Slashdot Mirror
Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws
New submitter SpacemanukBEJY.53u writes "In a declaration that could make Google very nervous, a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail. Judge Lucy Koh — who also heard the Apple-Samsung case — found Google's terms and conditions and privacy policy isn't clear to users. Koh subsequently allowed a class-action suit to proceed against the company (official ruling). The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."
Will this shit die already, this is getting tiring.
It is an automatic system.
I bet Microsoft is funding this, AGAIN.
The only conclusion I can draw from today's news is: terrorists don't read ads.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
The government isn't going to do anything to Google because Google is their biggest source of private citizen information.
If Google's recent resistance is more than just "theater" then maybe the NSA steps in and teaches Google how to scan all mail and not just Gmail.
I for one, am looking forward to my check for $0.23 as restitution for these atrocities. I still have a check for a dollar something on my fridge from the last class action I was apparently a part in. I think I'm just going to start collecting them.
Central Ohio Home Theater Installation - The Theater People
...she was(is?) the ringmaster for the Apple Samsung patent battle.
Personally if I wanted a decent tech judgement I'd move heaven and earth to end up before Judge Alsup (Oracle v Android)
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail
Meanwhile, the NSAs scanning of everyone's email can continue unabated. Nice how the law can be applied selectively...
Somehow I doubt "federal wiretapping laws" take into account how much the person being tapped does or does not enjoy the results.
THL phish sticks
Google isn't the only one that reads your mail.
If you have a Kindle Fire or Fire HD they are reading it too. I had the upsetting experience of reading an email on my Kindle Fire HD that announced my father's death and then not more than a few hours later was served a "recommendation" on my Kindle a book on how to write a Eulogy.
I deleted my email account information from the kindle and shut down the recommendation system on the device... and I told Amazon how creepy they were... At least Google hasn't served creepy ads like that... so far...
Maybe Amazon should learn from Google and adopt "Don't Be Creepy" as their motto. Are you listening, Mr. Bezos?
[By the way I tried at the time to put Amazon's actions up as a news story on Slashdot... but it was not picked up as a story...]
The same scrutiny would get applied to NSA's escapades but they get a free ride on everything.
Virus scanning is a service a provider can deliver to its customers.
Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.
...except in so far as it allows the service provider to make a profit thereby enabling the customer to get access to the service for free.
I wish I were as sure of anything as some people are of everything
If the clarity of terms of service is a yardstick for measuring the legality of the terms, then I can't help but wonder what percentage of ToS and EULAs are completely invalid by the same token.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
"Clear" in this probably means not ambiguous. Open for only one interpretation. Readable is not what they mean.
In fact those often contradict each other. If all alternate interpretations are ruled out then wording usually gets a bit complicated.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
Citation?
The judge mentions this in her ruling:
...generating user profiles or to provide targeted advertisements.
Spam filters and mail virus scanners don't do that.
It's beneficial to the customer, because it funds the free email service they are receiving.
If they don't like it, they can take their custom elsewhere. Where they will also still be sending and receiving plaintext email to a server that can read everything.
Email is an open protocol. The only way that you don't get your email read by things is to encrypt it.
I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
Yes, you and I are not allowed to listen in and record the feds.
“He’s not deformed, he’s just drunk!”
Email is more like a postcard - no effort is made to hide it's contents.
The USPS *does* routinely scan both external surfaces of all letters and postcards to determine where to send them.
too %%#&^# LAZY...can't even deliver the mail
As I understand it, that's actually a key part of Judge Koh's ruling: The *sender* of the email doesn't know that their email will be scanned for profit, only the receiver. And it's the sender's communication that's being wiretapped.
The sender "can't take their custom elsewhere".
Which is different from ToS and EULAs how?
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Google has been 100% up-front, since the day they announced the product, that they were going to pay for GMail by scanning your mail messages and guessing at relevant ads. They have made utterly no effort whatsoever to hide or obfuscate this fact.
Right cos those were soooooo effective at stopping anyone like the NSA tapping every wire ever. Or is this one of these things where it's ok if a government organisation does it, like how the US army can't commit terrorism because they are the "good guys"?
