In the first of a new series of posts to call out #BS you may be hearing in the mainstream press or general industry chatter. This post is on the ‘Gmail Privacy Scandal’ that does not exist.
Over the past week much mainstream media has devoted screenspace, print and even broadcast media to the privacy scandal that is old and a little tired about Gmail not caring for Privacy. As a paid up member of the International Association of Privacy Professionals I am very much concerned and interested in consumer privacy. However the horror and indignation in this case is wholly without merit and simply fuelled by articles on Time, Salon and other sites and being carried by radio jocks and late night talk-show hosts the world over it seems.
The whole media frenzy was sparked by The Consumer Watchdog, a California-based, non-profit consumer education and advocacy organisation who released an inflammatory press release. The headline of the press release was “Google Tells Court You Cannot Expect Privacy When Sending Messages to Gmail; People Who Care About Privacy Should Not Use Service, Consumer Watchdog Says”. Shame on them, and the further spin then applied to the story by the media.
Before I go any further I want to put this simply; email is mostly neither secure nor private. Generally emails are currently transmitted in the clear (not encrypted) and persons other than the designated recipients can read the email contents. Fact.
Presenting the facts the way they have gives the impression that this may not be the case, and the Watchdog fails in its role as a vehicle for ‘consumer education’. The self appointed watchdog has singled out Gmail and used Privacy twice in the headline. Whilst Google may well be able to convey their commitment to privacy better, their privacy policy for Gmail is covered by the Google unified Privacy Policy; in Australia: http://www.google.com.au/policies/privacy/
The Press Release goes on:
“Google’s brief uses a wrong-headed analogy; sending an email is like giving a letter to the Post Office,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “I expect the Post Office to deliver the letter based on the address written on the envelope. I don’t expect the mail carrier to open my letter and read it. Similarly when I send an email, I expect it to be delivered to the intended recipient with a Gmail account based on the email address; why would I expect its content will be intercepted by Google and read?”
I remember when I first started working with email in 1995 and my mentor wanted to use an analogy for email, he too used the post office and the mail system. He explained email was the equivalent of giving a postcard to a trusted friend to deliver to the post -box, and everyone en-route will be able to see the entire content of your message. That analogy I believe is much closer to the truth.
The comment that seems to have triggered the debate, and oft attributed to Google is actually a reference Googles lawyers made “Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties” this is in reference to a 1979 Supreme Court case (Smith v. Maryland) and was used to argue a point of law.
In response to the media that say you should not use Gmail, the point of the (non)story is actually that you should not have a Gmail account nor send messages to one if you care about privacy. Gmails response is not that Gmail is doing anything different. Their point is this is the same for anyone sending email and that we have been here and already had this argument before, many times. Unfortunately it seems most people skipped to page 19 of a 90 odd page document and failed to read any of the rest of it before going to press.
Early in the Motion to Dismiss filed by Google they state “Moreover, multiple courts have held that all email senders impliedly consent to the processing of their emails by virtue of the fact that email cannot be sent or delivered without some form of electronic processing.”
That is just a fact of life, ISP’s and email providers are forced to process emails simply to deliver them, and when you add spam filtering and other technologies to the mix you not only have a requirement to process the data for the purpose of delivery (or render the whole channel unusable and non existent) but act on that data. Which Google clearly explains in the motion to dismiss “Non-Gmail users who send emails to Gmail recipients must expect that their emails will be subjected to Google’s normal processes as the (email) provider for their intended recipients.”
It is a non-story and we have heard the arguments back in 2004 http://news.bbc.co.uk/2/hi/3602745.stm
Update: Hat-Tip to Laura Atkins from Word to the Wise, there was a statement released to Mashable yesterday “We take our users’ privacy and security very seriously; recent reports claiming otherwise are simply untrue. We have built industry-leading security and privacy features into Gmail — and no matter who sends an email to a Gmail user, those protections apply.”
http://mashable.com/2013/08/14/google-email-privacy-out-of-context/
The original Press Release
The redacted claim against Google
The motion to dismiss from Google
Laura Atkins Article: http://blog.wordtothewise.com/2013/08/gmail-says-no-expectation-of-privacy-kinda/
