back to article Google: Cloud users have 'no legitimate expectation of privacy'

A motion to dismiss filed by Google in a court case last month has offered some juicy quotes about the company's privacy policy, but legally it looks like the Chocolate Factory is in the clear. "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who …

COMMENTS

This topic is closed for new posts.
  1. ratfox
    Facepalm

    Shock and horror

    …There are people who signed up for Gmail without realizing that Google was going to read their emails and show them related ads!

    I mean, I understand that some people like privacy, but then for Cthulhu's sake don't use Gmail…

    1. Anonymous Coward
      Anonymous Coward

      Re: Shock and horror

      "There are people who signed up for Gmail without realizing that Google was going to read their emails and show them related ads!"

      Yes, there were. They are the same people who believe that their data was / is private on Facebook, MySpace, MS Live, cloud services, SMS, IM, Bing, Yahoo!, AOL etc. etc. etc. and then get all surprised that the government can eavesdrop on the conversations.

      Oooh, that's going to leave a mark. The truth hurts. People expected a level of "privacy" but then a fool and his [data] are soon easily parted. It is what you get for handing over ANYTHING to a third party and expecting them to play by your rules: you are simply a sucker.

      1. Slawek

        Re: Shock and horror

        American government require a court order to read you emails, here we are talking about companies.

        I do not know about Yahoo, but in Hotmail you data is private - no Microsoft employee or machine learning algorithms are pouring through your emails. Please note, that Google has recently announced a voice search service, where you can ask things like "When is my next flight". That means that Google looks not just for keywords, but must be using some advanced algorithm to _understand_ meaning of your emails.

        1. Destroy All Monsters Silver badge
          Big Brother

          Re: Shock and horror

          > American government require a court order to read you emails

          I think you unbellyfeel the current usuksoc situation. Oldthinkers are SO pre-nineeleven.

          1. Anonymous Coward
            Anonymous Coward

            Henry Rollins in a Superman suit singing 'Cos I'm a liar'...

            The idea of trust regarding Gmail or Hotmail or Yahoo are an illusion created by the power of charm and seduction that these 'free' services peddle. Its like the sweet girl going on a date with the bad boy. It can only lead to empty promises of: "Of course I will still love you after", or 'I won't come in you, I promise'.... Personified these corps are Henry Rollins in a dirty Superman suit singing 'Cos I'm a liar'...

        2. Silviu C.

          Re: Shock and horror

          "I do not know about Yahoo, but in Hotmail you data is private - no Microsoft employee or machine learning algorithms are pouring through your emails."

          Then how does outlook.com filter spam? Do they use magic pixie dust?

          You shameless corporate shills make me sick. GTFO!

          1. Slawek

            Re: Shock and horror

            Scanning email for simple pattern matching against known spams differs quite a bit from analyzing your emails (and docs!) to understand you advertising profile. The Google is the worst privacy offender, and while every company is tempted to use fully all the data available, no, it is not true, that all companies are doing the same.

            1. Silviu C.

              Re: Shock and horror

              "Scanning email for simple pattern matching against known spams differs quite a bit from analyzing your emails (and docs!) to understand you advertising profile."

              Oh so it just so happens that outlook.com *does* deploy programs to analyse incoming email. You said they did not. Which is it? How do you know it's all they do? Because they tell you so?

              Simple pattern matching eh? How do you know it's not statistical analysis which bayesian filters have been doing for some years?

              You are a riot. Please continue to enlighten us or alternatively please follow me previous advice.

            2. <shakes head>
              Unhappy

              Re: Shock and horror

              personaly i'm beging to get a bit worried about amazon, while they are not selling a derivative of your data to others they are definitly profiling you and everything they know about you and all you friends and family.

          2. Frogmelon

            Re: Shock and horror

            The pixies live on server farms.

            The data is transferred onto the farm. The pixies job is to tend the farm, distributing the more fertile data to areas of the farm where it's needed.

            The pixie dust grows on the fertile data, harvested when ripe, and then used to power the spam filters :)

        3. An0n C0w4rd
          Big Brother

          Re: Shock and horror

          American government require a court order to read you emails, here we are talking about companies.

          And there is some very interesting legal minefields in that very statement. Technically, if an employee of a company in the USA fires up tcpdump or wireshark, that COULD count as a wiretap and that COULD require a court order, even for a company. ISTR there was some law passed ~10 years ago in the USA that got some people looking a bit nervous, and AFAIK there has been no case about the law to define it's boundaries.

          This came up because some customer I was working with didn't know their customers plain text passwords and wanted to fire up dsniff to pull them off the wire when they logged in to their e-mail or whatever (and no, they didn't use SSL). I told them they could do that, but I couldn't be any party to that action and had to explain why.

          1. WatAWorld

            NSA never requires a court order to read your emails or snail mails for non-US persons

            "American government require a court order to read you emails, here we are talking about companies."

            The American government's NSA never requires a court order to read your emails or snail mails on any other kind of mail or data file or stack of papers if any sender or recipient of the email or data is both not a US citizen and is outside the USA.

            If you are a US-person communicating with another US-person the NSA may still be able to read your emails without a warrant if you are within 3 hops of a person of interest. (For example a foreign journalist.)

            Non-US persons have no right to privacy at all under US rules.

            I don't have time to provide the exact link, but you can start reading here and look for other articles on the NSA at Guardian.com.

            http://www.theguardian.com/world/2013/jun/23/edward-snowden-nsa-files-timeline?INTCMP=SRCH

            1. Vociferous

              Re: NSA never requires a court order to read your emails or snail mails for non-US persons

              This is also true for telephone calls. Any communication which start, end, or both, outside US territory is completely free game for spying/eavesdropping, no warrant needed. Foreigners have zero privacy under US law.

