Feeds

back to article Google sued for scanning emails of non-Gmail users

A Texas man has fired a legal broadside against Gmail in a federal lawsuit that claims the Google service violates the Electronic Communications Privacy Act of 1986. Keith Dunbar of Bowie County, Texas, claims that emails he sent from a non-Gmail service to Gmail users were scanned by Google algorithms without his consent. The …

COMMENTS

This topic is closed for new posts.

Page:

Bronze badge
WTF?

What are you, flipping stupid?!

So you sent emails to Google users, via Google's email service, and you're surprised they had a look at the email contents?

Serves you right! How many of these "Google violates privacy" stories are we going to read before people wake up to Google?

5
11
Z 1
Headmaster

Hmmm

Putting the court case aside for a moment, the problem is the fact that you have to know all about gmail before you send an e-mail to it. To avoid this kind of thing, you'd have to potentially check the T&Cs of every domain you send an e-mail to before you send it. Now, you and I know all about google and their antics, but someone fresh to the world of web and e-mail wouldn't know this.

7
0
Big Brother

Re: What are you, flipping stupid?!

I think you'll find he's well aware of the privacy issue with sending mail via Google. What he's doing is taking a stand against it and since, in the crazy world of the law (sarcasm) one actually has to have been wronged before one can file a complaint, has fired a sample message off to one of his mates with a Gmail account and looked at the results for evidence of Google's interception of privileged communications. It seems he found some.

1
0
Silver badge

Not just those people

I have a work account that forwards to GMail. People send e-mail to that account, and aren't expecting the Google shafting. What about them?

1
0
Silver badge

oh that's ok...

..they're breaking the law, but they're being blatant about it.

I'm not sure that defence will hold up in court....

2
0
Anonymous Coward

You totally miss the point..

If you do NOT use Google and send an email to someone who happens to use Google (which could be hidden behind a domain name so you don't even know), *you* have no contract with Google. In other words, Google does not have permission to use your contents in any way, shape or form.

It does not matter that Google has the permission of your recipient, it does not have permission from you. So, in principle you have both a privacy and a copyright violation if Google accesses that data in any form.

Sure, if you Google you should have researched your exposure (I keep pointing people at Terms of Service Clause 11 to wake them up), but as sender you may not have any idea that your communication is about to end up in the hands of Google..

Apopos Google, I can only imagine one thing dumber than using Gmail if you have any intellectual property you want to preserve, and that's using Facebook mail.. It has become the darling of all intelligence services..

3
0
WTF?

if you are forwarding business emails to Gmail

you are probably breaking the Data Protection Act. It's your fault not Google's. Baic security fail there.

This lawsuit is ridiculous and should get thrown out will all costs awareded to the idiot bringing it. Other fools feel free to join in an pay.

2
2

well, they do actually have this power, quite legally

As soon as the message is delivered to an in-box of a Google user, it is not YOUR message anymore, it is their property, and under their contract with Google, it can be scanned and used for ads. Done.

If they were scanning all messages that came through their service, delivered or no, and were sending ads BACK to the sender without proper consent and disclosure, they could run afoul here. However, same is true of postal mail, the Post Office is only responsible for protecting the content until such time as it is delivered, after which it is no longer your or their property, and if the recipient chose to resend it, with or without opening it, to parties you did not want it to go, too bad, it's no longer your property to have a say over.

ANYTHING sent via unsecured internet communication, or unsecured post, it tantamount to a broadcast. Once it leaves your hands, your control over that item is limited at best, if at all. If you require your communications to be private, they must be sent through secure means. Once released, it can not be called back.

3
0
FAIL

The law is outdated an useless then

But the law is clearly useless then. As it rule out the use of spam filters an virus scans by anyone, including Microsoft an Yahoo of this world. .

The law is clearly outdated what a surprise an not meant for digital files. An argument for updating the law, perhaps,suing google no.

An Hotmail, Yahoo does the same except they do not use to targeted advertising, instead you get a load irrelevant an useless adverts which are more likely pissed me off than persuade me to buy stuff.

2
1
Thumb Down

But that's your problem

Or more specifically your company's - how they treat data they receive is entirely within their control - if they set a forward up to some other party they're still ersponsible for what happens to it.

