Slashdot Mirror
Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws
New submitter SpacemanukBEJY.53u writes "In a declaration that could make Google very nervous, a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail. Judge Lucy Koh — who also heard the Apple-Samsung case — found Google's terms and conditions and privacy policy isn't clear to users. Koh subsequently allowed a class-action suit to proceed against the company (official ruling). The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."
Will this shit die already, this is getting tiring.
It is an automatic system.
I bet Microsoft is funding this, AGAIN.
The only conclusion I can draw from today's news is: terrorists don't read ads.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
The government isn't going to do anything to Google because Google is their biggest source of private citizen information.
If Google's recent resistance is more than just "theater" then maybe the NSA steps in and teaches Google how to scan all mail and not just Gmail.
I for one, am looking forward to my check for $0.23 as restitution for these atrocities. I still have a check for a dollar something on my fridge from the last class action I was apparently a part in. I think I'm just going to start collecting them.
Central Ohio Home Theater Installation - The Theater People
...she was(is?) the ringmaster for the Apple Samsung patent battle.
Personally if I wanted a decent tech judgement I'd move heaven and earth to end up before Judge Alsup (Oracle v Android)
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Virus scanning is a service a provider can deliver to its customers.
Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.
a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail
Meanwhile, the NSAs scanning of everyone's email can continue unabated. Nice how the law can be applied selectively...
no Google does not.
The goverment has already shown that wiretap laws are just for show and does not need to be followed.
then why can't the USPS open letters, scan them, then reseal and deliver them?
Google isn't the only one that reads your mail.
If you have a Kindle Fire or Fire HD they are reading it too. I had the upsetting experience of reading an email on my Kindle Fire HD that announced my father's death and then not more than a few hours later was served a "recommendation" on my Kindle a book on how to write a Eulogy.
I deleted my email account information from the kindle and shut down the recommendation system on the device... and I told Amazon how creepy they were... At least Google hasn't served creepy ads like that... so far...
Maybe Amazon should learn from Google and adopt "Don't Be Creepy" as their motto. Are you listening, Mr. Bezos?
[By the way I tried at the time to put Amazon's actions up as a news story on Slashdot... but it was not picked up as a story...]
Woah! We have federal wiretapping laws????
The same scrutiny would get applied to NSA's escapades but they get a free ride on everything.
If the clarity of terms of service is a yardstick for measuring the legality of the terms, then I can't help but wonder what percentage of ToS and EULAs are completely invalid by the same token.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
"Clear" in this probably means not ambiguous. Open for only one interpretation. Readable is not what they mean.
In fact those often contradict each other. If all alternate interpretations are ruled out then wording usually gets a bit complicated.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
. . . "don't be evil" ???
The judge mentions this in her ruling:
...generating user profiles or to provide targeted advertisements.
Spam filters and mail virus scanners don't do that.
A class action lawsuit? Oh my god, Google must be literally quaking in their boots!
In a few years time, they'll have to settle and give everyone affected a $5 credit voucher off your next Adwords purchase (minimum spend $50). And the lawyers involved tens of millions of cold hard cash, naturally.
I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
Which is different from ToS and EULAs how?
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Laws? They're for the little people.
I think the $18 Million that Google spent on lobbying in 2012 will help the court see sense.
Google has been 100% up-front, since the day they announced the product, that they were going to pay for GMail by scanning your mail messages and guessing at relevant ads. They have made utterly no effort whatsoever to hide or obfuscate this fact.
Right cos those were soooooo effective at stopping anyone like the NSA tapping every wire ever. Or is this one of these things where it's ok if a government organisation does it, like how the US army can't commit terrorism because they are the "good guys"?
There are some pretty interesting points raised in the case that I think should be addressed. I'm on google's side, the service that google provides me is worth their database about my habits. That's my choice and I knew it going in, even Microsoft advertises that Google does this. But privacy policies, EULAs and such have become stupidly complex. An average user can't be expected to read those tedious documents and I doubt if more then 1% fully read any of the contracts they click to accept. FTFA: "that a reasonable Gmail user who read the Privacy Policies would not have necessarily understood that her emails...". I can see this as a way to require human readable EULAs and privacy policies instead of the pages and pages of legalese that currently exist.
There's also the question of who "owns" the data in an email. If someone sends me an email, do they still own it and am I restricted in how I handle that email according to their wishes? Should they be informed that I'm saving the email on a server or that I've printed out a copy or that I run it through a spam filter? Most engineers would agree that I can do whatever I want to the email as that copy of the data is mine to use as I wish but IP lawyers can argue that I don't have the intellectual property rights to use the data except by whatever rights the owner has granted me.
I'm really hoping that this case can be appealed and finally set some precedence to some of the crazy shenanigans.
This is typical anti-company behavior by the federal government.
Regardless of the discussion if they are right or wrong, Google was not bothered in the past, so apparently they pissed someone off at the federal level and now they are out to shut them down. ( and i'm sure extort them on the ride ).
I bet they were asked to do something way out of line and declined and now will pay the price with complete shut down. But that is just theory.