              This also was the case long before 9/11, and it was publically known that this was the case.

              The only NEW thing revealed by Snowden, and the reason there was such a furore in the USA, was that it turns out the NSA also spies on calls made wholly inside the USA.

        4. Gerhard Mack

          @Slawek Re: Shock and horror

          Touting Hotmail as the champion of privacy is hilarious given that Hotmail is the only one of the big three email providers to not support encryption for server to server mail transfers.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Slawek Shock and horror

            Outlook.com supports TLS connectivity.

      2. Craigness

        Re: Shock and horror

        The government would be a 4th party. This is about people letting a 3rd party process their data and getting pissy that it's...processing their data in accordance with the T&C.

      3. WatAWorld

        IT contractors are third parties to their clients business relationships

        As an IT contractor do you not think your clients have a right to expect you to observe client confidentiality regarding what you learn about them and their business with their clients and suppliers?

    2. henrydddd
      Unhappy

      Re: Shock and horror

      Companies seeking to use external cloud services better think things over very carefully!

    3. Anonymous Coward
      Anonymous Coward

      Re: Shock and horror

      Google may say that users of webmail can have no expection of privcy - but what about us who pay Virginmedia? Virgingmedia has outsourced the email to Google. Wonder if this is not now a matter that should be considered by the ICO, as well as by Virginmedia.

    4. Anonymous Coward
      Anonymous Coward

      Re: Shock and horror

      I like my privacy and I use GMail.

      I still fail to see how GMail violates my privacy in any way.

      Let's say I have some private information in my email. What is the route for that information to be known, in any form, by any person, ever?

      And if there's no way anybody could ever possibly know my private information, why should I be concerned?

      1. Vociferous

        Re: Shock and horror

        1) Someone at google can simply pull your information, for shits & giggles. Doing that without authorization is probably a firing offense, but that's never stopped anyone before (e.g. nurses reading confidential patient files of celebs).

        2) US security services can request the information from Google, and Google, being a US company, must comply (and is by law prohibited from informing you about it).

        3) The British secret service is legally allowed to monitor communications to and from websites, which means it can wiretap you when you access your account. Quite probably it can also simply request your data from Google, either directly or via US security services.

        1. Anonymous Coward
          Anonymous Coward

          Re: Shock and horror

          "1) Someone at google can simply pull your information, for shits & giggles. ..."

          How does anything in your post apply specifically to Google and not any other company that provides any online service?

          1. Vociferous

            Re: Shock and horror

            It doesn't. He asked about Google, but it applies to pretty much anything.

    5. Al Jones

      Re: Shock and horror

      I don't have a GMail account. But I receive e-mail from people who do. Even if I refrain from replying to their e-mails, Google can learn things such as my name, my birthday, may family members names, my favourite team, where I went to school, maybe even my address and phone number by reading and analyzing the e-mails that are being sent to me from gmail users.

      Maybe this doesn't matter, maybe Google doesn't scan outbound e-mails to non-gmail addresses (hey, pigs could fly!), but as things stand, it looks like I have no recourse in this situation.

      I'm not nearly paranoid enough to think that Google actually gives a fiddlers about me personally, but there's absolutely no question that my awareness of this all-seeing-eye has a chilling effect on my use of the web. There are questions that I'll no longer ask, articles that I'll no longer read, because frankly I just don't want them on my "record".

      1. Anonymous Coward
        Anonymous Coward

        Re: Shock and horror

        "I don't have a GMail account. But I receive e-mail from people who do. Even if I refrain from replying to their e-mails, Google can learn things such as my name, my birthday, may family members names, my favourite team, where I went to school, maybe even my address and phone number by reading and analyzing the e-mails that are being sent to me from gmail users."

        Nobody at Google reads your email. It's stated in the T&Cs. Google "knows" your favorite sports team the same way your hard drive does. Give it a rest.

  2. Kevin Johnston

    Timing is everything

    With both this snippet from Google and the latest crash/burn of Office 361 hitting on the same day, you have to wonder how many people are going to finally realise that handing over all your data/applications/processing to a cloud just might not be the smartest option available. It certainly is not the most secure/resilient.

  3. btrower

    Now I get it...

    "Don't be evil" means you should not do evil because Google already has it covered.

    1. btrower

      Re: Now I get it...

      Or maybe this is just an artifact of efficiency measures. Their new motto is "Be Evil". Dropping the "Don't" part is a pure business decision.

      1. VinceH

        Re: Now I get it...

        "Or maybe this is just an artifact of efficiency measures. Their new motto is "Be Evil". Dropping the "Don't" part is a pure business decision."

        Well, not yet - but when they do it'll be a part of their spring cleaning process, where they decide to drop things that they feel aren't profitable enough to continue supporting. So at some point that'll include the "Don't" in "Don't be evil" - and might already have done, without them actually telling anyone.

    2. Captain DaFt

      Re: Now I get it...

      They just didn't publicise the last part of that statement because they thought it'd be off-putting.

      In full, it reads: "Don't be evil, we're watching you."

      1. LaeMing
        Go

        Re: Now I get it...

        The full version is: "Don't be evil - Google owns all the IP on evil."

  4. the spectacularly refined chap

    Not everyone has a choice

    It's hinted at in the article with reference to corporate decision making, but what about the users who are signed up via somewhere else? I know it happened to me a few years ago when I did my CCNA course with the local uni. Midway through they switched from doing internal mail internally to outsourcing it to Microsoft, so all your official notifications go straight into the hands of a private company to be commercially exploited. For an established professional doing an add-on course as an alternative to using a commercial training provider it's unlikely there's much of consequence going to that account, but it's easy enough to imagine troubled or problematic undergrads where such emails could be deeply sensitive.

