Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws

New submitter SpacemanukBEJY.53u writes "In a declaration that could make Google very nervous, a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail. Judge Lucy Koh — who also heard the Apple-Samsung case — found Google's terms and conditions and privacy policy isn't clear to users. Koh subsequently allowed a class-action suit to proceed against the company (official ruling). The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."

Oh for crying out loud

Will this shit die already, this is getting tiring.

It is an automatic system.

I bet Microsoft is funding this, AGAIN.

Re:Oh for crying out loud

[Monoman]

You beat me to it.

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?

Re:Oh for crying out loud

[MozeeToby]

I agree with you to some extent. An algorithm searching for keywords and displaying appropriate ads? I really don't have a problem with that. Where I do have an issue is where the information gleaned goes into a big database that Google has on me. A big database that can be subpoenaed, or leaked, or stolen. A database that slowly but surely includes information from nearly every act of communication and internet usage. Even if I were to opt out of Google's services, the fact is if I send an email it's likely going to a gmail address, if I browse the internet there are likely Google servers providing parts of the page.

Re:Oh for crying out loud

By this logic, all mail virus scanners are also guilty.

Barracuda should be worries about that.

The GMail algorithm goes "hey, this guy is talking about being dissatisfied with his job lets promote som job services in the ad space" (yeah, if you think the Google context ads are just simpel keywords think again)

The Barracuda algorithm goes "6e 6f 72 6d 61 6c 20 63 6f 64 65... ok so far so good.. 76 69 72 75 73.. holy shit, stop that"

Re:Oh for crying out loud

You beat me to it.

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?

"Scanning" can mean very different things. GMail scans and extract the meaning of the communication (as best it can and it is getting quite good) *and* then files this in the permanent marketing profile they have on you and which they continue to build on and reuse. So they are extracting, saving, using and building a database of meaningful content from your email and about you. Other forms of scanning is without actually extracting the content itself, and not storing it in a database on you. This is clearly not exactly the same.

You can still think this ruling against Google is silly, but we should be precise on distinctions like that.

Re:Oh for crying out loud

[newcastlejon]

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why?

Debatable, depending on whether or not such a clause falls foul of laws on unfair contract terms.

Does the answer change when the communications include a parties that didn't accept the EULA?

Initially I would say yes, but on the other hand giving out your gmail address knowing that your mail will be scanned would shift the onus onto you in my opinion. In other words, if you want private contact between you and another party you shouldn't be using a service like gmail. Hell, I haven't read the gmail EULA and even I know that they effectively read my email; it's pretty much Google's business model.

Re:Oh for crying out loud

[Mr.+Slippery]

Is isn't privacy. Email is an open protocol.

The wiretap law apparently says otherwise, which is why this has come up.

Yes, as a practical matter, don't assume e-mail to be private. The question here, however, is legal, not practical/crypographic.

Re:Oh for crying out loud

[sjames]

So if I send you an email at blah@hggdfshjd.org and it forwards to your gmail account (that I don't even know you have), where is my knowledge and consent to the scanning and storing?

That's right, there isn't any.

Re:Oh for crying out loud

[AJH16]

You have to extract meaning to perform SPAM filtering. The irony is we may prevent targeted advertising on GMail and instead get blown away by SPAM everywhere.

Re:Oh for crying out loud

[Hamsterdan]

"So they are extracting, saving, using and building a database of meaningful content from your email and about you. "

So does the NSA, yet in NSA's case it's not considered illegal

Re:Oh for crying out loud

[Mitsoid]

If i send you an e-mail @hggdfshjd.org, how do i know your storage or e-mail handling policy?

E-mail has no reasonable expectation of privacy or secrecy. If anything, it is nowadays considered standard that your e-mail will be stored for at least 30 days, or until deleted. Unless you send an e-mail to a government address, then it's longer depending on the branch/locality/etc... or if it's to someone in the financial industry.. then it's saved even if it's deleted (until requested by a probe, then it's deleted)... My point is, everyone has a different policy, and no e-mail between two people can be ensured privacy and secrecy on unencrypted messages. when going between two distant servers

Also, when the message does arrive, regardless of service, the message will also be scanned by a junkmail filter. It will also, likely, be parsed by the recipients mail filter setting, and also by their anti-virus, anti-phising, and other anti-whatever systems. What makes Gmail's system different? If i submit a message to my ISP as junk, I'm releasing your e-mail to a 3rd party without your consent, and half a dozen machines will read it, process it, and act on it.

If we block recipient mail systems from "automated-reading" of messages, we effectively make it illegal to filter ALL junk, spam, and phising protections.
With the track record of poorly-worded laws we've had, I'd rather assume privacy/secrecy risks myself with encryption, than allow judges, lawyers, and elected officials choose the wording.

Re:Oh for crying out loud

Once you send an e-mail to me, that's no longer your property, it's mine now, and I consent to it being indexed. Even if I wasn't using GMail, I'd be using another mail system that indexed my e-mails so I could search them later, and there's nothing you can do about that.

