Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws

← Back to Stories (view on slashdot.org)

Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws

Posted by Soulskill on Friday September 27, 2013 @12:52AM from the google's-lawyers-must-be-busy-folk dept.

New submitter SpacemanukBEJY.53u writes "In a declaration that could make Google very nervous, a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail. Judge Lucy Koh — who also heard the Apple-Samsung case — found Google's terms and conditions and privacy policy isn't clear to users. Koh subsequently allowed a class-action suit to proceed against the company (official ruling). The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."

36 of 325 comments (clear)

Min score:

Reason:

Sort:

Oh for crying out loud by Anonymous Coward · 2013-09-27 00:55 · Score: 5, Insightful

Will this shit die already, this is getting tiring.
It is an automatic system.
I bet Microsoft is funding this, AGAIN.
1. Re:Oh for crying out loud by gandhi_2 · 2013-09-27 00:57 · Score: 4, Interesting
  
  By this logic, all mail virus scanners are also guilty.
  Barracuda should be worries about that.
  
  --
  THL phish sticks
2. Re:Oh for crying out loud by Monoman · 2013-09-27 01:04 · Score: 4, Insightful
  
  You beat me to it.
  So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?
  
  --
  Keep the Classic Slashdot.
3. Re:Oh for crying out loud by MozeeToby · 2013-09-27 01:13 · Score: 5, Insightful
  
  I agree with you to some extent. An algorithm searching for keywords and displaying appropriate ads? I really don't have a problem with that. Where I do have an issue is where the information gleaned goes into a big database that Google has on me. A big database that can be subpoenaed, or leaked, or stolen. A database that slowly but surely includes information from nearly every act of communication and internet usage. Even if I were to opt out of Google's services, the fact is if I send an email it's likely going to a gmail address, if I browse the internet there are likely Google servers providing parts of the page.
4. Re:Oh for crying out loud by Anonymous Coward · 2013-09-27 01:15 · Score: 3, Insightful
  
  By this logic, all mail virus scanners are also guilty.
  Barracuda should be worries about that.
  The GMail algorithm goes "hey, this guy is talking about being dissatisfied with his job lets promote som job services in the ad space" (yeah, if you think the Google context ads are just simpel keywords think again)
  The Barracuda algorithm goes "6e 6f 72 6d 61 6c 20 63 6f 64 65... ok so far so good.. 76 69 72 75 73.. holy shit, stop that"
5. Re:Oh for crying out loud by Anonymous Coward · 2013-09-27 01:31 · Score: 5, Insightful
  
  You beat me to it.
  So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?
  "Scanning" can mean very different things. GMail scans and extract the meaning of the communication (as best it can and it is getting quite good) *and* then files this in the permanent marketing profile they have on you and which they continue to build on and reuse. So they are extracting, saving, using and building a database of meaningful content from your email and about you. Other forms of scanning is without actually extracting the content itself, and not storing it in a database on you. This is clearly not exactly the same.
  You can still think this ruling against Google is silly, but we should be precise on distinctions like that.
6. Re:Oh for crying out loud by mystikkman · 2013-09-27 01:34 · Score: 3, Informative
  
  ... on terms which you have accepted in using the service
  Please read the article. The judge specifically said that the "terms are service" are vague and don't indicate that user profiles are being built.
7. Re:Oh for crying out loud by newcastlejon · 2013-09-27 01:47 · Score: 3, Insightful
  
  So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why?
  Debatable, depending on whether or not such a clause falls foul of laws on unfair contract terms.
  
  Does the answer change when the communications include a parties that didn't accept the EULA?
  Initially I would say yes, but on the other hand giving out your gmail address knowing that your mail will be scanned would shift the onus onto you in my opinion. In other words, if you want private contact between you and another party you shouldn't be using a service like gmail. Hell, I haven't read the gmail EULA and even I know that they effectively read my email; it's pretty much Google's business model.
  
  --
  If God forks the Universe every time you roll a die, he'd better have a damned good memory.
8. Re:Oh for crying out loud by Mr.+Slippery · 2013-09-27 02:04 · Score: 3, Insightful
  
  Is isn't privacy. Email is an open protocol.
  The wiretap law apparently says otherwise, which is why this has come up.
  Yes, as a practical matter, don't assume e-mail to be private. The question here, however, is legal, not practical/crypographic.
  