0
0

Isn't it the recipient's responsibility?

Surely you should tell someone that their email will be stored on Google's servers and scanned in order to target you with advertising when you give them your gmail email address? In the same way that if you had a company email address and your company regularly displayed your received email on a company website (yeah, I know, contrived) it would likely be your responsibility to warn anyone of that before asking them to email you.

In short: On accepting Google's terms and conditions you should be aware of their policy and also your responsibility to inform others of the policy if they are in communication with you.

So in this case the person with the gmail address should be being sued fr not disclosing that they had agreed to sell google all their email.

0
0
Stop

look at this differently

It is no longer your message as soon as it lands in the inbox of the recipient. The USPO is no more libel for the contents of your message once its received. Should a person you send letters to choose to scans them and post them online, with or without your permission, you can't stop them. In this case, they're approving Google to do a limited subset of that, scanning them for content to show them ads so they can have a PO box for free. That message is no longer your property as soon as it has been delivered. You have no rights in what the recipient chooses to do with it, unless you have some other legal contract with them guaranteeing they do not do this, in which case, sue them, not Google.

Case closed.

0
0
Silver badge

Oh dear

If I were a judge I'd pat him on the head, say "oh dear how sad never mind" and move on to the next case.

3
5
Silver badge

oh, that's a clever response, well done....

..(pats Code Monkey on head)

2
3

yawn

Google is trying to use the 'it depends on your definition of view' defense I see.

Aren't the google systems viewing the e-mails? Computers and software today are smart but they aren't that smart. While google staff may not be there sorting through joes e-mail to jim bob the google systems are reading the messages.

This is the same company that roamed around the world with streetview vehicles collecting wifi data of the unknowing masses. While that might not of been a 'crime' there is a thin white line as to what really is a crime.

We are suppose to be a civil society because if we aren't civil we will fail to continue to be a society.

Would you gawk at your neighbors wife through their bedroom window if they didn't realize you could see in? Google would.

Would you steal cable if you were getting it without being billed? Google would.

Theres alot of examples that can be used for google.

Nothing will ever happen to them and even when lawsuits do manage to hit them they simply form non profits that basically contribute to themselves and their own tax writeoffs.

We need to end all lobbying. We need to put the interest of the people first, not the corporations. The corporations do not have the peoples best interests in mind.

We need to get google out of the whitehouse, you can't have people directly connected to policy working for or previously working for the same companies that the policies are going to directly affect.

Not to mention the person im referencing appears to be a complete idiot in regards to googles own systems regarding his email account being treated as a public social network.

2
0

A Tittie is required

----

Would you gawk at your neighbors wife through their bedroom window if they didn't realize you could see in? Google would.

----

.... is she fit?

Oh c'mon - be honest now :)

2
0
FAIL

How about a spam filter?

Do spam filters have a right to look through your message, to see if it's spam?

1
0
Bronze badge

Made of Fail

As far as I can see the email is being intercepted in order to add something to it once it lands on the Google servers. It does not modify or remove any of the original content.

How would this be different from things like: "This email has been checked for viruses" or "Click here to report as spam."?

The problem I can see is that, should this suit succeed, all mail providers will be prohibited from touching mail in any way other than to pass it on. So that would be no virus scanning or spam filtering or anything else.

This is just a specultative law suit and he's probably trying to achieve class action status to reduce his costs.

0
0
Silver badge

Daft lawsuit.

If you place information onto ("send email to") a server out of your control, that information is out of your control. End of discussion.

2
3
Happy

Do you really believe?

If you step outside your own front door... you have no rights if you are 'not in control'?

If you create a piece of software/music/writing... you have no rights if you are 'not in control'?

If your children go to school... you have no rights because you are 'not in control'?

Is that really the extent of law enforcement you aspire to?

Personally, at the point I am 'not in control' I expect the state and law enforcement to protect me. If Google are breaking the law, I want the law enforced against them. And robustly too.

4
0
Silver badge

control

Eh?

You send a child off to school and you have no control over what happens to them inbetween leaving home and arriving at school?

