Date: Tue, 14 Sep 2004 21:00:54 -0700 (PDT)
From: Matt Hanson <[EMAIL PROTECTED]>
Subject: More on gmail worth posting
Presumably you have a Gmail account,
and do not object to Google's policies
But many of us will not send mail to gmail.com ...
Problem 1: Gmail is nearly immortal
Google offers 1 gig of storage, which is many times the storage offered by Yahoo or
Hotmail, or other Internet service providers that we know about. The powerful
searching encourages account holders to never delete anything. It takes three clicks
to put a message into the trash, and more effort to delete this message. It's much
easier to "archive" the message, or just leave it in the inbox and let the powerful
searching keep track of it. Google admits that even deleted messages will remain on
their system, and may also be accessible internally at Google, for an indefinite
period of time.
Google has been spinning their original position in press interviews, and with an
informal page described as "a few words about privacy and Gmail." When we see fresh
material from Google, we check the modification date at the bottom of the terms-of-use
page and privacy page for Gmail. If these dates are still April 6 and April 8, we know
that nothing has changed. Google can modify these pages too, any way they want and
whenever they want, unilaterally. But at least these two pages carry slightly more
legal weight than other pages, because Google should attempt to notify users of
significant changes in these formal policies.
A new California law, the Online Privacy Protection Act, went into effect on July 1,
2004. Google changed their main privacy policy that same day because the previous
version sidestepped important issues and might have been illegal. For the first time
in Google's history, the language in their new policy makes it clear that they will be
pooling all the information they collect on you from all of their various services.
Moreover, they may keep this information indefinitely, and give this information to
whomever they wish. All that's required is for Google to "have a good faith belief
that access, preservation or disclosure of such information is reasonably necessary to
protect the rights, property or safety of Google, its users or the public." Google,
you may recall, already believes that as a corporation they are utterly incapable of
bad faith. Their corporate motto is "Don't be evil," and they even made sure that the
Securities and Exchange Commission got this message in Google's
IPO filing.
Google's policies are essentially no different than the policies of Microsoft, Yahoo,
Alexa and Amazon. However, these others have been spelling out their nasty policies in
detail for years now. By way of contrast, we've had email from indignant Google fans
who defended Google by using the old privacy language -- but while doing so they
arrived at exactly the wrong interpretation of Google's actual position! Now those
emails will stop, because Google's position is clear at last. It's amazing how a vague
privacy policy, a minimalist browser interface, and an unconventional corporate
culture have convinced so many that Google is different on issues that matter.
After 180 days in the U.S., email messages lose their status as a protected
communication under the Electronic Communications Privacy Act, and become just another
database record. This means that a subpoena instead of a warrant is all that's needed
to force Google to produce a copy. Other countries may even lack this basic
protection, and Google's databases are distributed all over the world. Since the
Patriot Act was passed, it's unclear whether this ECPA protection is worth much
anymore in the U.S., or whether it even applies to email that originates from
non-citizens in other countries.
Google's relationships with government officials in all of the dozens of countries
where they operate are a mystery, because Google never makes any statements about
this. But here's a clue: Google uses the term "governmental request" three times on
their terms-of-use page and once on their privacy page. Google's language means that
all Gmail account holders have consented to allow Google to show any and all email in
their Gmail accounts to any official from any government whatsoever, even when the
request is informal or extralegal, at Google's sole discretion. Why should we send
email to Gmail accounts under such draconian conditions?
Problem 2: Google's policies do not apply
The phrasing and qualifiers in the Gmail privacy policy are creepy enough, but nothing
in any of Google's policies or public statements applies to those of us who don't have
Gmail accounts. Google has not even formally stated in their privacy policy that they
will not keep a list of keywords scanned from incoming email, and associate these with
the incoming email address in their database. They've said that their advertisers
won't get personally identifiable information from email, but that doesn't mean that
Google won't keep this information for possible future use. Google has never been
known to delete any of the data they've collected, since day one. For example, their
cookie with the unique ID in it, which expires in 2038, has been tracking all of the
search terms you've ever used while searching their main index.
Problem 3: A massive potential for abuse
If Google builds a database of keywords associated with email addresses, the
potential for abuse is staggering. Google could grow a database that spits out the
email addresses of those who used those keywords. How about words such as "box
cutters" in the same email as "airline schedules"? Can you think of anyone who might
be interested in obtaining a list of email addresses for that particular combination?