  --
  Tom Swiss | the infamous tms | my blog
  You cannot wash away blood with blood
9. Re:Oh for crying out loud by dissy · 2013-09-27 02:10 · Score: 4, Informative
  
  So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?
  Here is the very first email Google sent to me when I signed up for Gmail service. Bold is added by me.
  Just due to the fact Google already does explain it clearly in their (obviously unread) EULA, as well as in their welcome email, and on more than one help/support page, I doubt explaining it yet another time would make any difference to these people.
  ----------
  
  Gmail Team 6/25/04 to me
  First off, welcome. And thanks for agreeing to help us test Gmail. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations.
  So what else is new?
  Gmail has many other special features that will become apparent as you use your account. Youâ(TM)ll find answers to most of your questions in our searchable help section, which includes a Getting Started guide. You'll find information there on such topics as:
  How to use address auto-complete
  Setting up filters for incoming mail
  Using advanced search options
  You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.
  You're one of the very first people to use Gmail. Your input will help determine how it evolves, so we encourage you to send your feedback, suggestions and questions to us. But mostly, we hope you'll enjoy experimenting with Google's approach to email.
  Speedy Delivery,
  The Gmail Team
10. Re:Oh for crying out loud by Anonymous Coward · 2013-09-27 02:13 · Score: 3, Interesting
  
  Yahoo has been doing this off-and-on for the past year. They will even embed ads of a competitor of the company that sent the newsletter based on key words. They finally updated their TOS in June this year but they were doing it well before then.
  Source, I'm the man that ensures billions of email messages are being delivered every month.
11. Re:Oh for crying out loud by sjames · 2013-09-27 02:21 · Score: 3, Insightful
  
  So if I send you an email at blah@hggdfshjd.org and it forwards to your gmail account (that I don't even know you have), where is my knowledge and consent to the scanning and storing?
  That's right, there isn't any.
12. Re:Oh for crying out loud by Noughmad · 2013-09-27 02:28 · Score: 4, Informative
  
  Let's say I send a letter to a friend, and he shows it to his wife. Where is my knowledge and consent? There isn't, but there should be an expectation that the recipient has the authority to show this letter to others. In GMail, the recipient has decided that he wants to show all his incoming mail to Google.
  
  --
  PlusFive Slashdot reader for Android. Can post comments.
13. Re:Oh for crying out loud by AJH16 · 2013-09-27 02:34 · Score: 3, Insightful
  
  You have to extract meaning to perform SPAM filtering. The irony is we may prevent targeted advertising on GMail and instead get blown away by SPAM everywhere.
  
  --
  AJ Henderson
14. Re:Oh for crying out loud by Imagix · 2013-09-27 02:54 · Score: 3, Interesting
  
  I sent my letter to Mr. XXXX in BigCorp, but Mr. XXXX's secretary read the letter. I didn't even know Mr. XXXX had a secretary, I expected only Mr. XXXX would read it. Isn't reading someone else's mail a federal offence (at least in the US)? How is this different? I signed up with Google. I know (and authorized) that Google does such scanning. You send me email. My secretary (ie: Google) reads it first, and compiles certain information about the "letters" I receive.
15. Re:Oh for crying out loud by Hamsterdan · 2013-09-27 02:58 · Score: 3, Insightful
  
  "So they are extracting, saving, using and building a database of meaningful content from your email and about you. "
  So does the NSA, yet in NSA's case it's not considered illegal
  
  --
  I've got better things to do tonight than die.
16. Re:Oh for crying out loud by Mitsoid · 2013-09-27 03:13 · Score: 4, Insightful
  
  If i send you an e-mail @hggdfshjd.org, how do i know your storage or e-mail handling policy?
  E-mail has no reasonable expectation of privacy or secrecy. If anything, it is nowadays considered standard that your e-mail will be stored for at least 30 days, or until deleted. Unless you send an e-mail to a government address, then it's longer depending on the branch/locality/etc... or if it's to someone in the financial industry.. then it's saved even if it's deleted (until requested by a probe, then it's deleted)... My point is, everyone has a different policy, and no e-mail between two people can be ensured privacy and secrecy on unencrypted messages. when going between two distant servers
  Also, when the message does arrive, regardless of service, the message will also be scanned by a junkmail filter. It will also, likely, be parsed by the recipients mail filter setting, and also by their anti-virus, anti-phising, and other anti-whatever systems. What makes Gmail's system different? If i submit a message to my ISP as junk, I'm releasing your e-mail to a 3rd party without your consent, and half a dozen machines will read it, process it, and act on it.
  If we block recipient mail systems from "automated-reading" of messages, we effectively make it illegal to filter ALL junk, spam, and phising protections.
  With the track record of poorly-worded laws we've had, I'd rather assume privacy/secrecy risks myself with encryption, than allow judges, lawyers, and elected officials choose the wording.
17. Re:Oh for crying out loud by Anonymous Coward · 2013-09-27 03:13 · Score: 3, Insightful
  
