Google's Scanning of Gmail To Deliver Ads May Violate Federal Wiretap Laws

New submitter SpacemanukBEJY.53u writes "In a declaration that could make Google very nervous, a U.S. federal judge on Thursday rebuffed Google's defense of its targeted ad system that scans the content of Gmail. Judge Lucy Koh — who also heard the Apple-Samsung case — found Google's terms and conditions and privacy policy isn't clear to users. Koh subsequently allowed a class-action suit to proceed against the company (official ruling). The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."

Oh for crying out loud

[Anonymous Coward]

Will this shit die already, this is getting tiring.

It is an automatic system.

I bet Microsoft is funding this, AGAIN.

Re:Oh for crying out loud

[gandhi_2]

By this logic, all mail virus scanners are also guilty.

Barracuda should be worries about that.

Re:Oh for crying out loud

[Monoman]

You beat me to it.

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?

Re:Oh for crying out loud

[Anonymous Coward]

You beat me to it.

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?

"Scanning" can mean very different things. GMail scans and extract the meaning of the communication (as best it can and it is getting quite good) *and* then files this in the permanent marketing profile they have on you and which they continue to build on and reuse. So they are extracting, saving, using and building a database of meaningful content from your email and about you. Other forms of scanning is without actually extracting the content itself, and not storing it in a database on you. This is clearly not exactly the same.

You can still think this ruling against Google is silly, but we should be precise on distinctions like that.

Re:

[Anonymous Coward]

Yahoo has been doing this off-and-on for the past year. They will even embed ads of a competitor of the company that sent the newsletter based on key words. They finally updated their TOS in June this year but they were doing it well before then.

Source, I'm the man that ensures billions of email messages are being delivered every month.

Re:

[blackraven14250]

They've got the meaning of "spam" down pretty well.

Re:Oh for crying out loud

[AJH16]

You have to extract meaning to perform SPAM filtering. The irony is we may prevent targeted advertising on GMail and instead get blown away by SPAM everywhere.

Re:Oh for crying out loud

[Dishevel]

Here is a real problem as well.

I like my targeted ads. They are way better than the non targeted ads. Every great once in a while they are even useful.

Re:

[EXTomar]

To apply "Junk Mail Filtering" requires scanning the contents. Even doing the basic things like checking DKIM and SPF to just do basic validation requires reading and extracting data from the message and storing it for metrics/heuristics is an important thing all modern email systems do now. And this ignores even the fundamentals of delivering the message.

This is not black and white situation. Email systems need to read email messages to make the system work but they also need to read the email to do ads.

Re:Oh for crying out loud

[Hamsterdan]

"So they are extracting, saving, using and building a database of meaningful content from your email and about you. "

So does the NSA, yet in NSA's case it's not considered illegal

Re:

[alexo]

Because, while all animals are equal, some are more equal than others.

Re:Oh for crying out loud

[newcastlejon]

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why?

Debatable, depending on whether or not such a clause falls foul of laws on unfair contract terms.

Does the answer change when the communications include a parties that didn't accept the EULA?

Initially I would say yes, but on the other hand giving out your gmail address knowing that your mail will be scanned would shift the onus onto you in my opinion. In other words, if you want private contact between you and another party you shouldn't be using a service like gmail. Hell, I haven't read the gmail EULA and even I know that they effectively read my email; it's pretty much Google's business model.

Re:

[haapi]

To amplify, with Gmail, we [non-business] consumers are not Google's customers, we Google's product.
Perhaps Google can make this clearer what we are 'paying' Google in order to get our storage and mail services, but it was never a mystery to me.

--
If God forks the Universe every time you roll a die, he'd better have created a damned large process table.

Re:

[kqs]

In other words, if you want private contact between you and another party you shouldn't be using a service like gmail.

If you want private contact between you and another party, well, good luck enforcing that from your end. You can send them an actual letter, which they can keep secret or they can show to their spouse, their lawyer, or the New York Times.

This whole thing seems to be "I want the courts to let me determine what you are allowed to do with the email I sent to you". I am amazed that anyone thinks that this is a good idea. I have a gmail.com and a .org account, both through Google, and I let Google look at my

Re:

[c]

I suppose Google could keep a whitelist of (non-gmail) senders for each address, and if anyone tries to send to that address without being in the list they'd send a "Click here to agree with our EULA. Otherwise your e-mail to *receiver* will be dropped."