    1. CABVolunteer
      Unhappy

      Re: Not everyone has a choice

      And didn't Virgin Media switch its email service over to Google a year or so ago?

      1. Jonathan Richards 1

        Re: Not everyone has a choice

        > didn't Virgin Media switch its email service over to Google ...

        Yes, indeed they did:

        We use Google to provide our mail service [virginmedia.com]

        If you really care enough, a tiny webhosting package can be had for a few pounds/dollars a year, and it will come with enough email capacity to satisfy any domestic user. Then all you have to worry about is where the data are physically hosted.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not everyone has a choice

          I think I'd be more concerned that an actual human eyeball might at some point see some of the content of one of my e-mails if I was one of a couple of hundred or even a few thousand accounts being managed at a small operation, during the course of basic spam filter trouble-shooting or system upgrades. The odds of a real human eyeball encountering one of my emails at Google or Microsoft seems a lot lower, but they're likely to be doing a much effective job of profiling me based on the content of every single e-mail that I send or receive.

        2. Number6

          Re: Not everyone has a choice

          Not only that, if you've got your own domain name, your email is then independent of any particular ISP should you wish to switch to a different one. Just check the Terms and Conditions of whichever provider you use because some will try to register the domain as one of theirs rather than yours, which makes it more difficult to move later.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not everyone has a choice

      I've got several customers using virgin connections and all their default virgin/NTL/whatever email i now done via googlemail.

  5. Mike Moyle

    "Don't be evil -- we hate the competition."

  6. btrower

    Can't do it if you don't try

    No large vendor of cloud offerings is serious about providing reliable uptime. If they were, there would be agreements in place to spread material across multiple providers in multiple geopolitical locations so that companies going out of business, backbones going down, palace coups taking place etc. would have no effect on the integrity of the data.

    To do this properly, they would have to give control of the data back to the customer and that is not going to happen without a fight.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't do it if you don't try

      Actually, I don't know about you, but I do trust Google not to lose my data more than I trust my own capability not to lose it. Google certainly replicates it across more than one continent, while most of my personal data could disappear if my house just burned down…

    2. Anonymous Coward
      Anonymous Coward

      Re: Can't do it if you don't try

      Wait, are you saying that there's a demand for that service that the market isn't meeting? Or that the customers aren't prepared to pay what it would cost to "pread material across multiple providers in multiple geopolitical locations so that companies going out of business, backbones going down, palace coups taking place etc. would have no effect on the integrity of the data".

      Or are you saying that companies could make money doing that, but don't, because they couldn't be arsed?

  7. Grogan Silver badge

    Advertisers and data mining

    I of course understand the outrage, but this is something that hasn't bothered me. Tidbits of data that are useful to Google (in this example), but trivial to me. If I have to endure advertising, I'd rather it at least be relevant anyway.

    So if I get an email from my proctologist, I don't care if I see ads for "Arseholes R'Us" instead of "Fix your PC now!" etc.

    I similarly don't care about ad network tracking (e.g. cookies) either. It's all the same annoyance to me, if it somehow helps them it's no skin off my ass. I am probably not interested in anything, though. If I want something, I usually already have it or I'll be specifically looking for it.

    I notice that the ad networks at theregister display some relevant Canadian ads for me. They looked up my IP address... the cads! (some people genuinely would be bothered by that)

    Nosy American security agencies aside (they can go and get stuffed... I certainly do resent them), that mass of data that Google has isn't really a big privacy concern. Google uses most of that information to facilitate my use of their services. They let me opt out of any social networking crap that I don't want, too. I use Gmail (for forum registrations and mailing list stuff) and Youtube and that's it.

    However, no, I do not trust third parties to handle my own mail (business or anything else important) but this is more for reliability than privacy reasons. I run my own mail from a server I have in a datacenter. Nobody is going to be reading that, without a warrant or court order. I provide mail services for my family too. I also place greater trust in my own setup, as I have complete control over it. It's been quite reliable over the years, more so than ISP mail accounts.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Advertisers and data mining

      "Nosy American security agencies aside, that mass of data that Google has isn't really a big privacy concern."

      ...talk about a major failure to join the dots.

      Yeah, once it's in Google's hands, there's no possibility of it ending up with the NSA, is there? I mean, there's no possibility that they might acquire that data through either legal (or quasi-legal) means, put pressure on Google or even have it freely handed to them?

      As for advertising companies in general, while I'm no fan of excessive ads being shoved in my face, by far the more serious issue is that while *they* only want it to sell us more shite, they're still grabbing it indiscriminately and once they have it it's quite possible for it to be sold on to anyone who wants it. And I don't doubt that they would- and will- sell it to anyone who pays them enough if that's legally permissible.

      The fact that ad companies- in the first instance- are willing to wreck our privacy only to sell us more tat doesn't make it any better.

      Of course, the power of all this information from various sources is significantly higher once it's gathered together and correlations can be made via data mining, possibly matching up anonymous or "anonymised" people with known real-world identities, at which point every bit of that "anonymous" information is nothing of the sort.

      But it's fortunate that no government bodies exist to gather such information, nor that devices which could process- or "compute"- such information have been invented, nor that there is ever *any* danger of this information being misused against political enemies.

  8. Vector
    Facepalm

    Shock! Gmail works just like Google said it would...

    ...when they rolled it out. I know, it probably only got through to the technorati, but I remember the whole "scanning" thing being all over the web when Gmail was released. Google affirmed at the time that that was how they could offer the service for free.

    1. Anonymous Coward
      Anonymous Coward

      Re: Shock! Gmail works just like Google said it would...

      When you're finished sounding smug... Why don't you tell us whether scanning occurs when "basic html" view is used and images are turned off? No ads are displayed in this configuration, hence the question. (BTW: Before you ask I'm not wedded to Google)

      1. Vector

        Re: Shock! Gmail works just like Google said it would...