Simple precedent –telephone exchanges are not deemed to be wiretapping devices, despite scanning the content, and then conditionally forwarding it to a specific address.
There are some pretty interesting points raised in the case that I think should be addressed. I'm on google's side, the service that google provides me is worth their database about my habits. That's my choice and I knew it going in, even Microsoft advertises that Google does this. But privacy policies, EULAs and such have become stupidly complex. An average user can't be expected to read those tedious documents and I doubt if more then 1% fully read any of the contracts they click to accept. FTFA: "that a reasonable Gmail user who read the Privacy Policies would not have necessarily understood that her emails...". I can see this as a way to require human readable EULAs and privacy policies instead of the pages and pages of legalese that currently exist.
There's also the question of who "owns" the data in an email. If someone sends me an email, do they still own it and am I restricted in how I handle that email according to their wishes? Should they be informed that I'm saving the email on a server or that I've printed out a copy or that I run it through a spam filter? Most engineers would agree that I can do whatever I want to the email as that copy of the data is mine to use as I wish but IP lawyers can argue that I don't have the intellectual property rights to use the data except by whatever rights the owner has granted me.
I'm really hoping that this case can be appealed and finally set some precedence to some of the crazy shenanigans.
This is similar to many phone recording scenarios as well. In some states, only one party in the conversation needs to be aware a conversation is being record. In others, both parties must consent - that's why there is the "beep" you hear when a call is being recorded. The exception are wiretaps under warrant.
We kicked and screamed about our gov't collecting "meta-data". Yet, this is precisely what's happening by a corporate entitiy - they are extracting meta-data and acting upon it.
And, as someone else pointed out, this type of scanning is a lot different than scanning a message for viruses or malware. The only potential problem comes up when an email address is blacklisted based off one of these scans. At that point, it becomes akin to extracting meta-data as an action is taken against the sender without their consent.
If the court decides that mail providers cannot, on principle, be allowed to scan the content of a mail message then I don't see why it wouldn't affect content based spam filtering.
This case could have interesting ramifications for all mail providers if the court decides this violates wire-tap laws.
Paul Leader
>The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."
The ECPA says that email is different and that only watching the live transmission outside the normal checking of function of the email system by a person when not otherwise disclaimed by the privacy policy is the equivalent of a wiretap.
That's because email is a store and forward communication, not the equivalent of a phone call.
When the ECPA was written, it had to be written in a way that prevented turning all operators into felons when they weren't deliberately spying on their users. This is the "hole" (it's not really) that Google is using to justify the machine reading of email, if it's spelled out.
I have read the Gmail privacy statement. To me it covers their ass in this regard. The Gmail privacy statement applies just as much to incoming mail as it does to outgoing. But even if it doesn't, when you send email, unless it's encrypted, it's the equivalent of a postcard. Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it? That's not just my opinion, it's the opinion of everyone who knows anything about email. It's not a new concept, either. It's been expressed in books like my copy of the first edition of "Navigating The Internet" where the author introduced this "new thing" called the "web."
Calling this wiretapping and removing the safe-harbor sets a dangerous precedent and will turn all operators into felons.
While there is the desire to have complete privacy when it comes to email, unencrypted transmission and text negate any realistic expectation of privacy. Privacy starts with the user and ends with the user. If you don't want people reading your stuff (besides the fuckin' NSA spit), take measures to keep them from reading it. Instead of sending plain text on the postcard, encrypt the text with your (figurative) Ovaltine Decoder Ring and get your friends to use their decoder rings.
http://www.youtube.com/watch?v=zdA__2tKoIU
There is a crying need for transparent encryption methods in communication software, and it boggles my mind that this hasn't happened yet.
--
BMO - Drink more Ovaltine.
...turn it into ascii chars to send over https to your browser? Then, all email providers are guilty.
You may have a point. I am not a masochist so I don't read ToS's and Eula's, thus I don't know. They may very well be ambiguous. And in some cases that would probably make them invalid. I am not a lawyer so I can't say for sure.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
Mmm, but email is still an open protocol, from the days when everyone was trustworthy on the internet.
It's the equivalent of handing a postcard to a guy wearing a postmasters hat on the street, and saying "hey, can you get this to John Smith of Omaha?".