Re:Oh for crying out loud

[dissy]

So I guess the question for everyone is should Google (and others) be allowed to scan communications if they state clearly in their EULA what they are doing and why? Does the answer change when the communications include a parties that didn't accept the EULA?

Here is the very first email Google sent to me when I signed up for Gmail service. Bold is added by me.

Just due to the fact Google already does explain it clearly in their (obviously unread) EULA, as well as in their welcome email, and on more than one help/support page, I doubt explaining it yet another time would make any difference to these people.

----------

Gmail Team 6/25/04 to me

First off, welcome. And thanks for agreeing to help us test Gmail. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations.

So what else is new?

Gmail has many other special features that will become apparent as you use your account. Youâ(TM)ll find answers to most of your questions in our searchable help section, which includes a Getting Started guide. You'll find information there on such topics as:

        How to use address auto-complete
        Setting up filters for incoming mail
        Using advanced search options

You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.

You're one of the very first people to use Gmail. Your input will help determine how it evolves, so we encourage you to send your feedback, suggestions and questions to us. But mostly, we hope you'll enjoy experimenting with Google's approach to email.

Speedy Delivery,
The Gmail Team

Re:

[sjames]

So if I send you an email at blah@hggdfshjd.org and it forwards to your gmail account (that I don't even know you have), where is my knowledge and consent to the scanning and storing?

That's right, there isn't any.

Re:Oh for crying out loud

[Noughmad]

Let's say I send a letter to a friend, and he shows it to his wife. Where is my knowledge and consent? There isn't, but there should be an expectation that the recipient has the authority to show this letter to others. In GMail, the recipient has decided that he wants to show all his incoming mail to Google.

Re:

[sjames]

Right, but let's not pretend that all parties have consented with full knowledge. They didn't.

Re:Oh for crying out loud

[kqs]

You're right. If you send me a letter, and I show it to my wife, well, you didn't consent to that. Hell, I can show it to the New York Times, and you didn't consent to that, and tough shit to you. Once you send it to me you cannot control who I show it to.

Please stop trying to tell me what I can do with MY email. You sent it to me, so you no longer control it. Stop trying to control me.

Or are you trying to say that gmail users didn't consent to Google having access to their email? Despite the text they saw when they signed up, the contents of the first letter in their inbox, and Google's greatly simplified privacy policy that was all over the news a year ago for months on end? Hell, I applied for this credit card but didn't realize I had to pay it back, pretty please mister judge fix that for me!

Re:

[ElectricTurtle]

If you send mail to your congressperson, it's rather certain that an intern reads it. Do you get notified of this? Of course not. All this BS about Google is just ad-hating angst. Because I totally want another bill to pay instead of ignoring ads. All the whiners and mock-appalled/offended need to grow up.

Re:Oh for crying out loud

[Mitsoid]

If i send you an e-mail @hggdfshjd.org, how do i know your storage or e-mail handling policy?

E-mail has no reasonable expectation of privacy or secrecy. If anything, it is nowadays considered standard that your e-mail will be stored for at least 30 days, or until deleted. Unless you send an e-mail to a government address, then it's longer depending on the branch/locality/etc... or if it's to someone in the financial industry.. then it's saved even if it's deleted (until requested by a probe, then it's deleted)... My point is, everyone has a different policy, and no e-mail between two people can be ensured privacy and secrecy on unencrypted messages. when going between two distant servers

Also, when the message does arrive, regardless of service, the message will also be scanned by a junkmail filter. It will also, likely, be parsed by the recipients mail filter setting, and also by their anti-virus, anti-phising, and other anti-whatever systems. What makes Gmail's system different? If i submit a message to my ISP as junk, I'm releasing your e-mail to a 3rd party without your consent, and half a dozen machines will read it, process it, and act on it.

If we block recipient mail systems from "automated-reading" of messages, we effectively make it illegal to filter ALL junk, spam, and phising protections.
With the track record of poorly-worded laws we've had, I'd rather assume privacy/secrecy risks myself with encryption, than allow judges, lawyers, and elected officials choose the wording.