        "Why don't you tell us whether scanning occurs when "basic html" view is used and images are turned off?"

        Don't know and it's rather beside the point, which is: Google was very up front about the fact that Gmail would be scanned for ad matching. Was I the only one who assumed that meant ads across the Googlesphere, not just in Gmail?

      2. Jonathan Richards 1

        Re: Shock! Gmail works just like Google said it would...

        > whether scanning occurs when "basic html" view is used

        I'm just guessing, of course, but if I were Google, with a user base which had signed up to the Ts&Cs as written [1], then I'd be doing the scanning on my servers at the time of receipt of the incoming message, not scanning the text at the point that it's sent down the line to the client reading it. The advertising is intended to be tailored to you, the reader, as an individual, not to the content of the message you happen to be reading at any particular moment.

        So, your Interest Profile, or whatever they call it, would in that case be built on the basis of your mailbox contents and your Google+ content, if you have any, and it's that which determines which advertisement links come down the line. If you're using a format that doesn't display them, then you don't see them, of course.

        [1] I'm one of those people who always reads Ts&Cs. Life is slower, but less surprising that way.

        To repeat myself, all the above is a guess based on what I think would be the most efficient way of achieving the objective.

        1. qwertyuiop
          WTF?

          Re: Shock! Gmail works just like Google said it would...

          I'm one of those people who always reads Ts&Cs. Life is slower, but less surprising that way

          Your life must move VERY slowly indeed given that, for example, the Ts&Cs for PayPal are longer than the text of "Hamlet" (http://www.bbc.co.uk/news/technology-22772321) which at 4,042 lines or 29,551 words is Shakespeare's longest play.

          1. Allan George Dyer
            Joke

            Re: Shock! Gmail works just like Google said it would...

            And the Ts&Cs make Hamlet look like a comedy.

            1. ratfox
              Pint

              Re: Shock! Gmail works just like Google said it would...

              I regret I have but one upvote to give to you, good sir!

          2. Jonathan Richards 1
            Boffin

            Fact Check Error

            > longer than the text of "Hamlet"

            Hmm. You're right, Auntie Beeb does say that. Let's count the words in Hamlet

            $ wget http://www.gutenberg.org/ebooks/1524.txt.utf-8

            Lose the Gutenberg prefatory material:

            $ tail -n +290 1524.txt.utf-8 >Hamlet.txt

            $ wc -w Hamlet.txt

            31677 Hamlet.txt

            That's slightly more than stated, but in the same ball-park.

            However, if I cut'n'paste PayPal's User Agreement, (less the Definitions, and the tables in the Schedule, which one might consult but not need to read):

            $ wc -w PayPal-UserAgreement.txt

            19654 PayPal-UserAgreement.txt

            So Auntie is playing fast and loose with the truth; the PayPal agreement is only two thirds the size of Hamlet, (but almost 7.7% more tedious).

    2. Ralph B

      Re: Shock! Gmail works just like Google said it would...

      True. I think people should only really be concerned when Google start putting content-relevant ads over PGP-encrypted emails.

  9. Eguro

    Change unlikely

    Well Google reading the emails of their users is unlikely to change, and people using gmail are unlikely to switch (not as unlikely though) - at least until the following scenario becomes commonplace:

    G: "Stephen. Could you send me that [Insert semi-sensitive content] to me? I have some ideas I think could be added"

    S: "Sure thing Georgie. What's your email?"

    G: "Georgelovesthensa@gmail.com"

    S: "Oooh, sorry Georgie, I will not be sending anything to an email provider who'll read my mails"

    G: "Gosh darn - you're the 10th person this week to tell me that"

    1. Anonymous Coward
      Anonymous Coward

      Now back in the real world

      S: "Oooh, sorry Georgie, I will not be sending anything to an email provider who'll read my mails"

      G: "Gosh darn - you're the 10th person this week to tell me that" Sorry to hear that Stephen, oh and you're fired.

      1. Eguro

        Re: Now back in the actual real world

        S: "Oooh, sorry Georgie, I will not be sending anything to an email provider who'll read my mails"

        G: "Well darnn. Lucky for you that you know others than your boss - or that would've been me and I would've surely fired you!"

  10. gophop

    The future is here! Hand your data over to the cloud!

    This is one of several reasons I keep my clients' IT local.

  11. Chipmunk
    Facepalm

    One more part of the paranoia

    It's not just the users of the cloud providers who have no expectation of privacy ... any email they receive from outside users is also "in the system". Hmm, maybe we need a "Do Not Read" check box option. Right up there with the "Do Not Hold Your Breath" check box!

    I wonder what advertising they send to spammers? Just a thought.

    1. LaeMing
      Joke

      Re: I wonder what advertising they send to spammers?

      Discounts on known active address lists, probably.

  12. Anonymous Coward
    Anonymous Coward

    'Cloud users have 'no legitimate expectation of privacy'

    Well I'm glad we got that straight... The disclosure sounds more like 'I want to make the world more open' zuckerberg

  13. Anonymous Coward
    Anonymous Coward

    "Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed."

    Now the NSA will have the postal service start opening mail. After all, information was handed over to a third-party and thus you have no reasonable expectation of privacy. Now you have all those privacy notices you receive, well, now companies can not have to worry about privacy. They will just declare that you turned the information over to use and you had no exportation of privacy and as such, we just decided it wasn't worth the money to encrypt or secure anything. Expect all your information to be sold too.

    Google is definitely looking at that wrong. Who you call cannot be a secret, if it was, then how would your call ever be connected? The equipment has to process what number you want to call, so it can connect the call to the line. The payload, which in this case is your conversation is not kept and looked at. So, Google can look at where you want to send the email but not the payload. That is what you would interpret that as. That is also why headers are allowed to be looked at by your ISP. They need that in order to route and switch the packets. The payload is a different matter.

