A couple questions in the previous discussion thread about the Google privacy case. Both concern permission granted to Google to scan emails.
Google’s stance about this is fairly simple.
Gmail users give explicit permission for their mail to be scanned.
People who send mail to Gmail users give implicit permission for their mail to be scanned.
The plaintiff’s lawyers are alleging that some subset of gmail users – specifically those at Universities that use Google apps and ISP customers like CableOne – did not give explicit permission for their mail to be scanned by Google. They’re also arguing no senders give permission.
In addition to the lack of permission, the plaintiffs lawyers are arguing that Google’s behaviour is in violation of Google’s own policies.
Google thinks scanning is part of the ordinary course of business and they’re doing nothing wrong.
This is an interesting case. I think anyone who knows about email understands that the people who run the mail server have the ability to read anything that goes through. But a lot of us trust that most postmaster and admin types consider it unprofessional to look at mail without a decent reason. There are good reasons an admin might need to go into a mail spool.
Automated filtering is simply a part of life on the internet these days. Mails have to be scanned for viruses, spam and, yes, they are scanned for targeted advertising. I’m not convinced Google is outside the norm when they say that any emails sent through Google is personal information given too Google and therefore Google can use that information in accordance with their policies.
Questions on Google lawsuit post
Q
RSS - Posts
Google is tracking you.
I admin a sendmail server and I found this site looking for info about myvzw spam. So I’d say I’m probably qualified to testify against Google on this subject, though I have nothing against them (yet), as I use them a lot and I understand what they are doing. I remember a few years back when gmail and yahoo (and actually hotmail) where major spam relays, probably through hacked or fake accounts. But that is very easy to track simply by looking the numbers sent from each account, doesn’t require any scanning at all.
With a large server it might be quite easy to scan outgoing messages, as they go into the queue, but a queue is designed to balance the server load and serves no other purpose (if a user had a trojan sending out spam it would not go through gmail at all). On my small server there is never anything in the mail queue, except for delayed mail (temporary fails).
Google user emails are (usually) not sent TO Google, they are sent THROUGH gmail servers TO some other server. This information is not sent to Google at all, unless the user is using their webmail interface (which is really no different as far as I’m concerned). I haven’t read everything so I don’t know the scope of the suit but I assume any email sent through gmail is scanned, even that using direct smtp delivery.
So any common gmail user is going to assume that any message they send to someone else is private between them and that (as far as I can see) no permission was given to Google to “check it out” first. The User Policy needs to explicitly state that any message sent using their service may be scanned and what for, I don’t see that it actually says that, though I only read what was posted here (hey, I’m a busy guy).
And of course the incoming email is being scanned and filtered for the users benefit, and senders would expect this, but the sender does not know about any Google user policy, nor would anyone assume that it would apply to them. And besides, I am quite sure that Google has no interest in incoming mail at all – they want to track their own users, that is what Google does.
Everyone that uses Google services should realize that they track everything you do, but that doesn’t really give them the right or a reason to scan their user’s personal email.
If they win this then I expect that will open the doors for any ISP scan their users’ private messages all they want. They do this solely for their own profit. This is just another drop in the bucket.
Thanks for the articles, by the way.