Re:

[Anonymous Coward]

Once you send an e-mail to me, that's no longer your property, it's mine now, and I consent to it being indexed. Even if I wasn't using GMail, I'd be using another mail system that indexed my e-mails so I could search them later, and there's nothing you can do about that.

Just realize that you do not retain property rights to things you send me, and then you'll understand how stupid this suit is.

Re:

[dcollins]

Well, admittedly the word "scan" is nowhere in there, even the part you boldfaced.

Re:

[Anonymous Coward]

By this logic, all mail virus scanners are also guilty.

Barracuda should be worries about that.

The GMail algorithm goes "hey, this guy is talking about being dissatisfied with his job lets promote som job services in the ad space" (yeah, if you think the Google context ads are just simpel keywords think again)

The Barracuda algorithm goes "6e 6f 72 6d 61 6c 20 63 6f 64 65... ok so far so good.. 76 69 72 75 73.. holy shit, stop that"

Re:Oh for crying out loud

[kqs]

Wow, you truly have no idea how anti-spam algorithms work. Please read up on bayesian networks. They are used by anti-spam software, and they (or something similar) are used by Google's ad systems.

They are exactly the same system. Exactly.

No they're not...

[mystikkman]

The judge mentions this in her ruling:

...generating user profiles or to provide targeted advertisements.

Spam filters and mail virus scanners don't do that.

Re:No they're not...

[Imagix]

Actually, many spam filters do. They're not just blind pattern matchers, they do have algorithms that continue to tune the filters' effectiveness, even without human intervention. They may also download other databases from their home (like Barracudacentral), but that's so that your spam filter can take advantage of the tuning that the other thousands of other spam filters are assembling as well (which might get your filter one jump ahead of a spam blast as a filter in Chicago has already seen the blast, but it hasn't reached Seattle yet...).

Re:

[currently_awake]

But what about the NSA scanning your email? Their general warrant from the FISA probably doesn't count as a wiretap warrant.

Re:

[sjames]

Not really, no. The virus scanner simply scans for a threat and if it finds it, the email goes poof or gets quarantined. The meaning of the message and any keywords are never scanned and certainly are never associated with any sort of identity.

Re:

[gandhi_2]

How do you think managed mail scanning services work?
They continually gather data on ip addresses, email accounts, url links, attachments, body and subject verbage, and probably many more data points to build profiles.
Barracuda can start marking things as zero-hour-intent even before it knows the attachment or url is malicious because they saw patterns in data gathered from thousands of Barracuda boxes around the world. Each device is also a sensor. And Barracuda isn't the only game in town.

Re:

[Shagg]

So are the mail servers themselves. It's pretty difficult to deliver the email in the first place without "scanning" at least part of it.

Re:

[gandhi_2]

Highlighting the fact that people like Judge Lucy Koh are a ridiculous throwback to old English common law, given WAY to much power to create de facto laws even when they don't know what the fuck they are talking about.

Re:Virus scanning is a service

[gandhi_2]

Somehow I doubt "federal wiretapping laws" take into account how much the person being tapped does or does not enjoy the results.

Re:

[MrLint]

Citation?

Re:

[gandhi_2]

For the VAST majority of all Gmail users, that has been the known deal since they started.
It was free email, with automated targeted advertisement. This isn't news to any of us who remember when Gmail was a new thing.
It is THEIR free system, and people are free to chose another provider.

Do you think that server farms, huge pipes, high-end sysadmins, and high-end developers are free? For the purposes of free Gmail, as was ALWAYS a part of the deal, their targeted ads ARE just as necessary as parsing envelope

Re:Virus scanning is a service

[mjtaylor24601]

Virus scanning is a service a provider can deliver to its customers.

Scanning mails for the benefit of the provider for advertising is not beneficial to the customer.

...except in so far as it allows the service provider to make a profit thereby enabling the customer to get access to the service for free.

Re:

[Dr_Barnowl]

It's beneficial to the customer, because it funds the free email service they are receiving.

If they don't like it, they can take their custom elsewhere. Where they will also still be sending and receiving plaintext email to a server that can read everything.