    1. Yet Another Commentard

      Indeed

      The quote to me reads that by definition the telco must know the number I dialed in order to make the connection, so I have no right to expect them not to know the number. It's a bit circular, but makes sense. It does not mean I dialed using their equipment, so they can eavesdrop on the call.

      Your mail analogy is correct, I understand the post office needs to know the address to which a letter is sent. Often there's a return address outside the envelope, and by disclosing that I accept that they can link sender to recipient. I do not expect them to open all the letters, read them, insert appropriate advertising leaflets, make a note of some keywords "for my convenience" re seal them and then deliver them.

      Google need to know how to route an outgoing mail, so I have every expectation they can see/read some form of address. Not the content. Of course, the T&C say otherwise (but I doubt it was shown in a big font in red underlined on the first line of the T&C and in plain English, but not using gmail I wouldn't know.).

      1. Anonymous Dutch Coward

        Re: Indeed

        I agree with your explanation about email providers not being allowed to read the contents of the email in general... but in this case, yes, Gmail has specifically mentioned they would do this (even if not in red letters) when the user signed up.

        Too bad many people don't read T&Cs. That's really their problem.

        However, ISPs etc suddenly doing deep packet inspection, reading email contents without it being contractually agreed with the customer, *is* a problem, yes.

    2. Sureo

      You forget Google's business is pushing advertising. If it couldn't scan user's email to facilitate its business, there would be no gmail. And no google search, and all of the other "free" services. You just have to decide if you want to pay the price for the service.

      1. Anonymous Coward
        Anonymous Coward

        First intelligent post on here all day.

        If you don't want Google to have your data, go PAY someone for similar searches. Otherwise advertising is the only way these companies can off you free data.

        I can't stand freetards.

        1. Uffish

          "advertising is the only way"

          Commercial TV stations are financed by advertising but don't spy on me.

          Google et al just like snuggling up with Creepy.

    3. streaky
      WTF?

      Yeah dunno the reg thinks "legally it looks like the Chocolate Factory is in the clear" just because Google have made an argument, doesn't mean it's a valid defence. The closest internet analogy to the argument that Google are making is you have to tell your ISP what IP you want to connect them and they can use that for managing their network. That's not the same issue as them then trawling through that data to throw ads at you.

      If your phone bill came with a package of ads that we're "we see you've been in contact with the AA's insurance, here's some adverts that might be relevant" - you'd be *extremely* pissed off. That's what Google are *actually* doing, and really worse: they're not just looking at your list of calls, they're actually listening to the call to throw even more ads at you.

      Not for nothing but you *do* have an expectation of privacy using a third party - and even if their argument works in the US courts (which is frankly unlikely) it's not going to work in EU ones. If Google don't want to give people privacy in their communications they should get out of the communications business or face very hefty incapacitative fines so they think twice in future.

      1. Bluenose

        Your correct in your interpretation.

        In fact if you look at their example there are a number of factors that they are ignoring:

        The assistant has been authorised by the addressee to open their mail; in Google's case can they show that the recipient of the e-mail has authorised Google to open their mail?

        The assistant would process the mail in accordance with the addressee's instructions; do Google or is their processing outside of the recipient's requirements?

        Any use of the information in the mail by the assistant for their personal benefit would be a breach of confidentiality and possibly contracf; the same could be said for Google's use of the e-mail content.

        On that basis I don't think that Google could depend on the case mentioned. However, Google are in the clear as their T&Cs do state that they have this right and people have agreed to sign up to it. There are other products on the market that provide the same or similar functionality and therefore I don't believe the class action stands a chance.

    4. Primus Secundus Tertius

      Handed to conveyor

      If you hand over the number you are calling so it can be connected, then you are also handing over the voice messages so they can be conveyed.

      By that logic they have the right to tap into everything.

      And in the UK they have the right to demand decryption keys. Or is it just the right to encryption keys; did they take account of public/private key systems? Can they demand from both receiver and sender?

      Whether they can demand codebook entries is not clear; e.g.

      I love you - the fuzz are watching.

      See you later - the instructions are in the dead letter box.

      1. Intractable Potsherd

        Re: Handed to conveyor

        @Bluenose: I tend to agree - there is a world of difference between the "personal assistant" opening mail, and the delivery-person doing the same. One would be an authorised act by someone with whom there is a relationship of control which can be terminated at any time and for any legitimate reason by the person whose information is being seen.* The other would be an illegal action, and also one that breaches the contract the delivery person has with her/his employer (AFAIK, a postie** would not be able to open my mail due to contractual restrictions even if I gave express permission). However, if it is a postcard, the postie will, if they are so inclined, see the picture on the front, and the message saying that my mother is having a great time and wishes I was there.

        To my mind, the question is whether an email is more akin to a letter (something that has some expectation of privacy merely due to being in an envelope to protect it from all and sundry looking at it, more so if says "Private" or "Private and Confidential"), or is it a postcard? This is a vital question for email service providers and users - does someone need to come up with the "email envelope" which is, in fact, trivial to overcome, but which conveys an idea of expectation of privacy?

        *There is, however, an interesting argument about the information about the sender is giving, and what expectations of privacy there are from that side.

        ** Just as an example: there are many others in the chain that could do the reading, of course.

      2. Anonymous Coward
        Anonymous Coward

        Re: did they take account of public/private key systems?

        Given a private key, the corresponding public key can be very easily derived from it.

    5. Anonymous Coward
      Anonymous Coward

      Optional

      "Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call..."

      And presumably the defendent, by providing an electrical representation of his voice to the telephone company in order for it to be transmitted, had no expectation of privacy in the content of the call either?