You have no say over how that guy delivers the service (if he delivers it at all). That card will be handed on through a number of pairs of hands. Each guy in the chain might copy it, read it, snigger about your pet names for your girlfriend, etc.
Now, imagine you had the same system, but you can put your mail in an envelope that's actually an indestructible lockbox which absolutely magically can't be opened without the key. The lockboxes are basically free, but the recipient has to do a little preparation in order to be able to open them. It's actually a lot better than postal mail, because people can steam paper envelopes much easier.
The problem is how email is presented to people. It's fundamental nature is unacceptable to people with privacy concerns, and if they actually knew that before starting to use it, they'd be better off.
I thought it was made pretty clear over the last few months that federal wiretap laws are worth less than used toiletpaper, so why is this a big deal?
Probably the NSA. Not directly, but this is the push back to all of the bad press they have been getting since the Snowden leaks. Hold Google and other service providers feet to the fire and they'll go to Congress begging to have the laws relaxed.
Oh, and once you've got your relaxed laws, Google, you'll be happy to share all that scraped data with us, right?
Have gnu, will travel.
I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
In this case, the user of Google Apps has volunteered to submit all mail that he's received from all of his correspondents for scanning by Google. That's part of the bargain for Google's rock-bottom pricing. I would think that third-party disclosure parameters would apply to the recipient domain's owners since they can choose to host their e-mail anywhere.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
considering the current NSA scandal...
If Google restricted their scanning to just emails that have been sent from the acocunt then they would be scanning only emails thast the user has given their consent to have scanned.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
I'd guess you're right on the money there. Could be they didn't make the right sort of payoff (sorry, "lobbying contribution") or they tried to kick back a weeny bit because they know their customers seriously dislike the idea of spooks reading their privileged, private communication (whether it be emails, metadata, or searches).
Although I think Google have become less idealistic over recent years (well, that's Wall St for you) they're still way off the bottom of the barrel. And by encrypting more of their traffic, they're aiming to force the TLA's to go through legal, open, accountable channels. And said TLA's are hardly going to stand for any of that "accountability" nonsense, so....
All your ghosts are just false positives.
So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
Indeed!
I'm thinking a Thunderbird add-on might be useful, which would scan the MX records of your would-be recipients and alert if any of them pointed to Gmail...
Mmm, no. A lot of email is encrypted in the paths beween email servers.
The real "Libtards" are the Libertarians!
The logic is that a public service is not the type of service that you should look at if you have privacy in mind. What would make sense is to run your own mail server.
Google is ok . It's what we do with a public service and what we expect of it that ain't .
Doesn't matter if it's encrypted on the wire. Unless the body of the mail is encrypted, the email server can still read it. Mail can be relayed through any number of intervening SMTP servers and it's only historical trend, not any intrinsic feature of the protocol, that means that the number of servers a given email passes through these days is pretty small (and for GMail to GMail, probably never leaves Google's network).
That's like saying the postcards are transported between postal depots in an armoured car, but the untrustworthy guys at each depot can still read them, copy them, etc. It's not what happens on the wire that concerns people (even if that should worry them too).
In exchange pun I get email that stays with me no matter the ISP I use. Plus storage space. Any file I really want I email to myself and place it in the folder called saved that I created Label create new saved Then I move what ever I want to keep, there. And select more filter messages like these, create filter with this search,delete it check box, also apply filter to matching conversations check box, then create filter. No spam ever. This is why I use gmail.
To follow : my employer also uses the same assertion...
I work for a government org. We have our own secure email server network. All mail within our domain travels across the wire from client to server and vice-versa encrypted (SSL), and only to mail servers that we control. There are classes of information we are only supposed to send to mail addresses on our own domain. We are encouraged to do so.
I *still* wouldn't trust it with anything I wanted to remain private, personally, because it's stored as plaintext [1] in a relatively few mail servers administered by a private company. Any sysadmin could dump the lot and sell it to an interested party. And I'm willing to bet that there are many interested parties with deeper pockets than the guys who pay Google to advertise at you.
For public email, it's the same problem, except you don't have the luxury of knowing where the servers your mail lands on are located, and who the sysadmins are.