Email is an open protocol. The only way that you don't get your email read by things is to encrypt it.

Re:

[Anonymous Coward]

As I understand it, that's actually a key part of Judge Koh's ruling: The *sender* of the email doesn't know that their email will be scanned for profit, only the receiver. And it's the sender's communication that's being wiretapped.

The sender "can't take their custom elsewhere".

Re:

[Ronin Developer]

This is similar to many phone recording scenarios as well. In some states, only one party in the conversation needs to be aware a conversation is being record. In others, both parties must consent - that's why there is the "beep" you hear when a call is being recorded. The exception are wiretaps under warrant.

We kicked and screamed about our gov't collecting "meta-data". Yet, this is precisely what's happening by a corporate entitiy - they are extracting meta-data and acting upon it.

And, as someone els

Re:

[Dr_Barnowl]

Mmm, but email is still an open protocol, from the days when everyone was trustworthy on the internet.

It's the equivalent of handing a postcard to a guy wearing a postmasters hat on the street, and saying "hey, can you get this to John Smith of Omaha?".

You have no say over how that guy delivers the service (if he delivers it at all). That card will be handed on through a number of pairs of hands. Each guy in the chain might copy it, read it, snigger about your pet names for your girlfriend, etc.

Now, imagine

Re:

[whoever57]

Mmm, but email is still an open protocol, from the days when everyone was trustworthy on the internet.

Mmm, no. A lot of email is encrypted in the paths beween email servers.

Re:

[Dr_Barnowl]

Doesn't matter if it's encrypted on the wire. Unless the body of the mail is encrypted, the email server can still read it. Mail can be relayed through any number of intervening SMTP servers and it's only historical trend, not any intrinsic feature of the protocol, that means that the number of servers a given email passes through these days is pretty small (and for GMail to GMail, probably never leaves Google's network).

That's like saying the postcards are transported between postal depots in an armoured c

Re:

[kwbauer]

And as many others have pointed out, the judge's logic is flawed as it would also outlaw the use of secretaries and interns reading mail (electronic or otherwise) for executives, politicians and, most likely, Judge Koh himself. Once you send correspondence to someone then they are free to do what they want with that correspondence including having others scan it for content. Granted, sometimes they are limited by confidentiality but then they wouldn't be soliciting that correspondence to be sent via unencry

Re:Oh for crying out loud

[MozeeToby]

I agree with you to some extent. An algorithm searching for keywords and displaying appropriate ads? I really don't have a problem with that. Where I do have an issue is where the information gleaned goes into a big database that Google has on me. A big database that can be subpoenaed, or leaked, or stolen. A database that slowly but surely includes information from nearly every act of communication and internet usage. Even if I were to opt out of Google's services, the fact is if I send an email it's likely going to a gmail address, if I browse the internet there are likely Google servers providing parts of the page.

Re:

[SirGarlon]

A big database that can be subpoenaed, or leaked, or stolen.

So it's only a problem if outsiders get access? You have a lot more faith in Google's present and future intentions than I do.

Re:

[AHuxley]

The NSA system is automatic too...
http://www.consumerwatchdog.org/newsrelease/gmail-judge-holds-internet-accountable-wiretap-laws-key-consumer-victory [consumerwatchdog.org]
Long term the US legal system seems to be returning to the "neither instrumental to the provision of email services, nor are they an incidental effect of providing these services" side.
Another aspect is the http://arstechnica.com/tech-policy/2012/01/supreme-court-holds-warrantless-gps-tracking-unconstitutional/ [arstechnica.com]
near the end under "Sotomayor attacks the th

Re:

[nurb432]

And users agreed to it as part of the terms to get the service for free.

Re:

[sjames]

The NSA is an automated system too.

Would you be OK with it if the police scanned all of your emails with an automated system?

Re:

[hebertrich]

The point is that i took a half hour to check the facts about the ULA terms of service , privacy policy , in other words , all the public documentation to verify if it's explicitly mentioned anywhere that they are actually scanning the content of the email .Unfortunately , i see this nowhere . I been aware of it since day 1 that my Google mail accounts were scanned for content to make their services fit me better and protect . On the service side , Google is impeccable. Not one complaint coming off of me.