  14. Gannon (J.) Dick

    Shannon's Maxim and Kerckhoff's Laws

    http://en.wikipedia.org/wiki/Shannon%27s_Maxim

    Very nice Google, legally and technically correct.

    1) Users have the right to try to be obscure, although it won't do them any good.

    2) Oh yes, and Google if your tax avoiding ass gets anywhere near dry land you'll be shot as a spy. That's what happens when coded communications get decoded and read before they are delivered to the intended recipient. Shannon and Kerckhoff had that one figured out too.

  15. Someone Else Silver badge
    FAIL

    IANAL, but...

    When you read through the full filing, however, it turns out that Google's assertion is legally correct. In 1979, the US Supreme Court considered the case of Smith v. Maryland, appealing the use of a wiretap on a telephone, and they ruled that:

    Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed.

    Google is making the same argument [...]

    Methinks your analysis is incorrect; there is a difference. The "dialed numbers" constitutes metadata, not that actual content of the call. By my engineer's reading of the quoted toothsome morsel, one could surmise that Google could legally use any of the information in the e-mail's header, which (according to no lesser authority than the NSA) is also metadata, while the content of the e-mail is .. well...content. Given the legal pretzel that "the Administration" is bending itself into to justify PRISM et al, it seems the Plaintiff(s) should be able to leverage that tenuous to whup Page upside his pointed, privacy-disdaining l'il head.

    1. hollymcr

      Re: IANAL, but...

      The "dialed numbers" constitutes metadata, not that actual content of the call

      This is certainly true.

      However, it could also be argued that the telco's "systems" do look at the call content. Certainly these days where the analogue data is converted to digital and presumably compressed, the systems must access the data stream. Just, as others have said, that any company offering spam filters must by definition have systems that "look at" the email content.

      So the question is really just down to what is legitimate. We are not talking about Google employees reading their users' email content, we're just talking about what their systems do. Google fund their services through advertising, and as a user I would prefer to see a handful of maybe relevant ads than a screen covered with random ads in the hope that one might be relevant (the way it used to be). I therefore accept that Google's systems "read" my email for various purposes, including targetted ads, spam checking, and various other filtering functions.

      I would *not* on the other hand be happy to find that Google employees were reading them, and I don't like the idea that the American (or for that matter UK) security services can read them (or use systems to scan them), although I know it has always been thus in one form or another and the day it bothers me enough to do something about it is the day I will start routinely sending encrypted emails.

      Bottom line, Google provide a service and are open about how they fund it. They are much more open about this than, for example, supermarkets are about how they give free wifi so they can track customers. And for that matter, you can read Google's terms and conditions, but where will I find the US or UK government ones that tell me what they will do with data? I choose to use Google but can choose not to. I choose to use Facebook in certain limited ways but can choose not to. I choose not to use Twitter (only because I can't be arsed with it, not for any privacy reason). Where do I opt out of government abuse of data?

  16. Gannon (J.) Dick

    And the 2013 Foreign Policy Darwin Award goes to ... Barak Obama!

    Instead of arguing the value of privacy or nuclear non-proliferation, simply turn the old nukes over to Larry Page and he'll sell them on E-Bay. After all, mankind has no reasonable expectation some nutter nation won't make a boo-boo.

  17. Anonymous Coward
    Anonymous Coward

    hah hah,

    love all the google apologists.........no matter what evil google commits their stance is 'google in an open source company, therefore they can do no wrong'

    even though google only uses (abuses) open source software to its own commercial benefits.

    If google want my personal data then they need to pay me to use their crappy services. Unfortunately, they cannot afford me so they can flack off.

    1. Anonymous Coward
      Anonymous Coward

      Re: AC@2334

      Google's brain washing machine has obviously been operating in hyperdrive. I was once accused for recommending adware here when I made the suggestion that someone switch to Chrome. That was years ago. Now? Quite the opposite. Say one thing bad about Google/Chrome/Android/... and let the avalanche of downvotes pour in.

      Glad I've given Gmail the big fat middle finger a long while back. While I personally do not have THAT much of a problem with Google going through my mails for the purpose of displaying relevant ads I do have quite an issue with their arrogance as of late.

    2. Craigness
      FAIL

      The stance is "Google is doing what they said they would do and what users agreed to". Feel sorry for all the haters, having to hate no matter what innocent things Google does.

  18. Frank N. Stein

    Privacy?

    Get over it. Your life is an open book. Google, MS, AOL, Yahoo, et al can all read and analyse your e-mail, cloud storage, phone, PC, tablet, and a$$ and you can't do a dam thing about it. So just swallow before the next one shoves it on your mouth and get use to it.

  19. Mitoo Bobsworth
    Devil

    Horses for courses

    I set up my Gmail account to handle spam & unwanted email - so anything I enquire of online that I think may be remotely spammy or gratuitous gets that address. Just sayin'.

  20. Rukario
    Big Brother

    Next thing you know...

    The TLA-ridden agencies will declare using local file storage as a terrorist act.

  21. Zot

    I was going to use the cloud for an external backup.

    By 'cloud' I mean a flashing black box in an unknown room, in an unknown town, in an unknown country, owned by an unknown individual, to store my personally valuable source code. Then I thought, I wonder how big the largest password key can be on WinRar? And thinking about folding it more than twice inside other passworded RARs...oh dear.

    In the end I put it on a flash drive and gave it to a disinterested (not a computer person) friend to look after away from the house!

    Paranoid? Not one bit. Happy about the backup's security? Hell yes!

    1. Pascal Monett Silver badge

      You call a flash drive a backup ?

      Man are you in for a brutal wake-up if you need it five years from now !

  22. Anonymous Coward
    Anonymous Coward

    What a surprise!