You publish music etc and send it out in to the big wide world and expect to retain control over it despite you posting a vid on YouTube?

You step outside your front door and somehow you have a set of security personnell who ward off all nasties?

Is that really the extent of law enforcement you aspire to?

I want everyone who drops gum on the pavement to be sent to prison for a long time!

Anyone who carves me up when I'm riding my bike should be instantly twatted by a sniper!

Most of your life you have no actual control over things.

2
0
Silver badge

@AC 10:51

"If you step outside your own front door... you have no rights if you are 'not in control'?"

Physical freedoms aren't the same thing as purposely placing ideas into the public domain. Me walking The Plaza here in Sonoma with one or more of my dawgs isn't the same thing as posting images on !GooMyFaceYouTwit of the same activity. I can protect me & my dawgs in TheRealWorld[tm] ... But once I make our info available electronically, it is out of my hands.

"If you create a piece of software/music/writing... you have no rights if you are 'not in control'?"

You are confusing copyright with control of distribution channels.

"If your children go to school... you have no rights because you are 'not in control'?"

There is so much wrong with your concept that I'll leave it alone.

"Is that really the extent of law enforcement you aspire to?"

This isn't about law enforcement. This is about reality.

"Personally, at the point I am 'not in control' I expect the state and law enforcement to protect me."

::rolls eyes:: You are part of the problem. Do you REALLY enjoy your nanny-state?

"If Google are breaking the law, I want the law enforced against them. And robustly too."

But you, yourself, on purpose, actually placed that information on google-owned systems, right? Can you understand why, from my perspective, you shouldn't be allowed access to Internet connected computers until you have a firm, robust, grasp of the ramifications?

3
2

more over

As soon as it lands in the inbox of the recipient, it is not longer your property at all... It belongs to the recipient.

So long as Google's logic does not scan an e-mail until it is associated with an inbox (virus/spam/etc filtering may happen first, but are usually stage 2 processes after address confirmation and routing), then that message was instantly property of the recipient on delivery, and then as scanned (possibly even before delivery notification) it is scanned with the permission of the owner, not the sender who has no say anymore.

More over, it is well known that anything sent over the internet unsecured might as well be a broadcast. If not secured, or bound by a contract between you and the recipient for confidentiality, then it's not private communication.

1
0

misguided

The second that message hit the in-box of the person it was sent to, it was no longer yours to control, but THEIR property from that second forward, and their standing contract with Google allows Google to scan all their property, sent or received, in exchange for their free service.

If I send my friend a text, is she breaking the law by uploading it to texts From Last night? nope. That text belongs to her (unless we have a pre-existing confidentiality agreement). You can;t sue Texts From Last Night for having that message, nor can you sue google for scanning an e-mail that did not belong to you anymore.

If they were scanning messages you sent to provide YOU ads, and tracked YOU directly when you later went to googles sites or services, that would be a violation of this law, but you don;t own the messages someone else got, and if they let Google scan them, that's their decision.

0
0
Boffin

Incorrect

There is case law in California (literally just this summer) which extends interception to cover communications in storage as well as in transit; if those communications have not yet been accessed by the intended recipient they are still legally defined as in transit even if they are being stored on a server.

So technically, using the US precedent system, this guy could have a chance with this.

I forget the name of the case, but I am pretty sure El Reg reported on it.

0
0

@Incorrect

Incorrect yourself.

Google scans the mail to deliver the targeted ads when the recipient views it, not before. The ads appear in a side bar next to the mail, not as part of the mail itself.

So the mails are not in transit when they are scanned, they are delivered.

I suspect this is simply a case of someone thinking he can get his credit card paid off by Google rather than an altruistic freedom crusader.

0
0
Big Brother

Tough Call.

While IANAL, Google may have a problem on their hands.

Its how you interpret their ToS and the wiretapping laws in each state. In States that require both parties consents, what Google does amounts to wiretapping.

Inbound e-mails are being scanned and then adverts are being added, thus they are in fact 'wiretapping' the e-mails without the sender's consent. Google is in fact a 'third party' and there is no way for a sender to know specifically ahead of time that Google is going to scan and potentially store for Google's own use a person's emails. It can be argued that Google is an unintended 3rd party eavesdropper on the mail. They are not the intended receipt. (All this means is that the case has enough merit to be heard.)