  Once you send an e-mail to me, that's no longer your property, it's mine now, and I consent to it being indexed. Even if I wasn't using GMail, I'd be using another mail system that indexed my e-mails so I could search them later, and there's nothing you can do about that.
  Just realize that you do not retain property rights to things you send me, and then you'll understand how stupid this suit is.
18. Re:Oh for crying out loud by Dishevel · 2013-09-27 03:43 · Score: 3, Insightful
  
  Here is a real problem as well.
  I like my targeted ads. They are way better than the non targeted ads. Every great once in a while they are even useful.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
19. Re:Oh for crying out loud by kqs · 2013-09-27 06:45 · Score: 4, Interesting
  
  You're right. If you send me a letter, and I show it to my wife, well, you didn't consent to that. Hell, I can show it to the New York Times, and you didn't consent to that, and tough shit to you. Once you send it to me you cannot control who I show it to.
  Please stop trying to tell me what I can do with MY email. You sent it to me, so you no longer control it. Stop trying to control me.
  Or are you trying to say that gmail users didn't consent to Google having access to their email? Despite the text they saw when they signed up, the contents of the first letter in their inbox, and Google's greatly simplified privacy policy that was all over the news a year ago for months on end? Hell, I applied for this credit card but didn't realize I had to pay it back, pretty please mister judge fix that for me!
20. Re:Oh for crying out loud by kqs · 2013-09-27 06:48 · Score: 4, Interesting
  
  Wow, you truly have no idea how anti-spam algorithms work. Please read up on bayesian networks. They are used by anti-spam software, and they (or something similar) are used by Google's ad systems.
  They are exactly the same system. Exactly.
Lucy Koh isn't the brightest judge on the planet by maroberts · 2013-09-27 01:02 · Score: 3, Insightful

...she was(is?) the ringmaster for the Apple Samsung patent battle.
Personally if I wanted a decent tech judgement I'd move heaven and earth to end up before Judge Alsup (Oracle v Android)

--
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Re:Virus scanning is a service by gandhi_2 · 2013-09-27 01:09 · Score: 4, Insightful

Somehow I doubt "federal wiretapping laws" take into account how much the person being tapped does or does not enjoy the results.

--
THL phish sticks
Amazon Does this too by gishzida · 2013-09-27 01:15 · Score: 5, Interesting

Google isn't the only one that reads your mail.
If you have a Kindle Fire or Fire HD they are reading it too. I had the upsetting experience of reading an email on my Kindle Fire HD that announced my father's death and then not more than a few hours later was served a "recommendation" on my Kindle a book on how to write a Eulogy.
I deleted my email account information from the kindle and shut down the recommendation system on the device... and I told Amazon how creepy they were... At least Google hasn't served creepy ads like that... so far...
Maybe Amazon should learn from Google and adopt "Don't Be Creepy" as their motto. Are you listening, Mr. Bezos?
[By the way I tried at the time to put Amazon's actions up as a news story on Slashdot... but it was not picked up as a story...]
1. Re:Amazon Does this too by Internal+Modem · 2013-09-27 01:19 · Score: 5, Funny
  
  You weren't published by Slashdot because you didn't have a blog that quoted another blog that linked to the original blog which had a link to a news aggregation site pointing to the original story.
I wish by no-body · 2013-09-27 01:18 · Score: 3, Insightful

The same scrutiny would get applied to NSA's escapades but they get a free ride on everything.
Re:Virus scanning is a service by mjtaylor24601 · 2013-09-27 01:19 · Score: 4, Insightful

Virus scanning is a service a provider can deliver to its customers.
Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.
...except in so far as it allows the service provider to make a profit thereby enabling the customer to get access to the service for free.

--
I wish I were as sure of anything as some people are of everything
Informed consent? Really? by satch89450 · 2013-09-27 01:36 · Score: 5, Interesting

"But people who send e-mail imply consent..."
I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?
Re:The REAL news of the day... by fustakrakich · 2013-09-27 01:39 · Score: 3, Insightful

Yes, you and I are not allowed to listen in and record the feds.