---- Booth was a patriot ----
If the court decides that mail providers cannot, on principle, be allowed to scan the content of a mail message then I don't see why it wouldn't affect content based spam filtering.
This case could have interesting ramifications for all mail providers if the court decides this violates wire-tap laws.
Paul Leader
>The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."
The ECPA says that email is different and that only watching the live transmission outside the normal checking of function of the email system by a person when not otherwise disclaimed by the privacy policy is the equivalent of a wiretap.
That's because email is a store and forward communication, not the equivalent of a phone call.
When the ECPA was written, it had to be written in a way that prevented turning all operators into felons when they weren't deliberately spying on their users. This is the "hole" (it's not really) that Google is using to justify the machine reading of email, if it's spelled out.
I have read the Gmail privacy statement. To me it covers their ass in this regard. The Gmail privacy statement applies just as much to incoming mail as it does to outgoing. But even if it doesn't, when you send email, unless it's encrypted, it's the equivalent of a postcard. Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it? That's not just my opinion, it's the opinion of everyone who knows anything about email. It's not a new concept, either. It's been expressed in books like my copy of the first edition of "Navigating The Internet" where the author introduced this "new thing" called the "web."
Calling this wiretapping and removing the safe-harbor sets a dangerous precedent and will turn all operators into felons.
While there is the desire to have complete privacy when it comes to email, unencrypted transmission and text negate any realistic expectation of privacy. Privacy starts with the user and ends with the user. If you don't want people reading your stuff (besides the fuckin' NSA spit), take measures to keep them from reading it. Instead of sending plain text on the postcard, encrypt the text with your (figurative) Ovaltine Decoder Ring and get your friends to use their decoder rings.
http://www.youtube.com/watch?v=zdA__2tKoIU
There is a crying need for transparent encryption methods in communication software, and it boggles my mind that this hasn't happened yet.
--
BMO - Drink more Ovaltine.
ITT: People who love google more than privacy.
Google really never is evil. They are so powerful, they just redefine evil as necessary, and everyone eats it up.
...turn it into ascii chars to send over https to your browser? Then, all email providers are guilty.
You may have a point. I am not a masochist so I don't read ToS's and Eula's, thus I don't know. They may very well be ambiguous. And in some cases that would probably make them invalid. I am not a lawyer so I can't say for sure.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
I thought it was made pretty clear over the last few months that federal wiretap laws are worth less than used toiletpaper, so why is this a big deal?
I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
In this case, the user of Google Apps has volunteered to submit all mail that he's received from all of his correspondents for scanning by Google. That's part of the bargain for Google's rock-bottom pricing. I would think that third-party disclosure parameters would apply to the recipient domain's owners since they can choose to host their e-mail anywhere.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
considering the current NSA scandal...
If Google restricted their scanning to just emails that have been sent from the acocunt then they would be scanning only emails thast the user has given their consent to have scanned.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
...and I bet they'd change their mind real fast, kissing Google's ass overnight.
Speaking of which, why is there no requirement to be clear and upfront in these same terms of service about handing over data to the NSA? This government is pure fucking hypocrisy. Government can get away with anything; hell, companies can get away with anything as long as the government is benefiting from it; yet, if a company does something that is for their own gain using the same questionable moral ideas then the government sees a reason to let a lawsuit proceed.
I'm no lawyer but you can not write a contract that violates federal law. If the law is interpreted in such a way that say email carrier can not read their clients mail it is irrelevant whether the clients agree or not.
Because no one get's to abuse Federal Wiretap laws unless you are the Feds. ..... then it's okay.... think of the children
So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
Indeed!
I'm thinking a Thunderbird add-on might be useful, which would scan the MX records of your would-be recipients and alert if any of them pointed to Gmail...
... because the NSA hates competition.
!#@%*)anks for hanging up the phone, dear.
The logic is that a public service is not the type of service that you should look at if you have privacy in mind. What would make sense is to run your own mail server.
Google is ok . It's what we do with a public service and what we expect of it that ain't .
In exchange pun I get email that stays with me no matter the ISP I use. Plus storage space. Any file I really want I email to myself and place it in the folder called saved that I created Label create new saved Then I move what ever I want to keep, there. And select more filter messages like these, create filter with this search,delete it check box, also apply filter to matching conversations check box, then create filter. No spam ever. This is why I use gmail.
But then Google assumes that all the emails sent via gmail is cc'd to Google. And then NSA assumes that all emails passing via USA is cc'd to NSA.
Only the NSA should be able to do this
Concerning PRISM-style programs the government says, "you have no expectation of privacy (read: 4th Amendment rights) when working with 3rd party email systems" (as if there were some other kind for most people) Concerning Google ad-sense used for targeted advertising to subsidize free email the government says, "you have every expectation of privacy" In the first scenario, most of us are rightfully pissed because the government is perverting constitutional expectations of privacy. In the second scenario many of us recognize the need to monetize these sorts of services. This whole thing seems back assward.
Google: "Here's another key, and we'll be providing monthly reports."
NSA: "Thank you, I don't see anything wrong here."
US "Justice" System: "Definitely no problem here, carry on."
http://www.google.com/intl/en/policies/terms/
"When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."
When you submit content, they can use it.