Or how about "mp3" with "download"? Since the RIAA has sent subpoenas to Internet
service providers and universities in an effort to identify copyright abusers, why
should we expect Gmail to be off-limits?
Intelligence agencies would love to play with this information. Diagrams that show
social networks of people who are inclined toward certain thoughts could be generated.
This is one form of "data mining," which is very lucrative now for high-tech firms,
such as Google, that contract with federal agencies. Email addresses tied to keywords
would be perfect for this. The fact that Google offers so much storage turns Gmail
into something that is uniquely dangerous and creepy.
Problem 4: Inappropriate ad matching
We don't use Gmail, but it is safe to assume that the ad matching is no better in
Gmail, than it is in news articles that use contextual ad feeds from Google. Here's a
screen shot that shows an inappropriate placement of Google ads in a news article. We
also read about a lawyer who is experimenting with Gmail. He sent himself a message,
and discovered that the law practice footer he uses at the bottom of all of his email
triggered an ad for a competing law firm.
Another example is seen in the Google ads at the bottom of this story about Brandon
Mayfield. There are two ads. One mentions sexual assault charges (sex has nothing to
do with the story), and the other is about anti-terrorism. The entire point of this
article, as well as a New York Times piece on May 8, 2004, is that a lawyer has had
his career ruined due to overreaction by the FBI, based on disputed evidence. He was
arrested as a material witness and his home and office were searched. The NYT (page
A12) says that "Mr. Mayfield was arrested before investigators had fully examined his
phone records, before they knew if he had ever met with any of the bombing suspects,
before they knew if he had ever traveled to Spain or elsewhere overseas. His relatives
said he had not been out of the United States for 10 years." The only evidence is a
single fingerprint on a plastic bag, and some FBI officials have raised questions
about whether this print is a match. While Mr. Mayfield will get his
day in court, it appears that Google's ads have already convicted him, and for good
measure added some bogus sexual assault charges as well. Would Mr. Mayfield be
well-advised to send email to Gmail account holders to plead his case?
Our last example shows three ads fed by Google at the bottom of a Washington Post
column titled "Gmail leads way in making ads relevant." The columnist argues that
Google's relevant ads improve the web, and therefore she finds nothing objectionable
about Gmail. These Google-approved ads offer PageRank for sale, something which only a
year ago, Google would have considered high treason. Yes, these ads are "relevant" --
the column is about Google, and the ads are about PageRank. But here's the point: A
relevant ad that shows poor judgment is much worse than an irrelevant ad that shows
poor judgment. The ads at the bottom of her column disprove her pro-Google arguments.
She has no control over this, and is probably not even aware that it happened.
Most writers, even if they are only writing an email message instead of a column in a
major newspaper, have more respect for their words than Google does. Don't expect
these writers to answer their Gmail.
Esther Dyson, queen of the digerati, gets it wrong
"We're not going to have any choice but to send mail to people >
---------------------------------
Transfer interrupted!il world," says Daniel Brandt, founder of the Google-Watch.org
Web site. "And what guarantees do we have that all this won't end up on some
bureaucrat's desk at some intelligence agency someday?" But those who support Gmail
say such privacy concerns are not Google issues so much as constitutional ones, best
addressed to Congress and law-enforcement agencies. "They've got a beef with the wrong
person. The problem there is the FBI, not Google," says Dyson. "And in the scheme of
things, I'd rather have Google than my employer have access to my personal mail." --
Baltimore Sun, 20 May 2004
The point is this: Some two-thirds of all Google searches come in from outside the
U.S., and Gmail will also have a global reach. We're not dealing with only the FBI
(and yes, the same privacy advocates who oppose Gmail are dealing with the FBI), but
potentially with hundreds of agencies in dozens of countries. Google has no data
retention policies, and never comments on their relationships with governments. The
problem must be addressed at the source, which is Google. Elitist digerati do a
disservice to the entire world when they assume such narrow points of view.
For more information
Your cookie tastes better to Google with your email address
Undeleted personal files can haunt you (just ask Sergey)
Thirty-one organizations urge Google to suspend Gmail
Gmail and the privacy issue: a FAQ with more links
Mark Rasch: "Google's Gmail: spook heaven?"
This is for your copy-and-paste convenience:Dear Gmail user: Due to privacy
considerations, we cannot respond unless you resend your email from a different
account. For more information, please visit www.gmail-is-too-creepy.com
our creepy traffic graphs about us
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