Because Google really isn't transparent about their ToS, what they do could be a no no in some States. Its a bit of a catch-22 for Google. They provide both a free and paid for e-mail service on servers that handle both sets of traffic. (If you look at other reports where AFAIK, Google was suing because they were blocked from providing e-mail service... see: http://www.theregister.co.uk/2010/11/01/google_sues_us_gove_for_picking_microsoft/

)

The bottom line is if the courts determine that a user of Gmail has the expect rights of privacy and if a machine scanning of e-mails to embed targeted ads is in fact wire tapping.

I seriously doubt that the guy will win his lawsuit, but it does pass the sniff test to move forward.

1
0
Thumb Down

Unnecessary

This article unnecessarily attracts reader by claiming a possible lawsuit which after stating the Google Terms in the last paragraph makes the reader feeling like wasting his/her time.

1
2
WTF?

@"stating the Google Terms"

Just because terms are stated doesn't make them law. Anyone can create a product where the terms and conditions with that product could *try to* say anything they like, it doesn’t however make what they try to say law. Plus even if it is made law, that doesn't automatically make it morally right. (The law is getting way to biased towards the wishes of the rich and powerful, as they endlessly seek more ways to clamp down on us minions for ever more profits for them, ironically always sold to us as if they are out to protect us, when its all really lies for their profit).

Unfortunately society seems to be way past the point where it blindly accepts wide spread spying onto almost everything we do and say, so scanning our emails whilst utterly unthinkable and totally shocking 20 years ago, these days sadly seems to be the norm. Its all part of our re-education into giving up all our privacy for the profit of our ever more rich and powerful overlords (in both business and government).

The battle weary cynic in me does however make me feel like this case is another version of the ambulance chaser mentality, (rather than a moral crusade) where some people see a quick buck to make from taking a company to court, in this case going after Google with a lawsuit. I don't believe there is any high moral ideal of protecting privacy in this case. I could be wrong, the poor fool could just have woken up to the way the world is now and decided it must be stopped. Sadly he is way to late. But that’s unlikely, its far more just for his profit. Anyway sadly he is about 10 years too late to protect privacy whatever his intentions. The way the world is going, with the arrogance of the corporations and governments, it seems our privacy is in permanent terminal decline. :(

1
0
Silver badge
FAIL

Ah, those Texans: Bent courts and bent 'law'

Obviously this troll, and his lawyers, don't realise how many links actually stored the message contents en route. These days we also have to remember the U.S. NSA has copies, too.

Besides, once delivered to G-mail surely what happens to his prose is between G-mail and their subscriber.

2
3
Paris Hilton

more leeching

ooh look, another leech trying to make money off a huge company, what a surprise!

whether the emails are coming to a gmail user or through a 3rd party mailbox linked to a gmail account, at some stage in the process someone has signed up (either sender or recipient) to gmail and google then have a legal entitlement to scan those emails for virus/trojan content etc. so no surprise that they also use the scanning for targetted ads to make money off their otherwise free service which has been their core business model from day one.

Paris because she wouldn't object to you looking inside.

1
1
Anonymous Coward

Crossing the Line

When does this type of scanning become potentially illegal?

When the code or text is scanned for "Personally Identifiable Material" of either of the parties who may not have given "express" permission.

And a second twist, if that data is further processed by Google or others into algorithms for future methods of Advertising/processing then they are further using that "de-Personalized?" data.

Anonymization of such data is only possible if the data cannot be aggregated with "any" other data sources later!

0
0
FAIL

baseless

Once the email has left your box and arrived with your recipient, it's up to them what to do with it. Since they're using googlemail, they've clearly agreed to allow the mail to be scanned in order to target ads. The sender has no right at that point to control what is done to the email.

Presumably this lawsuit will go nowhere very quickly.

1
1
Silver badge

Emails

Once an email has gone and it gets forwarded about a bit you end up with loads of footers about how it's been scanned by such and such anti-virus (and corportate filters).

Most of the AV scanners pretty much put their own advertising in the footer as well.

