GMail Privacy Kerfuffle


On April 1, Google announced Gmail, its new free webmail service, which features an unprecedented 1GB of storage. Google plans to generate revenue from this service by placing advertising in the service. The major free webmail providers, including Yahoo! and Hotmail, sell advertising banners in their services. Google will provide context-related text advertising in GMail. Google already provides contextual advertising for searches and to third-party websites who use the AdSense service.
Some privacy advocates are concerned that Google will be scanning the content of its users’ emails. A letter from 28 privacy and civil liberties organizations to Google CEO Sergei Brin:

Google’s proposed Gmail service and the practices and policies of its business units raise significant and troubling questions.
First, Google has proposed scanning the text of all incoming emails for ad placement. The scanning of confidential email violates the implicit trust of an email service provider. Further, the unlimited period for data retention poses unnecessary risks of misuse.
Second, Google’s overall data retention and correlation policies are problematic in their lack of clarity and broad scope. Google has not set specific, finite limits on how long it will retain user account, email, and transactional data. And Google has not set clear written policies about its data sharing between business units.
Third, the Gmail system sets potentially dangerous precedents and establishes reduced expectations of privacy in email communications. These precedents may be adopted by other companies and governments and may persist long after Google is gone.

The privacy policy for Gmail is still a work in progress. The most troubling aspect of the privacy policy
Internet e-mail is an insecure means of communications and users should avoid sending confidential information unencrypted across the internet because the messages may be intercepted and read while in transit. So long as Google does not log data about the keywords extracted from e-mail, this is the least objectionable privacy concern about the Gmail service. Already, many e-mail providers scan e-mail messages for spam or virus contents. Email users are free to choose other webmail services if they are uncomfortable with Google inserting contextual ads next to their inboxes.
Other concerns include identifiability and record retention. EFF Deep Links reports that Your Gmail Email Address Can Be Linked to Your Search History. This changes Google’s search data from being at least somewhat anonymous to becoming linked to an identity. EFF recommends that Gmail users frequently delete their Google cookie. Google could de-link search records from e-mail identity by using separate cookies and user id’s for search and Gmail.
Google’s fuzzy data retention policies are troubling. When a Gmail user deletes a message from her Gmail account, that message may not be immediately deleted from the system, but instead live on in a limbo where a deleted message may be recoverable long after a user thinks that message has vanished.
Going to extremes, California State Senator Liz Figuero plans to introduce legislation to prohibit scanning personal e-mail for advertising purposes. BBC News: Google’s Gmail Could Be Blocked. ClickZ: Lawmaker Voices Google Privacy Concerns

Figueroa called the tradeoff of contextual ads for greater storage and other enhancements a Faustian bargain.
“They will be scanning your private e-mail,” Figueroa [said]. “You may say that’s fine and dandy, but I may not like it. To what extent are we giving up privacy?”

Eugene Volokh responds, Please Save Us From Ourselves, Ms. Legislator:

 I realize that there are sometimes plausible arguments for saving people from their own folly; I don’t always agree with them, but I respect them — for instance, if their folly seems likely to get them killed (consider bans on dueling, seat belt laws, and the like), or likely to get them addicted and thus drastically diminish their ability to undo their error (that’s a common justification for bans on certain drugs), or likely to seriously harm others as well as themselves.
What’s striking about this proposal is how utterly inapplicable those arguments are here. The Nanny State (or, at this point, one of its directors) is trying to save us from the irreversible, appalling horror of getting custom-tailored advertising based on the context of our e-mail. We’re in trouble indeed.

Andrew Raff @andrewraff