--
“He’s not deformed, he’s just drunk!”
How could Google have been any MORE clear? by sirwired · 2013-09-27 01:47 · Score: 4, Informative

Google has been 100% up-front, since the day they announced the product, that they were going to pay for GMail by scanning your mail messages and guessing at relevant ads. They have made utterly no effort whatsoever to hide or obfuscate this fact.
1. Re:How could Google have been any MORE clear? by Todd+Knarr · 2013-09-27 03:40 · Score: 4, Insightful
  
  No, but the person you're sending the e-mail to has. When you send physical mail to someone, you don't know if they've got a secretary opening and reading all their mail for them. They could even have an outside company doing it (what, you think Hollywood stars and politicians read and answer their own fan or constituent mail?). And the law has absolutely no problem with this, nor with the idea that if this will be a problem for you as the sender then it's your responsibility to sort this out with the recipient before sending your mail.
What about spam filtering? by NoNeeeed · 2013-09-27 02:04 · Score: 4, Insightful

If the court decides that mail providers cannot, on principle, be allowed to scan the content of a mail message then I don't see why it wouldn't affect content based spam filtering.
This case could have interesting ramifications for all mail providers if the court decides this violates wire-tap laws.

--
Paul Leader
Re:Federal wiretapping laws by FatLittleMonkey · 2013-09-27 02:08 · Score: 4, Insightful

NSA doesn't tap wires. They tap fibre.

--
Science is all about firing a drunk pig out of a cannon just to see what happens.
No, no it doesn't. by bmo · 2013-09-27 02:10 · Score: 3, Insightful

>The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."
The ECPA says that email is different and that only watching the live transmission outside the normal checking of function of the email system by a person when not otherwise disclaimed by the privacy policy is the equivalent of a wiretap.
That's because email is a store and forward communication, not the equivalent of a phone call.
When the ECPA was written, it had to be written in a way that prevented turning all operators into felons when they weren't deliberately spying on their users. This is the "hole" (it's not really) that Google is using to justify the machine reading of email, if it's spelled out.
I have read the Gmail privacy statement. To me it covers their ass in this regard. The Gmail privacy statement applies just as much to incoming mail as it does to outgoing. But even if it doesn't, when you send email, unless it's encrypted, it's the equivalent of a postcard. Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it? That's not just my opinion, it's the opinion of everyone who knows anything about email. It's not a new concept, either. It's been expressed in books like my copy of the first edition of "Navigating The Internet" where the author introduced this "new thing" called the "web."
Calling this wiretapping and removing the safe-harbor sets a dangerous precedent and will turn all operators into felons.
While there is the desire to have complete privacy when it comes to email, unencrypted transmission and text negate any realistic expectation of privacy. Privacy starts with the user and ends with the user. If you don't want people reading your stuff (besides the fuckin' NSA spit), take measures to keep them from reading it. Instead of sending plain text on the postcard, encrypt the text with your (figurative) Ovaltine Decoder Ring and get your friends to use their decoder rings.
http://www.youtube.com/watch?v=zdA__2tKoIU
There is a crying need for transparent encryption methods in communication software, and it boggles my mind that this hasn't happened yet.
--
BMO - Drink more Ovaltine.
1. Re:No, no it doesn't. by garutnivore · 2013-09-27 04:31 · Score: 3, Insightful
  
  Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it?
  The comparison is not apposite. What Google does is akin to postal workers scanning postcards and storing them in a database which is used to profile people so as to push services on them. You can be certain that if postal workers did this, then there would be an outcry.
  
  That's not just my opinion, it's the opinion of everyone who knows anything about email.
  I've been an email postmaster since the early 90s. Your opinion is not by any means representative of "the opinion of everyone who knows anything about email." The issue is not storing the emails but the damn data mining that Google performs on them. I've never data-mined the emails stored on my server, nor have the postmasters that I've had the pleasure to work with. As a matter of fact, we take measures to avoid accidentally looking at people's emails. That they are not encrypted does not make it okay to snoop. It's called having a sense of ethics.
  And we (me and the postmasters I've worked with) all think what Google is doing is shit.
Re:No they're not... by Imagix · 2013-09-27 02:49 · Score: 3, Insightful

Actually, many spam filters do. They're not just blind pattern matchers, they do have algorithms that continue to tune the filters' effectiveness, even without human intervention. They may also download other databases from their home (like Barracudacentral), but that's so that your spam filter can take advantage of the tuning that the other thousands of other spam filters are assembling as well (which might get your filter one jump ahead of a spam blast as a filter in Chicago has already seen the blast, but it hasn't reached Seattle yet...).