Encryption is the only solution that limits the set of persons able to read that mail to the intended recipient [2]. If we established that as the standard means of private email rather than mucking about with our own private mail infrastructure, then we could send private mail to ANYONE, not just people privileged enough to have a mail address on our domain. [3]
Even if you encrypt your bodies, you can still harvest that contentious "metadata".
[1] even if the server has an encrypted file system, the mail records are plaintext within that, because the server has to read them
[2] assuming no-one screwed up their key management, software installation, personal workstation security, etc
[3] Alas, our data security guidelines were written by GCHQ, and have rather more of a focus on keeping escrowed access to data than actual data privacy. I guess those spy guys really don't trust ANYONE, including themselves, but their recommendations are just dumb for civil applications where trust is important and a system which can spoof signatures is unacceptable. We live in an era where gaining actual data privacy is far easier than systems that *appear* private but are riddled with nasty little loopholes and backdoors. Go figure.
But then Google assumes that all the emails sent via gmail is cc'd to Google. And then NSA assumes that all emails passing via USA is cc'd to NSA.
Concerning PRISM-style programs the government says, "you have no expectation of privacy (read: 4th Amendment rights) when working with 3rd party email systems" (as if there were some other kind for most people) Concerning Google ad-sense used for targeted advertising to subsidize free email the government says, "you have every expectation of privacy" In the first scenario, most of us are rightfully pissed because the government is perverting constitutional expectations of privacy. In the second scenario many of us recognize the need to monetize these sorts of services. This whole thing seems back assward.
Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.
It's absolutely beneficial to the customer. It's what allows the customer to get top quality e-mail services for $0/month.
Seems to me Yahoo, MS, etc. offer free email services without scanning email contents to sell ads.
And no, GMail isn't any better than either of those (nor is it more popular).
A sender does not alway know that the recipient is using gmail. Gmail can be configured to grab emails from other non-gmail POP3 based email account and to send email via these accounts with the "from" field showing the non-gmail address. Admittedly if you look at the full headers you can see the originator was gmail.
What's the relationship between (a) wiretap laws, and (b) the reasonable expectation of privacy?
Because if the NSA didn't need a court order to obtain my emails from Google, do the same factors imply Google had a right to scan those same emails?
Or are different legal issues at play in those two cases?
Either by regulation or agreement, if the scanner comes across the string "[DO NOT TRACK]" anywhere in the mail, scanning should stop and that data should be discarded... That would be the non-evil way to prevent unconsenting 3rd parties from being tracked.
If the goog loses this case, the paid-for Capitol Hill whores will make sure even very concept of a Class Action lawsuit will be rendered illegal.
Now, please rise for the Corporate National Anthem (C).
When a person uses USPS, they think they're using a system intended for The People and their communications needs. It's a system created as a public service by an act of .. uh, by the ratification of the Constitution. :-)
When a person uses gmail, they think they're using a commercial system primarily intended to make Google money at the users' expense. And since they don't pay money directly for it, they know the expense is going to involve all the myriad ways a person can be treated as a product rather than as a customer.
No gmail user believes that gmail's primary purpose is to serve the user, or that they have privacy. When gmail appeared, the first thing everyone thought was, "Oh, this weird idea, exists to increase Google's ad revenue."
FWIW, if the USPS had actually been initially established by an advertising company, for the purpose of opening and reading everyone's mail, and if all USPS' users knew that was happening, then it would be ok for them to do that. (Well, sort of ok. I would definitely want the prohibitions against direct competition removed...) Call it "SpyPost" and actually brag about how you read people's snailmails and insert related ads into them, and I really don't think there would be a problem. Just be up-front about it.
It's the whole up-frontness and lack of sneakiness and informed consent that makes it not be wiretapping. Unless... shit. Gmail's been around for a few years now. Might there be new kids who grew up, not realizing what it was or why it started? Could there actually exist some strange subset of population, who thinks gmail is normal email, rather than the bizarre exception to email that all of Slashdot knows it is? If there's a problem here, it's all going to come down to whether or not the signup pages help to make this obvious to laymen.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Because since at least the mid-1990s and probably earlier, you have been hearing, repeatedly ad nauseum, that all email which isn't encrypted, is assumed to not be private, just like how postcards aren't private. That's just the nature of email. When you were explaining how email works to your grandmother or granddaughter, and she asked if it's private, you told her "no, of course not. Lots of people can read your email, and you'll never even know who they all are." Right? You did honestly answer her question, didn't you? It's not like you didn't know the truth, Mr. Only-6-Digits-In-My-Slashdot-id.
