
Google Accused of Wiretapping in Gmail Scans - hudibras
http://www.nytimes.com/2013/10/02/technology/google-accused-of-wiretapping-in-gmail-scans.html?hp
======
inerte
Everybody is quick to remember how gmail users accepted the terms and how the
ads pay for the free service, but for me the most interesting part of the
article is what happens for those that send emails to a gmail account?

This person never agreed to have its email scanned. Never agreed that its
email address would become an index key on a profile to serve ads. Never
agreed that its writing/attachments, commercial or not, would be part on how
Google makes its money.

I've heard about people manipulating HTML forms to submit lower prices when
shopping online. What happens if I send a poem that I wrote to a gmail account
and append a Terms of Service to it, basically saying if Google scans this
email with commercial intent they must pay me money? Is something like this
even possible?

~~~
cynwoody
Substitute for Google's silicon assistant a human personal assistant of the
intended Gmail-using recipient. "If any person other than X reads this
proprietary poetry, they owe inerte big bux!"

The mail recipient chose Google to handle his email. He could also have chosen
some random human to assist him with handling his email. There is no
difference.

If you wish to correspond with such a user, you must trust him not to show
your email to parties you find obnoxious. If he betrays you in that regard,
your beef, such as it is, is with him, not the parties he hired to handle his
email.

~~~
gibwell
As stated in the case, most users don't know what the assistant is doing. So
by your analogy the assistant is reading the mail without permission and then
secretly using what they learn to make money for themselves.

In such a case, we would certainly blame the assistant.

------
natrius
Google makes a good point: if it's illegal to scan emails to serve ads,
doesn't that mean it's also illegal to scan emails to filter spam and
prioritize email?

~~~
greenyoda
There's a difference: filtering spam and prioritizing mail is something that's
done for the benefit of the user. However, scanning e-mails to maximize ad
revenue (they can charge the advertisers more for "relevant" ads) is Google
using the contents of your e-mail for their own benefit.

~~~
Flenser
Revenue which pays for the FREE service. If the choice was gmail with ads or
no gmail I know which I'd choose.

~~~
dingaling
> Revenue which pays for the FREE service

Google also scans e-mails in paid Google Apps accounts.

Edit: correction to myself. Whilst paid Google Apps accounts still show ads
and Web Clips, Google now have this statement:

 _If you are using Google Apps (free edition), email is scanned so we can
display contextually relevant advertising in some circumstances._

[http://support.google.com/a/bin/answer.py?hl=en&answer=60762](http://support.google.com/a/bin/answer.py?hl=en&answer=60762)

the implication being that the paid accounts are scanned only for virus, spam
and Priority Inbox processing.

Sorry, I was wrong.

------
eggnet
Google also has to scan your email to index it, for searching. And as far as
privacy is concerned, that is the biggest danger, the NSA (or whoever) being
able to ask google for all email with a certain keyword in it.

To summarize, they scan for spam filtering to make email usable, advertising
to make it free, and indexing for searching.

I don't see how web based email can function without scanning it. And frankly,
I don't see how high quality spam filtering can be done without scanning and
sharing data across users in general, not specific to web mail.

~~~
ma2rten
What does it even mean to "scan" emails? If Google receives the email, saves
it to disk and later retrieves it again, maybe reformats it, is that really
fundamentally different from a technical point of view? It's all bits and
bytes after all.

Targeted advertising is creepy to humans, because there is some notion that
the computer "understands" what you are sending and builds up a profile about
you. But, if you take a sober technical point of view, it's hard to accuse
Google of anything. Maybe Google should educate it's users more how those ads
are generated?

------
smtddr
In light of the whole NSA thing, it's difficult to see where this registers on
the scale of importance/relevance. Let's say Google is guilty of scanning
email text for ads. What does that mean? Judge then orders G to stop, and they
do. G pays a big fine(which is nothing to them). Will people feel safer about
their Gmail afterwards? I guess filters will be out of the question unless you
opt-in for Google to scan your email, which I suspect most users will. Some
big ol' wall of text EULA/ToS next time you login, you'll have to accept... or
at first you'll deny and your emails will be a mess... then you go back and
accept.

~~~
gibwell
It's highly relevant. If we say Google can scan your email just to support an
arbitrary business model, how can we make an argument that the NSA should be
prevented from doing it in the name of national security.

It isn't a good thing for Google to try to make loss of privacy seem like
business as usual.

~~~
cynwoody
That's easy.

You signed up for Gmail knowing how your email service is being paid for.

As for National Security, well, the hell with it! No role for a nation or
security unless I get to define the parameters of my privacy!

Snowden 2020! (When he'll be over 35 ;)).

------
znowi
Google lawyers are presenting a clever argument, which on the surface looks
quite sensible. But the accusation is not about scanning, but _wiretapping_ ,
which, as the judge notes "primarily used to create user profiles and to
provide targeted advertising". It is not the same as sorting out email or
looking for virus signatures in attachments.

If you follow Google's notion of _implicit consent_ to such practices, then
any traffic online can be lawfully intercepted and profiled. When you send
data over a third party router, you give permission to spy on yourself. I
don't think so.

~~~
deathanatos
> If you follow Google's notion of implicit consent to such practices, then
> any traffic online can be lawfully intercepted and profiled. When you send
> data over a third party router, you give permission to spy on yourself. I
> don't think so.

I disagree. Google is not intercepting traffic willy nilly: you _sent_ the
traffic to Google, when you emailed john.smith@google.com. Comparing Google
reading traffic that was transmitted to it with a wholesale "any traffic
online and be lawfully intercepted and profiled" is exaggerating the scope of
what is going on here.

Also, what is the prosecution hoping to gain here? If they win, and Google
can't serve relevant ads… are we out of a good email service? (I suppose
Google could still try to serve ads, but they just would be in the dark w.r.t.
the email content.)

~~~
dingaling
> you _sent_ the traffic to Google, when you emailed john.smith@google.com

How about when you emailed @guardian.co.uk? @specsavers.com?

Under the covers they're using Postini + Gmail. Did you consent to sending
that traffic to Google?

Wat about people living in LA, who have no option but to send their traffic to
Google when they e-mail their local Government at @lacity.org?

NOAA, State of Wyoming.. the list goes on.

[http://www.google.com/intx/en_uk/enterprise/apps/business/cu...](http://www.google.com/intx/en_uk/enterprise/apps/business/customers.html)

------
walid
And how is scanning your email different from scanning your facebook posts
both private and public. If the plaintiff wins, bye bye advertising supported
services.

------
infocollector
1\. Do we know that Google is only using this information to show
Advertisements on Gmail? What else does it do with this information?
(Suggestion to Google: Trade stocks automatically ;-)

2\. Does Implicit consent argument make sense?

3\. Perhaps scanning for spam can be done without looking at content? Or
looking at content at the client side instead of server side?

Lets for a moment assume that this is perfectly valid business model. Then
what stops Windows from sending MS keywords, pictures and everything else from
your home computer. Or sensor information from android/iphone to the parent
companies.

Not to mention every car/house that was made by now should be sending
everything you speak inside the car to GM/Ford/Builders?

Something does not sound right to me. A TOS should not allow a company to do
whatever it wants with data.

------
hrasyid
Wow, how did they manage to find a judge who seems very knowledgeable on tech
issues?