Re:Oh for crying out loud

[mystikkman]

... on terms which you have accepted in using the service

Please read the article. The judge specifically said that the "terms are service" are vague and don't indicate that user profiles are being built.

Re:

[somersault]

I don't see any a priori reason why it's ok to invade someone's privacy and the privacy of their corespondents in order to make ads displayed to them more "relevant"

It's okay to it, because they agreed to it to get a free service. If people would rather pay for an ad-free service, they are free to do so.

I'd rather see targeted ads, than random ads.

I don't actually see any ads at all, because I use an adblocker.

Re:

[Mr. Slippery]

It's okay to it, because they agreed to it to get a free service.

First, the suit alleges that they did not so agree because the TOS are not clear, and furthermore that they can't agree on behalf of their correspondents. (TFA: ""Google has cited no case that stands for the proposition that users who send emails impliedly consent to interceptions and use of their communications by third parties other than the intended recipient of the email," Koh wrote.") Second, if Google is not permitted under wiretap law t

Re:Oh for crying out loud

[Imagix]

I sent my letter to Mr. XXXX in BigCorp, but Mr. XXXX's secretary read the letter. I didn't even know Mr. XXXX had a secretary, I expected only Mr. XXXX would read it. Isn't reading someone else's mail a federal offence (at least in the US)? How is this different? I signed up with Google. I know (and authorized) that Google does such scanning. You send me email. My secretary (ie: Google) reads it first, and compiles certain information about the "letters" I receive.

Re:

[inject_hotmail.com]

The law says that contracts can't permit unlawful acts -- no matter what, under any circumstance...I'm not sure why we all accept this behaviour. That being said, and if this spying is now legal because a) it's not a human doing it, and b) it's "agreed upon" by two of the parties involved (ignoring third parties of course!), why not use computers/robots to everything corporations want to do but aren't permitted to do by law?

People have a reasonable expectation of privacy in their electronic communicatio

Re:

[somersault]

It's strange to call it wiretapping as if the service is letting private info out into the world. As others have pointed out, you might as well call spam filtering wire tapping and be done with it. Nobody sees the private info, and the info is used to improve the end user experience over a generic service.

To me this is like suing your local mall for having those light sensor toilet flushes or light switches. Technically they're measuring light, which may be reflecting off of body parts that you don't want v

Re:

[Dr_Barnowl]

Is isn't privacy. Email is an open protocol. You wouldn't send private communications on postcards, because the postman could read it. This is the same thing.

If you don't know this about email... well, it's as well that people learn.

Re:

[Mr. Slippery]

Is isn't privacy. Email is an open protocol.

The wiretap law apparently says otherwise, which is why this has come up.

Yes, as a practical matter, don't assume e-mail to be private. The question here, however, is legal, not practical/crypographic.

Re:

[Jeff Flanagan]

I agree with you, but I think the Post Office would be in serious trouble if they used OCR to read all the post cards going through the system and tailor junk mail based on them, so this may be more complicated.

Re:

[Shagg]

I agree with you, but I think the Post Office would be in serious trouble if they used OCR to read all the post cards going through the system

How do you think automatic mail sorting works?

and tailor junk mail based on them

The real issue here has nothing to do with scanning of the email. Having a business model based on storing information about their customers and selling that service to advertisers is the issue. If customers are going to sign up for "free" services under this business model (Gmail, Facebook, etc) they need to understand that "free" comes with a price. You're signing up for a "free" service with a company who's real paying customer is an advertiser.

Complaining

The only conclusion

[Errol backfiring]

The only conclusion I can draw from today's news is: terrorists don't read ads.

Huge payday!

[bmxeroh]

I for one, am looking forward to my check for $0.23 as restitution for these atrocities. I still have a check for a dollar something on my fridge from the last class action I was apparently a part in. I think I'm just going to start collecting them.

Lucy Koh isn't the brightest judge on the planet

[maroberts]

...she was(is?) the ringmaster for the Apple Samsung patent battle.