You might as well complain that you didn't "consent" to buying a car which lacks the ability to fly. That's just how cars are. Private email is as exceptional as flying cars: it's something you only get if you go the extra mile to get it, it'll never be default.
What profile? Show me something I can read.
For the VAST majority of all Gmail users, that has been the known deal since they started.
It was free email, with automated targeted advertisement. This isn't news to any of us who remember when Gmail was a new thing.
It is THEIR free system, and people are free to chose another provider.
Do you think that server farms, huge pipes, high-end sysadmins, and high-end developers are free? For the purposes of free Gmail, as was ALWAYS a part of the deal, their targeted ads ARE just as necessary as parsing envelope headers.
THL phish sticks
Just because it's free doesn't make it right. Also, the other 'free' email service providers don't scan the content of the emails to create a profile of you.
Doesn't make it wrong either. My point was only that it was possible for users to derive value from it, as the GPs argument seemed to be that scanning the users email was OK so long as the user was benefiting.
Now perhaps other free email services don't scan your email (although maybe they do and they're just not as up front about it), but I personally think that's something the free market can sort out. I remember what free web mail services were like before GMail and personally I'm glad that Google got into the mail business because I think that their service is much better. And personally I'm quite happy to let Google's robots scan my mail to decide what adds to show. I consider that a small price to pay in exchange for an excellent free mail service.
However, I certainly recognize that that opinion is entirely my own subjective value judgement and that other people may not share it. That's perfectly fine. I would suggest that those people go ahead and not use GMail (rather than trying to have it outlawed so that I can't use it). I also recognize that there are some people that are concerned that even mail they send to other GMail users or that is just forwarded by Google's mail servers might also be scanned. I would suggest that those people might want to reconsider what they're sending over email and/or their use of email entirely, as, if they don't trust Google to handle this data responsibly, I don't know why they would trust any of the dozen or so other third parties that might handle their email in transit.
I wish I were as sure of anything as some people are of everything
This is part of a class-action lawsuit that was initiated by a group of private citizens, not a government entity.
Nobody is going to shut Google down. At worst, they have to pay a relatively small fee and send out a revised Privacy Notice that outlines their data collection methods more explicitly.
No, it is not a theory. Theories are based on evidence and the only thing you've spouted is pure conjecture.
What profile? Show me something I can read.
I think you have to work at Google to be able to read it.
I personally think that's something the free market can sort out.
I think that's something that the free market can sort out too, up until the market bumps up against illegal activities. A free market works best with proper rules and boundaries in place. If the law needs to change, great, let's change the law. But if someone in the free market is found breaking the law, they need to be tried before the law accordingly.
Yes, it is "core to the service" as it is how the service is paid for. Come back to the real world where people get paid to work and run services or start running your own that you pay for via some other mechanism than selling ads.
"That's our job."
And as many others have pointed out, the judge's logic is flawed as it would also outlaw the use of secretaries and interns reading mail (electronic or otherwise) for executives, politicians and, most likely, Judge Koh himself. Once you send correspondence to someone then they are free to do what they want with that correspondence including having others scan it for content. Granted, sometimes they are limited by confidentiality but then they wouldn't be soliciting that correspondence to be sent via unencrypted email.
If a gmail user has given permission to Google to scan the user's email for the purpose of giving the gmail user targeted ads is in violation of wiretapping laws, then the judge or his interns and secretaries are also in violation of similar laws regarding the US Mail. Also, email is the modern equivalent of the US Mail*, not the phone system so it shouldn't really be subject to wiretapping laws in the first place. it should be subject to the laws that cover the US Mail*.