Just realize that you do not retain property rights to things you send me, and then you'll understand how stupid this suit is.

Re:Oh for crying out loud

[Dishevel]

Here is a real problem as well.

I like my targeted ads. They are way better than the non targeted ads. Every great once in a while they are even useful.

Lucy Koh isn't the brightest judge on the planet

[maroberts]

...she was(is?) the ringmaster for the Apple Samsung patent battle.

Personally if I wanted a decent tech judgement I'd move heaven and earth to end up before Judge Alsup (Oracle v Android)

Re:Virus scanning is a service

[gandhi_2]

Somehow I doubt "federal wiretapping laws" take into account how much the person being tapped does or does not enjoy the results.

I wish

[no-body]

The same scrutiny would get applied to NSA's escapades but they get a free ride on everything.

Re:Virus scanning is a service

[mjtaylor24601]

Virus scanning is a service a provider can deliver to its customers.

Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.

...except in so far as it allows the service provider to make a profit thereby enabling the customer to get access to the service for free.

Re:The REAL news of the day...

[fustakrakich]

Yes, you and I are not allowed to listen in and record the feds.

What about spam filtering?

[NoNeeeed]

If the court decides that mail providers cannot, on principle, be allowed to scan the content of a mail message then I don't see why it wouldn't affect content based spam filtering.

This case could have interesting ramifications for all mail providers if the court decides this violates wire-tap laws.

Re:Federal wiretapping laws

[FatLittleMonkey]

NSA doesn't tap wires. They tap fibre.

No, no it doesn't.

[bmo]

>The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."

The ECPA says that email is different and that only watching the live transmission outside the normal checking of function of the email system by a person when not otherwise disclaimed by the privacy policy is the equivalent of a wiretap.

That's because email is a store and forward communication, not the equivalent of a phone call.

When the ECPA was written, it had to be written in a way that prevented turning all operators into felons when they weren't deliberately spying on their users. This is the "hole" (it's not really) that Google is using to justify the machine reading of email, if it's spelled out.

I have read the Gmail privacy statement. To me it covers their ass in this regard. The Gmail privacy statement applies just as much to incoming mail as it does to outgoing. But even if it doesn't, when you send email, unless it's encrypted, it's the equivalent of a postcard. Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it? That's not just my opinion, it's the opinion of everyone who knows anything about email. It's not a new concept, either. It's been expressed in books like my copy of the first edition of "Navigating The Internet" where the author introduced this "new thing" called the "web."

Calling this wiretapping and removing the safe-harbor sets a dangerous precedent and will turn all operators into felons.

While there is the desire to have complete privacy when it comes to email, unencrypted transmission and text negate any realistic expectation of privacy. Privacy starts with the user and ends with the user. If you don't want people reading your stuff (besides the fuckin' NSA spit), take measures to keep them from reading it. Instead of sending plain text on the postcard, encrypt the text with your (figurative) Ovaltine Decoder Ring and get your friends to use their decoder rings.

http://www.youtube.com/watch?v=zdA__2tKoIU

There is a crying need for transparent encryption methods in communication software, and it boggles my mind that this hasn't happened yet.

--
BMO - Drink more Ovaltine.

Re:No, no it doesn't.

[garutnivore]

Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it?

The comparison is not apposite. What Google does is akin to postal workers scanning postcards and storing them in a database which is used to profile people so as to push services on them. You can be certain that if postal workers did this, then there would be an outcry.

That's not just my opinion, it's the opinion of everyone who knows anything about email.

I've been an email postmaster since the early 90s. Your opinion is not by any means representative of "the opinion of everyone who knows anything about email." The issue is not storing the emails but the damn data mining that Google performs on them. I've never data-mined the emails stored on my server, nor have the postmasters that I've had the pleasure to work with. As a matter of fact, we take measures to avoid accidentally looking at people's emails. That they are not encrypted does not make it okay to snoop. It's called having a sense of ethics.

And we (me and the postmasters I've worked with) all think what Google is doing is shit.

Re:No they're not...

[Imagix]

Actually, many spam filters do. They're not just blind pattern matchers, they do have algorithms that continue to tune the filters' effectiveness, even without human intervention. They may also download other databases from their home (like Barracudacentral), but that's so that your spam filter can take advantage of the tuning that the other thousands of other spam filters are assembling as well (which might get your filter one jump ahead of a spam blast as a filter in Chicago has already seen the blast, but it hasn't reached Seattle yet...).

Re:How could Google have been any MORE clear?

[Todd+Knarr]

No, but the person you're sending the e-mail to has. When you send physical mail to someone, you don't know if they've got a secretary opening and reading all their mail for them. They could even have an outside company doing it (what, you think Hollywood stars and politicians read and answer their own fan or constituent mail?). And the law has absolutely no problem with this, nor with the idea that if this will be a problem for you as the sender then it's your responsibility to sort this out with the recipient before sending your mail.