Personally if I wanted a decent tech judgement I'd move heaven and earth to end up before Judge Alsup (Oracle v Android)

Re:

[frinsore]

There are some pretty interesting points raised in the case that I think should be addressed. I'm on google's side, the service that google provides me is worth their database about my habits. That's my choice and I knew it going in, even Microsoft advertises that Google does this. But privacy policies, EULAs and such have become stupidly complex. An average user can't be expected to read those tedious documents and I doubt if more then 1% fully read any of the contracts they click to accept. FTFA: "th

Amazon Does this too

[gishzida]

Google isn't the only one that reads your mail.

If you have a Kindle Fire or Fire HD they are reading it too. I had the upsetting experience of reading an email on my Kindle Fire HD that announced my father's death and then not more than a few hours later was served a "recommendation" on my Kindle a book on how to write a Eulogy.

I deleted my email account information from the kindle and shut down the recommendation system on the device... and I told Amazon how creepy they were... At least Google hasn't served creepy ads like that... so far...

Maybe Amazon should learn from Google and adopt "Don't Be Creepy" as their motto. Are you listening, Mr. Bezos?

[By the way I tried at the time to put Amazon's actions up as a news story on Slashdot... but it was not picked up as a story...]

Re:Amazon Does this too

[Internal Modem]

You weren't published by Slashdot because you didn't have a blog that quoted another blog that linked to the original blog which had a link to a news aggregation site pointing to the original story.

Re:

[CastrTroy]

Would it have been any less creepy if that was done without sending your data out to the cloud? What if your computer had real artificial intelligence, and could determine the meaning of your email, and do things for you based on what's actually going on in your life. Would it be creepy if it offered a book at that might help out in a certain situation, maybe with a list of places where you could buy it. I the computer could do all this without sending your personal correspondence out to the cloud, and in

I wish

[no-body]

The same scrutiny would get applied to NSA's escapades but they get a free ride on everything.

Re:

[synapse7]

I figured the acceptance of the NSA scanning mail would be applied to google, and others.

Informed consent? Really?

[satch89450]

"But people who send e-mail imply consent..."

I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?

Re:

[bill_mcgonigle]

I'm a long-time Google Apps user, and my company's domain is on all mail receipents' mail, not "gmail.com". So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?

In this case, the user of Google Apps has volunteered to submit all mail that he's received from all of his correspondents for scanning by Google. That's part of the bargain for Google's rock-bottom pricing. I would think that third-party disclosure parameters would apply to the recipient doma

Re:

[Lincolnshire Poacher]

So how can you have implied consent when the sender doesn't know that the mail is being sent through Google?

Indeed!

I'm thinking a Thunderbird add-on might be useful, which would scan the MX records of your would-be recipients and alert if any of them pointed to Gmail...

How could Google have been any MORE clear?

[sirwired]

Google has been 100% up-front, since the day they announced the product, that they were going to pay for GMail by scanning your mail messages and guessing at relevant ads. They have made utterly no effort whatsoever to hide or obfuscate this fact.

Re:

[Dr_Barnowl]

You get a prize. I'm astonished no one else pointed this out yet.

I've been a GMail user since the beta, and it was obvious then. It was even made obvious in the press releases.

Moreover, the real WTF here is that people use email with any expectation of privacy at all. The "envelope" icon used by most email programs is a giant lie.

If the postal service is mail in envelopes delivered by mostly trustworthy postmen, then email is postcards delivered by random junkies, some of whom are NSA agents and other simil

Re:

[Bucc5062]

What you state has merit, but what stops a postman from opening a letter, reading it, and perhaps acting upon the contents. Sure the envelope provides a modicum of protect from casual reading, but it does not take much for a person to use a letter opener on someone else's mail. What stops them (for the most part) is that mail is protected under the Constition, under the law and as such can bring legal trouble to said letter opener.

As a computer or tech person, you may see an email as "open" like a postcar

Re:

[whoever57]

It's an open protocol. You send mail to the server, as plaintext, and it's then forwarded through a bunch of other servers, as plaintext, until it gets to it's recipient. This has always been the case. The only thing that's changed in modern times is the chain of servers has gotten a little shorter in most cases.

This is not true any more. You never heard of SMTP-TLS, SMTP with ssl, IMAPS, POP3S, etc? All the relevant protocols support encryption these days and encryption is in routine use. Yes, the server

Re:How could Google have been any MORE clear?