    Google - redefining evil...

  23. Dave Bell

    How is Google's attitude going to affect the way the EU regards the USA as a place where protected data can be stored and handled. There seems to be an implicit expectation of privacy as a result of that, but it could be part of the growing pattern of "You though we meant it" on privacy of data in the USA.

    Legally, they might be in the clear, but saying there is no expectation of privacy may being going a bit to far. Google haven't hidden what they do, and it's the US government that is the elephant in this room.

    1. Anonymous Dutch Coward
      Mushroom

      EU response

      The EU response will be absolutely zilcho, nothing, nada - just look at the so-called "Safe Harbor" to make is possible for EU companies to store confidential/client data in the US without falling foul of EU data regulators.

      It is in effect an admission that the US (i.e. a foreign government) may unleash the Patrioat act ("the government can look at the data even without telling us") on EU data.

      After this, do you really think EU government instituions will care?

  24. Anonymous Coward
    Anonymous Coward

    I take issue with this:

    "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery,"

    I'm a former postman – yes the customer “cannot be surprised” if their letter is opened by someone else, however it is drummed into you that anyone opening mail not addressed to them is committing a criminal offence (in the UK anyway). Therefore – accepted – customer has no reasonable expectation of privacy, however the customer has 100% come back if their mail is opened by anyone else.

    If the same cover isn't applied to electronic mail that is applied to physical mail then it should be applied. Til then maybe we should go back to snail mail if you want a reasonable amount of privacy.

    1. Anonymous Coward
      Anonymous Coward

      Point taken about postal workers opening mail being an offence, but when the government is busy telling us that ISPs should intercept all traffic to protect the children, why isn't it investigating all postal workers who might be delivering illegal material?

  25. T. F. M. Reader

    So how about a new SMTP header?

    Hmm... Now Google say they are just like my secretary rather than the postman, eh?

    Fine. I would naively assume that I could instruct my secretary to not open/read/filter letters from certain correspondents or, for instance, not open any letter marked "Personal and Confidential".

    So how about (a) adding an optional X-Confidential header to SMTP, and (b) letting GMail users create a list of correspondents whose emails should be treated as private (when either the sender or the recipient has the other party in his/her "confidential" list)? Will Google honour such arrangements just like an assistant would? I.e., scan the headers (metadata) and pass the body through their algos only if permitted? If not, their analogy beaks down.

    Not that I'd trust them, necessarily, but I would consider it a confidence-building step if they did implement such a provision.

    1. Anonymous Coward
      Anonymous Coward

      Re: So how about a new SMTP header?

      Google will do that — provided you pay for a business account.

      It's cheaper than a secretary, too.

  26. Paul Shirley

    sadly it's the nature of email transmission

    email is the equivalent of sending a postcard, you hope no-one bothers reading it but that's all it is - hope. Anyone the data transits through can intercept your mail, always been that way and until we get a universal secure delivery system it will continue that way.

    Want privacy, put it in an envelope, encrypt your mail end to end. Disappointing but that's the ongoing reality of email.

    Even more disappointing that new users only discover that when a shock headline appears, though quite how anyone could miss the constant warnings that Google do this is a mystery. Microsoft alone seem to have a whole PR operation endlessly grinding out reminders about it.

  27. Day-Jar View
    Pint

    So what do chocolate-munching contract negotiations sound like?

    A. I'd like to buy some chocolate. How much will you tell my competitors about my fetish?

    G. Oh, that's great! Nothing, except what they've asked us to report. BTW, want to buy some some analytics about your core R&D topics? Just tell us the word...

    I wonder who weighed the benefits and risks - and checked the small print when the UK government's tech R&D outfit decided to use choc-mail?

  28. John Munyard

    Dumb

    You know Google have just confirmed my suspicions about the value of cloud computing as a concept.

    For a few years now all these industry thinking wonks have promoted the cloud as the future of computing. In a single dumb stroke Google have just given us all a cast iron reason to abandon it.

    I suspect that Google's own cloud and mail services will take a drop now (or they bloody well should) but unfortunately so will a number of other companies who've invested heavily in this technology. I bet they are getting thier voodoo dolls out for Google right now.

    Corporate greed just kills off everything worth having in the end doesn't it?

    1. Neil B
      Megaphone

      Re: Dumb

      @Dumb "Corporate greed just kills off everything worth having in the end doesn't it?"

      Corporate greed created GMail and Hotmail in the first place.

      1. hollymcr

        Re: Dumb

        On the contrary, user greed created them. We want everything but we don't want to pay for it. Which is the only reason why advertising funded applications like these are developed.

        How often do most people pay for a mobile app when the only benefit is removing the ads? I know some do, but I'd bet it's a tiny minority.

        It turns out we get what we pay for. If we want email services (and search engines and mapping tools and all the rest of it) to be the product we have to start paying for them. Otherwise we have to accept that we're the product, being sold to advertisers.

        1. hollymcr

          Re: Dumb

          It would be great if El Reg had an option to pay to remove ads, with the only other benefit being maybe an extra "no-ads" icon to use when commenting.

          That way all the people who like to whinge about advertising funded services can choose the high ground, and those who refuse to pay when given the option can be called out for the hypocrites they are.

          (Can't imagine I'm going to make many friends for saying so though!)

  29. WatAWorld

    Third parties is an awfully huge group for such a broad assertion

    What a stupid statement: "Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.'"

    Google's lawyers are saying that Google has no legitimate expectation of privacy in information it voluntarily turns over to third parties like its lawyers?

    And medical information to your doctor or company HR officer.

    Income information to your accountant.

  30. Frogmelon

    I think there's a massive difference between a third-party whose function is as a conduit of said information, rather than a third-party who acts for and on-behalf-of the intended recipient of the same information.