Are these not also 'targetted ads?'

Are corporate filters denying one's right to free speech with thier intrusive reading of every email?

0
0

Well, no..

No, they're not. Because they're always for the same product, and not based on the contents of the email.

There is a big difference between comparing attachments against a virus definition database, and opening them all up, scanning directly through the content, building up a list of subjects the person in question receives email about, and storing them in a database, forever. For added kicks, why not sell the data to any interested party?

This is why I personally avoid all of Googles "free" services like the plague.

0
0
Gold badge
Thumb Up

Actually, the man has a point..

Only the *recipient* has opted in to Google's scanning of email by using their services - Google has no contract with the sender if they use an external service, nor does the sender always have the ability to tell that it's actually Google who will process their email as it also supports domain mapping.

This means that in principle, Google is scanning email it has no rights to - a breach of privacy and copyright as Google has no way of obtaining permission (the recipient cannot give it as it's not theirs).

Hats off - that is a damn good catch. Let's see what happens..

FF

2
1

While

While that may be true in the strictest sense - I suspect Google can get out of it because the processing is entirely automated. By the time the email has even arrived on the Google servers, for them to process, it has already passed through who-knows how many nodes on the internet at large - all of which have "processed" that email.

Of course "processing" it might not involve anything, merely forwarding the packets along but just about every email service, and potentially even ISPs, scan the packets to look for spam/viruses and the sender of that email has no contract with any of those third parties (apart from their own ISP and email provider) - so the sender of said email cannot realistically expect complete privacy on any unencrypted email communication they make.

0
0
FAIL

RE: CD001

"... By the time the email has even arrived on the Google servers, for them to process, it has already passed through who-knows how many nodes on the internet at large - all of which have "processed" that email"

Utter rubbish. These days most email servers use TLS (including gmail) which means all the communications between the two email servers are encrypted.

0
1

fail

You assume google is scanning the message first. Wrong. They deliver it first, into a quarantine space, for the user, then it is scanned, then a delivery notification is sent. If tyhe message contained a virus, a placeholder is left instead of the original message, but it was contained in the in box of the recipient (its just not accessible). In any case, the message was the property of the recipient before it was scanned. As the sender, you have no legal rights over what the recipient does with the contents of the message unless there's a pre-existing contract between the two of you (in which case you sue the recipient for allowing Google access, not the other way around).

This is an issue of chain of custody. The custody of the message was granted to the recipient (them being aware of it or not in advance), and they gave prior approval to Google, as a service, to include scanning of that message in exchange for the services provided. You no longer owned the message, so you have no right to tell google not to scan it.

Further, it is common knowledge that internet transmissions are inherently insecure, and privacy is only guaranteed is the message is sent through secured channels (encryption). Your failure to use that in the first place is enough to get this case dismissed.

2
0
WTF?

What?

"Further, it is common knowledge that internet transmissions are inherently insecure"

Oh, well, fuck it then eh? Might as well just help themselves.

Judging by your slew of half a dozen long rambling posts, all trying (and failing) to make the same point, I'm pretty sure Google pays your wages in some way. I've never seen such a tirade of waffle that wasn't a shill review.

0
1
Boffin

Not quite...

Here's the problem.

Privacy is a state's right issue.

So in some states, its a two party consent and in others its a 1 party consent.

In a state where it only takes one party to consent, Google could be covered by their ToS, however, it depends where they explicitly point this out in the contract. Too deep or not at all, then its not an implied consent and Google is in deep doo doo.

So its not a clean issue and depending on the state laws... Google may win.

0
0

This complaint cannot be upheld

To do so would essentially open up possibility for similar cases to any ISP or mail provider who uses a spam filter (i.e. pretty much all of them) as at the end of the day they will use similar algorithms to scan mails as these targeted ads.

Besides, once a mail is sent to another party, it is no longer the property of the sender but becomes the property of the recipient - making this claim completely pointless.

2
2
Troll

Royal Mail is worse!

The other day I sent a letter to my ailing mother in Scotland. I wrote a loving message on it and put her address on the front of the envelope along with stamps of the correct amount.

