Here's some more bad news to add to the pile of concern over email vulnerability, a brief filed by Google's attorneys has just surfaced and revealed that Gmail non-Gmail users who exchange emails with a Gmail user should have "no legitimate expectation of privacy"—ever.
The brief, unearthed by Consumer Watchdog, was filed on July 13, 2013 in response to a class action complaint against the company to the United States District Court for Northern District of California in the hopes that the court would dismiss the case. According to the document, users should assume that any electronic corresponded that finds its way to Google's servers can and may be full accessed and used for a whole slew of purposes, including selling ads.
Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.' Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
Of course, Google emphasizes the more practical purposes of the questionable privacy policy; every time you type in keyword or run a search filter, in order to pilfer through your messages, Google has to scan the actual email. They go on to claim that a ruling against this method would hinder and "criminalize" their basic business practices, stating:
In practice, plaintiffs’ theory would prevent ECS providers from providing a host of normal services that Congress could not possibly have intended to criminalize as an illegal interception. For example, an ECS provider could not allow users to sort their emails using automated filters because any such system would require scanning the contents of the emails being delivered to the user, thus running afoul of plaintiffs’ theory. Nor could an ECS provider provide even basic features like allowing users to search their own emails for particular key terms because doing so would, again, involve the scanning of email content.
Still, Google's explicit belief that its users lack an inherent right to privacy is more than a little disconcerting in light of how this might translate to compliance with NSA requests. And this has Consumer Watchdog more than a little upset. In a statement to RT, Privacy Project director John M. Simpson says:
Google's brief uses a wrong-headed analogy; sending an email is like giving a letter to the Post Office. I expect the Post Office to deliver the letter based on the address written on the envelope. I don't expect the mail carrier to open my letter and read it. Similarly when I send an email, I expect it to be delivered to the intended recipient with a Gmail account based on the email address; why would I expect its content will be intercepted by Google and read?
And with all this coming out just days after the news of two secure, subscription email services shutting down after alluding to vague "outside pressures," the matter of a user's right to privacy is becoming at the same time all the more important and increasingly hazy. You can read the the brief in full below. [RT]
Update: Just to be clear, the quote that troubled Consumer Watchdog was originally from the Smith v. Maryland Supreme Court ruling and was cited by Google in their motion as a means of supporting their argument. The full quote and context (found on pg. 19 of the motion) follow:
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979). In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems.
Image: Shutterstock/Sven Hoppe