The profile would be the derivative work so your content works better with their services.
If you send an email to @gmail.com, you're submitting content to a Google Service.
Either the judge is an idiot, or her ruling is a bit more sophisticated than the soundbite.
A sender does not alway know that the recipient is using gmail. Gmail can be configured to grab emails from other non-gmail POP3 based email account and to send email via these accounts with the "from" field showing the non-gmail address. Admittedly if you look at the full headers you can see the originator was gmail.
What's the relationship between (a) wiretap laws, and (b) the reasonable expectation of privacy?
Because if the NSA didn't need a court order to obtain my emails from Google, do the same factors imply Google had a right to scan those same emails?
Or are different legal issues at play in those two cases?
Either by regulation or agreement, if the scanner comes across the string "[DO NOT TRACK]" anywhere in the mail, scanning should stop and that data should be discarded... That would be the non-evil way to prevent unconsenting 3rd parties from being tracked.
If the goog loses this case, the paid-for Capitol Hill whores will make sure even very concept of a Class Action lawsuit will be rendered illegal.
Now, please rise for the Corporate National Anthem (C).
Because since at least the mid-1990s and probably earlier, you have been hearing, repeatedly ad nauseum, that all email which isn't encrypted, is assumed to not be private, just like how postcards aren't private. That's just the nature of email. When you were explaining how email works to your grandmother or granddaughter, and she asked if it's private, you told her "no, of course not. Lots of people can read your email, and you'll never even know who they all are." Right? You did honestly answer her question, didn't you? It's not like you didn't know the truth, Mr. Only-6-Digits-In-My-Slashdot-id.
You might as well complain that you didn't "consent" to buying a car which lacks the ability to fly. That's just how cars are. Private email is as exceptional as flying cars: it's something you only get if you go the extra mile to get it, it'll never be default.
In this case, the user of Google Apps has volunteered to submit all mail that he's received from all of his correspondents for scanning by Google.
The *account administrator* consented, not the *user*. In the case of a Google Apps account, in contrast to a Gmail account, those are usually two different people. Wiretap is criminal law. The question is whether a third-party breach of contract (administrator failing to notify users) is a valid defense. That depends on a shitload of other factors.
"That's our job."
Should be a law to remind consumers not to give their information to companies they don't trust to have their information nor to send their information to a customer of such company when said correspondent has told said company to track all correspondence.
Huge fines should be paid by all idiot consumers who fail to do so.
The recipient is the one who has given Google permission to do the reading and acting, just like the executive gives permission to the secretary to open correspondence, read correspondence and act on correspondence. There is a very strong likelihood that the ruling judge has done the same thing with interns. Kind of shows how clueless she is and how she lacks an ability to think abstract thoughts.
And the user gave the account administrator permission to make that decision so your point is what exactly? If I go far enough down the permission chain, the permission has become so diluted that it is no longer permission?
This is backwards. The entire way email is handled and transmitted means anyone can eavesdrop, not just Google. It's ridiculous to build a communications system which is completely transparent, then expect your privacy to be protected by laws. You are implicitly giving consent for unknown others to be able to read your email the moment you send it over the Internet. It's been stated over and over, your email is not like a sealed envelope, it's like a postcard and your message is readable by anyone who happens to glance at it.
If you want privacy, use an encrypted email system. If enough people who seem to want privacy would do this, one of these encrypted email systems might just reach critical mass and become a globally accepted standard thus solving this problem once and for all. But if you're just using regular email and complaining that NSA or Google is reading it, that's like talking with your friend over unencrypted VHF radio and getting upset that other people are listening in on your conversation.
The cellular phone companies already went down this road. Early cell phones used analog RF transmissions which anyone with an appropriate radio could tune to and listen in on. The FCC allocated some of the amateur radio bands to cellular and made it illegal to tune in to those bands, which was laughable because anyone with an older radio could switch to those channels and listen all day. As long as they didn't transmit, no one would know. The cellular companies fixed this the right way - modern digital transmissions are encrypted.
If you are paying for Google App's account they don't scan for Ad's.
This is not that gmail is scanning the emails of it's users, it's that it's scanning the emails sent to it's users; it's building a profile of that data, and storing it. In postage terms it's like signing up for a discount PO Box service through a third party; you get the discount because you agree that they can open your mail scan it and write down key terms from the letter to send you flyers. The person sending you the letter might not know or agree to this as it invades their reasonable belief of privacy.
Once you send out an e-mail, you've given up all rights to what the recipient does with it. If he wants to post the contents on a billboard, ridicule you in public, or yes, have Google scan it in return for providing free e-mail service, that's their right.
What's the problem with theses people? If they don't like it then don't use the service and don't send email to anyone who uses a gmail account. It's plain and simple. You shouldnt use software if you don't agree to the EULA, right? You can't expect to have privacy when making a phone call in a police station. Is the person being called aware that they too shouldnt expect privacy when they receive the call? I can go on and on... This is getting old and tired really fast. Maybe they should use snail mail again, at least paying postage guarantees their privacy, right?
Google should just go directly to NSA, request access to the "lock box", and cut out the middle delays.
Google should register itself as a Political Party.
Casteism