule for gmail is the same as the rule for any other communication, right? I don’t see what the issue is.

By: Anatoly

Anatoly — Thu, 15 Apr 2004 13:23:02 +0000

From the screenshots I’ve seen, it’s clear that “the advertisment is added in as part of web page display at the display time for each email”, and is not added permanently and inherently to the text of the message. The “outrage being quoted” is a bunch of self-important activists crying wolf. My own respect for these organisations has diminished greatly with the publication of this open letter.

By: bryan

bryan — Thu, 15 Apr 2004 11:15:02 +0000

“The ads, as I understand it, are not inserted inside the emails, they’re displayed alongside them. The user doesn’t perceive them as part of the email message’s text. Thus “seeded” is wrong.” well unfortunately my pdf installation is fucked up so I’m not going to go read the pdf you quoted from, however is it clear whether or not the advertisment is added in as part of web page display at the display time for each email. which is one thing, or is the advertisement added into the email at the email’s reception via an application specific header to the email. the first means nothing, the second would be so astoundingly stupid I wouldn’t believe it possible except the outrage being quoted seems to indicate that might be the case, if the second is the case then it doesn’t matter how the user perceives the email when they read it, it matters that the email has had added in content.

By: rick

rick — Thu, 15 Apr 2004 10:51:00 +0000

In a corporate setting, you don’t have a reasonable expectation of privacy. Most employee handbooks will point that out. Some employment agreements go further by requiring you to sign a document acknowledging such. Getting back to GMail, IANAL but, in legal terms, federal law (and most states’) restrict access of electronic communications to three parties – the sender, the recipient, and the data carrier. Anyone else is potentially criminally liable. In the case of GMail, Google would certainly fall under the category of data carrier. So … basically you’ve only got the Terms of Service agreement to govern what Google (or Yahoo, or Hotmail, …) can and can’t do. What personally bugs me about these agreements is they keep changing. I consent to what I consider reasonable terms, establish an online identity in the form of an email address – then some Yahoo! comes along and changes the TOS. I’m stuck with choosing between either accepting the new terms or picking a new email provider followed by my own personal bulk email campaign to inform everyone of my new email address. If you really care about privacy, you need to be looking elsewhere for this kind of service. As for the PGP route, the problem with that is not enough people actually use PGP (or S/MIME). It only works if both parties have the necessary software.

By: Scott Martens

Scott Martens — Thu, 15 Apr 2004 10:08:09 +0000

By itself, I’m inclined to agree that there is nothing new or worrysome in what Google is doing. No human is reading through your mail, and law enforcement can already subpeona e-mail archives easily enough. The trouble with saying that if you don’t like the terms you don’t have to use the service is that it begs the question whether it is okay to make privacy something you can trade away. There are lots of things that the law won’t let you sign away. In California, I regularly signed employment contracts and leases that either restricted or removed my right to file civil suits regarding them. Those clauses have no legal force – in California you cannot sign away your right to sue. If you can’t sign away your right to sue, should you be able to sign away your right to privacy? I can certainly see an argument against letting people sign such agreements. In principle, I could refuse to sign an employment contract which took away my right to sue my employer. In reality, I couldn’t. Jobs are relatively hard to find, and few employers are willing to change their standard contract for one employee. Allowing it under the liberty of contract has an ultmately chilling effect on this freedom. In the same way if a service is offered for free on the condition of reduced privacy, the relatively limited number of e-mail providers and the cost of establishing a reliable e-mail service at a low cost could have the same effect on privacy.

By: kellan

kellan — Thu, 15 Apr 2004 09:28:20 +0000

tom t: “I wonder if the technology will next evolve such that some company will offer scan-proof e-mail to its users.” There is a company which already offers this service, its called PGP.

By: Jonathan Ichikawa

Jonathan Ichikawa — Thu, 15 Apr 2004 07:22:47 +0000

I’ve been wondering for a while, now: why is privacy valuable? Does it harm anyone if a computer scans my email? Are we just worried about the possible 1984ish scenarios, or is this non-privacy bad, even if nothing beyond scanning for ads never comes of it?