[Todd Knarr]

No, but the person you're sending the e-mail to has. When you send physical mail to someone, you don't know if they've got a secretary opening and reading all their mail for them. They could even have an outside company doing it (what, you think Hollywood stars and politicians read and answer their own fan or constituent mail?). And the law has absolutely no problem with this, nor with the idea that if this will be a problem for you as the sender then it's your responsibility to sort this out with the recipient before sending your mail.

Federal wiretapping laws

[Highland Deck Box]

Right cos those were soooooo effective at stopping anyone like the NSA tapping every wire ever. Or is this one of these things where it's ok if a government organisation does it, like how the US army can't commit terrorism because they are the "good guys"?

Re:Federal wiretapping laws

[FatLittleMonkey]

NSA doesn't tap wires. They tap fibre.

Re:

[Sockatume]

The NSA tap businesses. Those business then go away and get the information on command, no wiretaps required.

What about spam filtering?

[NoNeeeed]

If the court decides that mail providers cannot, on principle, be allowed to scan the content of a mail message then I don't see why it wouldn't affect content based spam filtering.

This case could have interesting ramifications for all mail providers if the court decides this violates wire-tap laws.

Re:

[Tom]

The law and the courts are smarter than most /. geeks. They understand the concepts of "intent" and "purpose".

No, no it doesn't.

[bmo]

>The plaintiffs in the suit allege Google violates federal and state wiretap laws by scannning the messages sent by non-Gmail and Gmail users."

The ECPA says that email is different and that only watching the live transmission outside the normal checking of function of the email system by a person when not otherwise disclaimed by the privacy policy is the equivalent of a wiretap.

That's because email is a store and forward communication, not the equivalent of a phone call.

When the ECPA was written, it had to be written in a way that prevented turning all operators into felons when they weren't deliberately spying on their users. This is the "hole" (it's not really) that Google is using to justify the machine reading of email, if it's spelled out.

I have read the Gmail privacy statement. To me it covers their ass in this regard. The Gmail privacy statement applies just as much to incoming mail as it does to outgoing. But even if it doesn't, when you send email, unless it's encrypted, it's the equivalent of a postcard. Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it? That's not just my opinion, it's the opinion of everyone who knows anything about email. It's not a new concept, either. It's been expressed in books like my copy of the first edition of "Navigating The Internet" where the author introduced this "new thing" called the "web."

Calling this wiretapping and removing the safe-harbor sets a dangerous precedent and will turn all operators into felons.

While there is the desire to have complete privacy when it comes to email, unencrypted transmission and text negate any realistic expectation of privacy. Privacy starts with the user and ends with the user. If you don't want people reading your stuff (besides the fuckin' NSA spit), take measures to keep them from reading it. Instead of sending plain text on the postcard, encrypt the text with your (figurative) Ovaltine Decoder Ring and get your friends to use their decoder rings.

http://www.youtube.com/watch?v=zdA__2tKoIU [youtube.com]

There is a crying need for transparent encryption methods in communication software, and it boggles my mind that this hasn't happened yet.

--
BMO - Drink more Ovaltine.

Re:

[Bucc5062]

I commented on this in another post, but the postcard analogy does not completely work here. When I mail a postcard it is true that the postal worker (assuming a human at this point0 can easily read my postcard because the only "equipment" needed to do so is his/her eyes. From hand to hand, it is the eyes that interpret the words and thus make it public. Per your comments I could send postcards with encrypted text which would stop the casual reader, but not one dedicated to seeing my communication.

So I'm

Re:

[Bucc5062]

My point is that when I mail a letter I have an expectation of privacy, outside of encryption, because that letter is in an envelope that is protected by law, not Mathematics. The average (meaning most) humans are not going to encrypt every letter they write so they depend on the law to provide protection. To actively read my mail a person has to open the envelope.

When I send an email, the "data" may be plain text, but routing servers and mail managing program do not actively read content. Their programm

Re:No, no it doesn't.

[garutnivore]

Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard? That would be insane and unrealistic expectation of privacy, wouldn't it?

The comparison is not apposite. What Google does is akin to postal workers scanning postcards and storing them in a database which is used to profile people so as to push services on them. You can be certain that if postal workers did this, then there would be an outcry.