  31. Anonymous Coward
    Anonymous Coward

    Andriod

    Wonder if the EU can force google not to enforce a gmail connection for their phones?

  32. ingie
    Coat

    Shock!

    I'm amazed.

    Are you really telling me that if i enter data into a machine,

    that the machine then knows the data that I've entered into it!

    What magic trickery is this?

    It's almost as if it has a "memory"...

  33. Anonymous Coward
    Anonymous Coward

    Calm down privacy lovers

    Yes Google reads your emails. Google's machines to be specific. Not their employees - they have better things to do. What does it matter if a machine is reading your emails.

  34. Joe Montana

    Privacy

    Google were always pretty clear (if you bothered to read the agreement before blindly agreeing to it) that the cost of the gmail service was that they would parse all of your email and use it to target advertising at you.

    It has also always been clear that google is a us based company, and therefore beholden to us laws, and if you bothered to read up you would find that us law only applies to us citizens and non us citizens if they are located in the us. As such, the us laws which offer a right to privacy do not apply, and once your data has left your country and entered the us your own laws no longer apply to it either.

    This information has always been available to anyone who ever signed up to gmail, so anyone who signed up has either decided they don't care, or blindly agreed to terms that they couldn't be bothered to take time to understand.

    You can't provide an email service for free, the servers have to be paid for somehow... either indirectly through advertising, or directly via a subscription... some greedy providers may even use both methods. If you don't like the advertising model, find an email provider where you can pay for the service directly, or host a server yourself.

  35. Anonymous Coward
    Anonymous Coward

    Google are not the "recipient's assistant".

    They are the mailman.

  36. GotThumbs
    Boffin

    No service is free.....Only an idiot would think so....

    Now if Gmail or any other currently free email provider gave the option to pay an equivalent monthly fee for the email service in exchange for privacy, do you think these protesters would pay? It would be interesint to know how much revenue Google gets from the average user.

    If people think a company can survive/thrive by giving its services away for free and still remain in business....I'd like to see them try.

  37. sisk
    Facepalm

    If you use email to send a message, regardless of the email provider you have no more legitimate expectation of privacy than if you send a post card. Anyone with even the vaguest understanding of how the system works knows that if you want privacy you have to encrypt the message on the client side with strong encryption before sending it, and I'm pretty sure that's not an option with any webmail service (with a couple recently-shut-down services).

  38. Anonymous Coward
    Anonymous Coward

    Oh gosh...

    Here it comes...

    More delusional idiots to trash talk Google.

    Hey guys, if you don't like Gmail, DON"T USE IT! In fact, why don't you freetards go PAY for something that promises privacy instead of expecting a 'free' service to not make any money in any way possible.

    Bunch of freaking loons. I swear!

  39. Anonymous Coward
    Anonymous Coward

    Did they change the definition of "read"?

    I fail to see how my privacy is compromised by GMail in any way. Nobody (i.e., no person) reads my email and their algorithms don't report the contents of my email in any way to any person. Since the ads are hosted by Google, there's no possible route for any information about me to get back to the advertisers.

    So seriously, please, what is the privacy concern?

  40. Clarity1
    IT Angle

    Supreme Court Precedent: "Pen Register Differs from Listening Devices"

    Re the "recipient's assistant": If you send a letter to a busy law firm, you expect staff to open and sort mail. However, the staffer -- a Personal Assistant. (PA), Senior Administrative Assistant, or some such title -- is hired after a careful reference check, and keeps their position only if they sustain trust. That staffer trusted to view incoming mail, and type the lawyer's dictation for outgoing mail, is a far different situation than an arena of strangers, names unknown, who might run a third-party email client.

    A law firm, health clinic, fund-raising charity, and many other organizations are bound by rules of confidentiality. That includes the handling of incoming and outgoing mail. Even low-level staffers must respect confidentiality, or the system would not work. So how can Google make the argument that Gmail should be no-holds-barred? With that, Google is treating customers as the enemy. When did that creep in? Google used to stand for "white hat" tactics all the way.

    The 1979 Supreme Court precedent does not support Google. As another poster said, phone numbers shared with a telephone company are metadata (parallel to the address, return address, and cancelled stamp visible on an outer envelope). From that, you cannot extrapolate to sharing the content or words of a telephone conversation. Follow the link to the precedent, and read the actual ruling, which says:

    <blockquote>Smith vs. Maryland, U.S. Supreme Court, 1979:

    "The activity took the form of installing and using a pen register, which has limited capabilities. A pen register differs significantly from listening devices... for pen registers do not acquire the contents of communications.

    "A law enforcement official could not even determine from the use of a pen register whether a communication existed. These devices do not hear sound. They disclose only the telephone numbers that have been dialled - a means of establishing (whether) communication (occurred). Neither the purport of any communication between the caller and the recipient of the call, their identities, nor whether the call was even completed is disclosed by pen registers."</blockquote>

    1. Pascal Monett Silver badge

      Re: "Google used to stand for "white hat" tactics all the way"

      Yeah, they used to hide their true nature very well, but since then Eric Schmidt has done his darndest to educate people concerning the true nature of the Chocolate Factory, so that chicken has flown the coop a while ago now.

  41. Howard Hanek

    Cloudy Future

    It's difficult to imagine anyone doing serious business or sensitive correspondence who would ever use Cloud Services now or in the future. The whole concept of big data will have to undergo a complete change in architecture and security and the legal questions resolved to the users satisfaction before it will ever again receive serious consideration. The entire climate of surveillance and government access will force most of these transactions out of the hands of those mucking it up today.

    1. Pascal Monett Silver badge

      "The entire climate of surveillance and government access will force most of these transactions out of the hands of those mucking it up today."

      One can only hope.

This topic is closed for new posts.

Other stories you might like