Imagine my surprise when I found out that the Royal Mail postal workers were looking at what I wrote on the envelope! I was never informed that they would invade my privacy in this way, for I had not explicitly given anyone permission to do so.

Well, I tell you what, I'm never using their services again. I will be delivering my mail using a more reliable postal service such as that of France, thank you very much.

2
3
Unhappy

I'll bite

Sorry, you are missing the point a little bit,

"Imagine my surprise when I found out that the Royal Mail postal workers were looking at what I wrote on the envelope! "

It's more like royal mail opening your letter to mummy dear, reading it and then slipping in a few advertising flyers for stuff that you have mentioned in your letter.

What the sender of the email is saying is that he never gave his consent for his communication to be intercepted and read by a third party so that the 3rd party can profit from it

Oh, to all those who are going to come back with "yeah but he signed up to google mail......." might i suggest you go back and read the article?

And finally, how many of the people apologising for Google using this means of "targeted advertising" were up in arms about Phorm? Doesnt seem to be a massive difference to me, I mean if I send to a Gmail account I can't even opt out of having my communication intercepted?

2
0
Anonymous Coward

Analogy failure...

You've missed out the part where the Royal Mail handed your letter over to the Google Mail postie at the end, who then read its private contents, then shoved a bunch of junk mail related to 'keywords' in your writing into the envelope along with the original letter and then posted it. Also, they made a copy of everything in the letter, and archived it so that they could then access it whenever they wanted.

0
0
Grenade

it's more like

His loving mother having given permsission for a 3rd party to open and vet her mail in advance and then them doing so.

Ie completely within her rights as the recipient of that mail and non of the business of the sender anymore.

The sender didn't have any contract with google or the recipient, the recipient has a contract allowing google to scan the mail. That's okay, as it's their mail to do with as they wish.

0
0
Gold badge

No consent needed

I believe that the long-standing (ie, centuries) practice for non-electronic messages is that they become the property of the recipient at some point between sending and receiving. Thus, if you receive a lewd message from a celebrity and sell it to a newspaper, the celebrity has no claim on your cash or against your actions.

In the absence of specific changes in the law for email, that would imply that Google do not need the consent of the sender to scan messages to a gmail recipient. If they were scanning *outbound* mail, there might be a case to answer, unless the gmail T+Cs specifically cover this in some way. (I expect they do.)

0
0

@Fuzzy

So if you send a parcel via UPS, you don't mind if they open it up, see what's inside, and then mail you spam related to the contents?

You're weird...

/strained_analogy

1
0
Anonymous Coward

While recognising eMail is a different delivery process...

If Royal Mail opened my incoming post to check the contents and then filtered Junk mail or permitted its other junk mail customers access to what it had found out about me so that they could have their junk preferentially forwarded to me, I might be a bit miffed and seek legal redress if other methods didn't work! With large organisations then tend not to respond to much other than big voices such as the law or Governments.

RM undoubtedly 'inspect' mail as they know were it has come from and may have some knowledge about the sender but its contents remain undisclosed. Were does 'inspect' change to 'open' in the digital world?

GMail is not 'free'. It is paid for.

What do Google actually tell their customers about the ads they've fed and the profile of the recipients. I don't understand how their sales process works.

2
0
Bronze badge
Big Brother

Google is acting as the agent of the recipient

I think contractually this works a bit like writing to someone who has a secretary open their letters. There is nothing illegal about a secretary opening letters you have sent to someone the secretary is working for assuming the recipient has employed the secretary to do this. The issue here as I see it, is whether Google are using their privileged position to find out anything about the _sender_ for their own purposes, over and above the terms on which they offer their services to the _recipient_.

It is a different matter, and entirely reasonable for the ISP which acts as the courier to know the contents of the outside of the envelope if the email is relayed through one of their mail servers. It isn't reasonable for the ISP to know the body of the email, unless their contractual position allows them to act as the secretary who opens and reads the message on behalf of the recipient. I think in the case of Google, their terms and conditions make them more than the delivery boy, but whether their privileged access to the private correspondence of the sender gives them responsibilities not to exploit this information will be up to the courts to decide.

2
0

Page:

This topic is closed for new posts.