That's not just my opinion, it's the opinion of everyone who knows anything about email.

I've been an email postmaster since the early 90s. Your opinion is not by any means representative of "the opinion of everyone who knows anything about email." The issue is not storing the emails but the damn data mining that Google performs on them. I've never data-mined the emails stored on my server, nor have the postmasters that I've had the pleasure to work with. As a matter of fact, we take measures to avoid accidentally looking at people's emails. That they are not encrypted does not make it okay to snoop. It's called having a sense of ethics.

And we (me and the postmasters I've worked with) all think what Google is doing is shit.

Re:

[alexo]

Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard?

If a group of postal workers read every single postcard you sent or received via that service, saved all the text in a database, indexed and cross-indexed it by keywords, dates, senders and recipients, addresses and names... Than, yes, I'd expect their asses to be thrown in jail for a long time.

Re:

[Tom]

Are we going to be throwing meatspace postal workers into jail when they read the text next to the address on a postcard?

legal fail.

The law, contrary to most geeks, understands the difference between random events and systematic, intentional, for-profit activities. And frankly, if you don't understand the difference between a postal worker who looks at a postcard every now and then, and some automated system that scans every postcard going through the entire postal system, then I'm not sure I can explain it to you, because I'd probably have to start by explaining the meaning of "the".

The second important point is that the pri

What about scanning email to...

[dmomo]

...turn it into ascii chars to send over https to your browser? Then, all email providers are guilty.

Selective scanning

[clickety6]

If Google restricted their scanning to just emails that have been sent from the acocunt then they would be scanning only emails thast the user has given their consent to have scanned.

NSA?

[DoofusOfDeath]

What's the relationship between (a) wiretap laws, and (b) the reasonable expectation of privacy?

Because if the NSA didn't need a court order to obtain my emails from Google, do the same factors imply Google had a right to scan those same emails?

Or are different legal issues at play in those two cases?

Re:

[Neil Boekend]

"Clear" in this probably means not ambiguous. Open for only one interpretation. Readable is not what they mean.
In fact those often contradict each other. If all alternate interpretations are ruled out then wording usually gets a bit complicated.

Re:

[Neil Boekend]

You may have a point. I am not a masochist so I don't read ToS's and Eula's, thus I don't know. They may very well be ambiguous. And in some cases that would probably make them invalid. I am not a lawyer so I can't say for sure.

Re:

[fustakrakich]

Yes, you and I are not allowed to listen in and record the feds.

Re:

[Dr_Barnowl]

Email is more like a postcard - no effort is made to hide it's contents.

The USPS *does* routinely scan both external surfaces of all letters and postcards to determine where to send them.

Re:

[Unknown74]

too %%#&^# LAZY...can't even deliver the mail

Re:

[PPH]

Probably the NSA. Not directly, but this is the push back to all of the bad press they have been getting since the Snowden leaks. Hold Google and other service providers feet to the fire and they'll go to Congress begging to have the laws relaxed.

Oh, and once you've got your relaxed laws, Google, you'll be happy to share [slashdot.org] all that scraped data with us, right?

Re:

[hazeii]

I'd guess you're right on the money there. Could be they didn't make the right sort of payoff (sorry, "lobbying contribution") or they tried to kick back a weeny bit because they know their customers seriously dislike the idea of spooks reading their privileged, private communication (whether it be emails, metadata, or searches).

Although I think Google have become less idealistic over recent years (well, that's Wall St for you) they're still way off the bottom of the barrel. And by encrypting more of their

Re:

[organgtool]

This is typical anti-company behavior by the federal government.

This is part of a class-action lawsuit that was initiated by a group of private citizens, not a government entity.

Regardless of the discussion if they are right or wrong, Google was not bothered in the past, so apparently they pissed someone off at the federal level and now they are out to shut them down. ( and i'm sure extort them on the ride ).

Nobody is going to shut Google down. At worst, they have to pay a relatively small fee and send o

Re:

[hebertrich]

The logic is that a public service is not the type of service that you should look at if you have privacy in mind. What would make sense is to run your own mail server.
Google is ok . It's what we do with a public service and what we expect of it that ain't .