
Google Counsel to Arrington Allegation: We Don’t Snoop on Gmail to Find Leakers - ghosh
http://recode.net/2014/03/25/google-general-counsel-to-arrington-allegation-we-dont-snoop-on-gmail-to-find-leakers/
======
comex
At the moment, all three top level comments are accusing Google of lying,
despite the fact that these kinds of flat denials by high-profile companies
are almost never proven false, probably because they almost never are false.
(As described elsewhere, PRISM was not such a case.) In this case, the
original story was already dubious, and it should be clear that the fallout
from being caught lying would be drastically worse than either ignoring the
story or being the second to admit to doing something (legal) that Microsoft
already admitted to. The fact that the comments exist anyway tends to shake my
faith in the rationality of other, more credible criticisms of big companies
in this forum.

~~~
lawl
Of course they don't lie. Overly specific denials are much better than lying.

> _“Mike makes a serious allegation here — that Google opened email messages
> in his Gmail account to investigate a leak,” Kent Walker, Google general
> counsel, said in a statement._

and

> _“The source had corresponded with me from a non Google email account, so
> the only way Google saw it was by accessing my Gmail account,” wrote
> Arrington. “A little while after that my source was no longer employed by
> Google.”

Arrington declined to comment._

See, you don't need to actually open the email to see if a correspondence
occured.

At least that was the first thing I thought when I read the article. But of
course, we'll probably never know. And I agree with you that we shouldn't jump
to conclusions, it's just a possibility.

Should they get caught I doubt there will be a fall out. They can go the NSA
route: It was _just_ metadata.

~~~
declan
Huh? Kent's statement on behalf of Google was anything but narrow. It was
general: "We have never done this."

If I'm comparing the veracity of Kent's blanket denial vs. Mike A's
hypothetical well-maybe-they-did (which could be satisfied through multiple
alternative methods), well, that's an easy call.

~~~
lawl
> _Huh? Kent 's statement on behalf of Google was anything but narrow. It was
> general: "We have never done this."_

The definition of _this_ in context:

> _that Google opened email messages in his Gmail account to investigate a
> leak_

So that's not a blanket denial. Mike accused them of " _accessing my Gmail
account_ ". Which Kent _explicitly_ rephrased to " _that Google opened email
messages in his Gmail account to investigate a leak_ ".

That's pretty narrow in my books.

------
fpgeek
Let's put Google's denial off to the side for one moment. The core of
Arrington's accusation is broken:

"The source had corresponded with me from a non Google email account, so the
only way Google saw it was by accessing my Gmail account."

No, that's not the only way Google could have seen this email. It could easily
have leaked via the non-Google email account: The employee could have
(intentionally or accidentally) forwarded the email to their work account. Or
they could have sent it or accessed it unencrypted from a Google internal
network. They could have also sent the email to someone else who passed it on
to Google. And so on.

Yes, these are all stupid mistakes that your careful, tech-savvy leaker
shouldn't make, but people make mistakes like them all the time. And I
wouldn't expect an inebriated leaker to make a point of mentioning whatever
stupid mistake they might have made (if said leaker even realized where they
went wrong).

~~~
furyg3
I would find it very dubious if my own employer asserted that it was
appropriate to read and act on an employee's private, non-work email because
that employee accessed it from their network or device.

If I were a Google employee I'd be pretty interested in getting answers as to
how they acquired this information, and to advocate to change internal
policies if this was the case.

It also makes me think twice about ever working for an organization where I
don't have root on the devices I use.

~~~
skj
Google employees have root on their devices, unless it's a chromebook pixel
for some reason. If you root that you can't use the corp network. Not sure
why, since you have root on any other kind of laptop you might get from corp.

------
brisance
The headline is wrong but I wouldn't put it past some rogue Google employee
who does have such powers and has abused them. Case in point: David Barksdale,
ex-Googler. [https://gawker.com/5637234/gcreep-google-engineer-stalked-
te...](https://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-
on-chats)

~~~
skj
Such access is highly audited in Google. That audit trail was used as evidence
against the person in question here in a criminal trial.

(That link isn't working, for whatever reason, so I'm just assuming it's the
same case that I'm thinking about)

------
sc68cal
Just like they denied they had no knowledge of PRISM or any other NSA
programs? They got awful quiet about that when the NSA started saying that
Google and other companies knew what the NSA was doing. So, Google has already
demonstrated that they will do or say anything so that people continue sharing
and storing personal information on Google servers.

~~~
aniket_ray
And it turned out that Google was correct. Guardian backtracked on their
original story and changed the story to NSA surreptitiously stealing user
information rather than claiming tech companies were complicit. In response,
Google enhanced encryption to further protect users.

~~~
sc68cal
Here is the full update:

"• This article was amended on 20 March 2014 to remove statements in the
original that the testimony by Rajesh De contradicted denials by technology
companies about their knowledge of NSA data collection. It was also updated to
clarify that the companies challenged the secrecy surrounding Section 702
orders. Other minor clarifications were also made."

They may have updated their article to excise the denials about PRISM -
however the water is still muddy regarding the truthfulness of their
statements under numerous other programs that the NSA has conducted under
other legal authorities like Section 702, Section 215, etc..

~~~
dannyr
So why did Google just removed http & is now only https?

For show?

~~~
skj
No, for improved security.

The http/https question is completely irrelevant to the PRISM-complicity
question. I'm not sure why you brought it up.

------
Lambent_Cactus
When did we decide that Michael Arrington, of all people, was a credible
source for allegations like this in the first place?

------
jessaustin
Stipulating to Arrington's claims for the moment, he doesn't come across as
very security-minded. When you're collaborating with a "whistle-blower", the
employer is your adversary. Why would anyone use the employer's communication
service to collaborate in such a case?

------
Maakuth
This would be an excellent chance for Google et al. to just drop the
permission of them reading Gmail users' e-mail from the terms of service. If
they have no intention of doing it, why leave it open in the terms?

~~~
curiouscats
I agree, the lawyer denies it, then says we have the right to do so now and in
the future. And adds, though I can't imagine when we ever would.

The right to snoop through your email is the problem (the algorithmic
searching to place ads I can understand some people finding annoying but that
is the bargain for using Gmail - it isn't that I am talking about - it is the
snooping for whatever purpose Google has for reading your emails by a person
at Google).

That you promise to not do what you give yourself the right to do is not worth
much of anything. I don't imagine this lawyer would sign off on legal
contracts that had bad clauses that the other side said "no, leave the
contract the way it is, just trust us to not ever use that clause."

------
wudf
In tv shows, this would be called plausible deniability.

------
adamnemecek
Somehow I'm not convinced.

------
jrlocke
"I am not a crook."

------
ForFreedom
Google does not snoop, they just search

