YOU ARE HERE: LAT HomeCollections

Privacy advocates attack Gmail - again - for email scanning

August 15, 2013|By Jon Healey
  • Google's Gmail came under attack again by privacy advocates this week, who faulted an argument made by company lawyers that people who send emails to Gmail accounts do not have a legitimate expectation of privacy.
Google's Gmail came under attack again by privacy advocates this… (Google )

How many times will Google have to defend Gmail's business model?

This week, longtime Google critic Consumer Watchdog sparked a new outcry about Gmail privacy by highlighting a lawyerly argument the company made in a motion to dismiss a class-action lawsuit. The complaint, brought by four Gmail users and five other plaintiffs who have sent emails to Gmail accounts, accuses Google of violating various federal and state communications privacy laws. The company's offense? Scanning incoming email messages for keywords in order to serve advertisements that might be relevant to the mail recipient.

As Google notes, this practice has been a standard feature of Gmail since its inception in 2004. In fact, critics flailed the idea from the get-go, saying it was intrusive and obnoxious. More than 30 advocacy groups called on Google not to launch the service publicly until their privacy concerns were resolved. The company launched the service anyway, and it has become the world's most popular email provider.

So one might argue that Gmail users have no excuse not to be aware that their messages are being scanned by Google's servers. (Although judging by the ads in my own Gmail inbox, the servers don't seem to pay close attention.) Consumer Watchdog, though, focused more on the people who send mail to Gmail subscribers but aren't subscribers themselves. These people can't have been expected to read Gmail's terms of service, and may have been upset to learn that Google's bots were reading the notes they sent privately to Gmail users.

They shouldn't be, or so Google argues. Its lawyers contend that all cloud-based email providers "process" incoming emails in order to provide such basic features as spam blocking, searching and sorting. This processing necessarily involves having machines read not just the email header, but also its content, Google argues. Consequently, anyone who sends a message to a Gmail subscriber implicitly consents to it being read by Google's servers because "all users of email must necessarily expect that their emails will be subject to automated processing," the company's motion states.

Here's where the aforementioned lawyerly argument comes in. Consumer Watchdog's John Simpson highlights this excerpt from the motion:

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s [electronic communications service] provider in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.' "

Simpson seized on that excerpt to declare, "In a stunning admission contained in a brief filed recently in federal court, lawyers for Google said people should not expect privacy when they send messages to a Gmail account." But the "no legitimate expectation of privacy" line, which comes from a the 1979 Supreme Court decision in Smith vs. Maryland, isn't referring to what Simpson suggests it is.

As Google's motion goes on to say (in a part not quoted by Simpson), "In particular, the court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the court explained that in using the telephone, a person 'voluntarily convey[s] numerical information to the telephone company and expose[s] that information to its equipment in the ordinary course of business.' "

Granted, there's an important difference between the issues presented by the Smith case and those in the Gmail lawsuit. The dispute in Smith concerned the government obtaining records of phone activity, such as numbers dialed, without a warrant. If all Google did in Gmail was scan the headers of incoming messages, then the two cases would be easy to analogize. But Gmail's servers scan the text, which at first blush seems more akin to listening into phone conversations - an arena where people clearly have an expectation of privacy.

An essential part of Google's argument, however, is that scanning an email for keywords is not the same as absorbing the content of the message. The readers are software programs, not humans. And even if the programs are using the keyword information to compile a profile of Gmail users, that's not an affront to the people who send messages into the system. In other words, Google doesn't scan a message hitting a Gmail inbox to learn about the sender. It's trying to monetize the interests of the recipient, who is a Gmail subscriber (and who consented to Google's terms of service).

Google also says it doesn't disclose to third parties what its servers learn through keyword scans. Such assurances may not satisfy critics such as Simpson. But the privacy issues that Gmail presents are the same now as they were in 2004, regardless of this week's headlines.


Jesse Lee Peterson, tea'd off in South L.A. 

Wishing for Hyperloop, betting on high-speed rail

What did Edward Snowden get wrong? Everything

Follow Jon Healey on Twitter @jcahealey and Google+

Los Angeles Times Articles