*Substitute your local government Postal Authority if not in the US.
scanning the content? or meta data. But it helps to actually read the law. One of the exceptions provided in the wiretap act that makes it *not* a felony is if it is necessary to rendition of the service. The telephone company must be able to process the routing information (desired destination) to route the call. They do not need to monitor the contents of it. Similarly, even though google may find it *valuable* to them to monitor the contents of emails that does not make it a necessity for rendition of service.
Another example to put an even finer point on it: when calls were manually switched it was a fact of life that an operator would hear any chatter on the line before they unplugged. It might be hard to grasp now, but they were connected to the caller, completed the circuit to the recipient, and then disconnected themselves. Whatever they heard while completing the transaction was eavesdropping -- but it was also necessary incident to the rendition of service. At one time it was customary to wait a short time after being connected to give the operator time to disconnect.
Should be a law to remind consumers not to give their information to companies they don't trust to have their information nor to send their information to a customer of such company when said correspondent has told said company to track all correspondence.
Huge fines should be paid by all idiot consumers who fail to do so.
The recipient is the one who has given Google permission to do the reading and acting, just like the executive gives permission to the secretary to open correspondence, read correspondence and act on correspondence. There is a very strong likelihood that the ruling judge has done the same thing with interns. Kind of shows how clueless she is and how she lacks an ability to think abstract thoughts.
And the user gave the account administrator permission to make that decision so your point is what exactly? If I go far enough down the permission chain, the permission has become so diluted that it is no longer permission?
This is backwards. The entire way email is handled and transmitted means anyone can eavesdrop, not just Google. It's ridiculous to build a communications system which is completely transparent, then expect your privacy to be protected by laws. You are implicitly giving consent for unknown others to be able to read your email the moment you send it over the Internet. It's been stated over and over, your email is not like a sealed envelope, it's like a postcard and your message is readable by anyone who happens to glance at it.
If you want privacy, use an encrypted email system. If enough people who seem to want privacy would do this, one of these encrypted email systems might just reach critical mass and become a globally accepted standard thus solving this problem once and for all. But if you're just using regular email and complaining that NSA or Google is reading it, that's like talking with your friend over unencrypted VHF radio and getting upset that other people are listening in on your conversation.
The cellular phone companies already went down this road. Early cell phones used analog RF transmissions which anyone with an appropriate radio could tune to and listen in on. The FCC allocated some of the amateur radio bands to cellular and made it illegal to tune in to those bands, which was laughable because anyone with an older radio could switch to those channels and listen all day. As long as they didn't transmit, no one would know. The cellular companies fixed this the right way - modern digital transmissions are encrypted.
If you are paying for Google App's account they don't scan for Ad's.
I work at Google. You can read (and edit) your own profile right here:
www.google.com/settings/ads
It's really not that private stuff; here's four categories from my profile:
Business & Industrial
Business News
Computer & Video Games
Computer Components
The idea of a super-detailed profile is something with no original source, it has just been copied around the internet long enough that everyone accepts it as true. Of course you can claim that I'm not trustworthy, so below is an argument using only economics and public information.
There is no economic justification for a hyper-detailed profile. Here is why:
(1) Advertisers don't write ads for demographics so specific that there are only one or a few people in it. It is only in your interest to show to categories where many people apply, otherwise you are wasting your effort for no gain. Thus the worth of a profile is only in generalities.
(2) Specific keywords can be handled when the query is made or the page/email is shown. Just about all internet advertising is just-in-time like this, since anything else involves lots of serving-accessible storage which costs money. Even then, if the keyword only applies to a few people, the advertiser is wasting time as per #1.
(3) Every computation costs money. In advertising, if the cost to compute > incremental profit, you don't do it. The worth of a profile is only in its generalities as per #1, so that's the only thing worth computing, storing, and retrieving.
(4) If having a detailed profile on everyone was the holy grail of advertising, facebook would be making a lot more money per page view.
Well, I meant read about it. Article, EULA, something like that.
Once you send out an e-mail, you've given up all rights to what the recipient does with it. If he wants to post the contents on a billboard, ridicule you in public, or yes, have Google scan it in return for providing free e-mail service, that's their right.
Google should just go directly to NSA, request access to the "lock box", and cut out the middle delays.
Google should register itself as a Political Party.
Casteism