Presumably you have a Gmail account,
and do not object to Google’s policies
But many of us will not send mail to gmail.com …
Problem 1: Gmail is nearly immortal
Google offers more storage for your email than other Internet service
providers that we know about. The powerful searching encourages account
holders to never
delete anything. It’s easier to just leave it in the inbox and let the
powerful searching keep track of it. Google admits that deleted messages
will remain on their system, and may be accessible internally at Google,
for an indefinite period of time.
A new California law, the Online Privacy Protection Act,
went into effect on July 1, 2004. Google changed their
main privacy policy that same day because the
previous
version sidestepped important issues and might have been
illegal. For the first time in Google’s history, the language in
their new policy made it clear that they will be pooling all the
information they collect on you from all of their various services.
Moreover, they may keep this information indefinitely, and give
this information to whomever they wish. All that’s required is for
Google to “have a good faith belief that access, preservation or
disclosure of such information is reasonably necessary to protect
the rights, property or safety of Google, its users or the public.”
Google, you may recall, already believes that as a corporation they
are utterly incapable of bad faith. Their corporate motto is
“Don’t be evil,” and they even made sure that the Securities and
Exchange Commission got this message in Google’s IPO filing.
Google’s policies are essentially no different than the policies
of Microsoft, Yahoo, Alexa and Amazon. However, these others have
been spelling out their nasty policies in detail for years now.
By way of contrast, we’ve had email from indignant Google fans who
defended Google by using the old privacy language — but while
doing so they arrived at exactly the wrong interpretation of
Google’s actual position! Now those emails will stop, because
Google’s position is clear at last. It’s amazing how a vague
privacy policy, a minimalist browser interface, and an
unconventional corporate culture have convinced so many that
Google is different on issues that matter.
After 180 days in the U.S., email messages lose their status as a
protected communication under the Electronic Communications Privacy
Act, and become just another database record. This means that a
subpoena instead of a warrant is all that’s needed to force Google
to produce a copy. Other countries may even lack this basic
protection, and Google’s databases are distributed all over the
world. Since the Patriot Act was passed, it’s unclear whether this
ECPA protection is worth much anymore in the U.S., or whether it
even applies to email that originates from non-citizens in other
countries.
Google’s relationships with government officials in all of the
dozens of countries where they operate are a mystery, because
Google never makes any statements about this. But here’s a clue:
Google uses the term “governmental request” three times on their
terms-of-use page and once on their privacy page. Google’s language
means that all Gmail account holders have consented to allow Google
to show any and all email in their Gmail accounts to any official
from any government whatsoever, even when the request is informal
or extralegal, at Google’s sole discretion. Why should we send
email to Gmail accounts under such draconian conditions?
Problem 2: Google’s policies
do not apply
The phrasing and qualifiers in the Gmail privacy policy are creepy
enough, but nothing in any of Google’s policies or public
statements applies to those of us who don’t have Gmail accounts.
Google has not even formally stated in their privacy policy that they
will not keep a list of keywords scanned from incoming email, and
associate these with the incoming email address in their database.
They’ve said that their advertisers won’t get personally
identifiable information from email, but that doesn’t mean that
Google won’t keep this information for possible future use. Google
has never been known to delete any of the data they’ve collected,
since day one. For example, their cookie with the unique ID in it,
which expires in 2038, has been tracking all of the search terms
you’ve ever used while searching their main index.
Keyhole, the satellite imaging company that Google
acquired in October 2004, was funded by the CIA.
“We are moving to a Google that knows more about you.”
—Google CEO Eric Schmidt, February 9, 2005
You can use Scroogle
to get Google without the tracking!
no ads · 28 languages
|
Problem 3: A massive
potential for abuse
If Google builds a database of keywords associated with email
addresses, the potential for abuse is staggering. Google could grow
a database that spits out the email addresses of those who used
those keywords. How about words such as “box cutters” in the same
email as “airline schedules”? Can you think of anyone who might be
interested in obtaining a list of email addresses for that
particular combination? Or how about “mp3″ with “download”?
Since the RIAA has sent subpoenas to Internet service providers
and universities in an effort to identify copyright abusers, why
should we expect Gmail to be off-limits?
Intelligence agencies would love to play with this information.
Diagrams that show social networks of people who are inclined toward
certain thoughts could be generated. This is one form of “data mining,”
which is very lucrative now for high-tech firms, such as Google,
that contract with federal agencies. Email addresses tied to keywords
would be perfect for this. The fact that Google offers so much storage
turns Gmail into something that is uniquely dangerous and creepy.
Problem 4: Inappropriate ad
matching
We don’t use Gmail, but it is safe to assume that the ad matching
is no better in Gmail, than it is in news articles that use contextual
ad feeds from Google. Here’s a
screen
shot that shows an inappropriate placement of Google ads in a
news article. We also read about a lawyer who is experimenting with
Gmail. He sent himself a message, and discovered that the law
practice footer he uses at the bottom of all of his email triggered
an ad for a competing law firm.
Another example is seen in the Google ads at the bottom of this
story
about Brandon Mayfield. There are two ads. One mentions sexual
assault charges (sex has nothing to do with the story), and the
other is about anti-terrorism. The entire point of this article, as
well as a New York Times piece on May 8, 2004, is that a lawyer
has had his career ruined due to overreaction by the FBI, based on
disputed evidence. He was arrested as a material witness and his
home and office were searched. The NYT (page A12) says that
“Mr. Mayfield was arrested before investigators had fully examined
his phone records, before they knew if he had ever met with any of
the bombing suspects, before they knew if he had ever traveled to
Spain or elsewhere overseas. His relatives said he had not been
out of the United States for 10 years.” The only evidence is a
single fingerprint on a plastic bag, and some FBI officials have
raised questions about whether this print is a match. While Mr.
Mayfield will get his day in court, it appears that Google’s ads
have already convicted him, and for good measure added some bogus
sexual assault charges as well. Would Mr. Mayfield be well-advised
to send email to Gmail account holders to plead his case?
The Wichita Eagle is pleased to present Google’s recommendation
for an alarm company that can “protect your home and family.” One tiny
problem is that the trigger for this ad is an article about an alarm
installer who worked for this company for 14 years, while moonlighting as a
serial killer.
Our last example shows three ads fed by Google at the bottom of
a Washington Post column titled “Gmail leads way in making
ads relevant.” The columnist argues that Google’s relevant ads
improve the web, and therefore she finds nothing objectionable
about Gmail. These Google-approved ads
offer
PageRank for sale, something which only a year ago, Google would
have considered high treason. Yes, these ads are “relevant” — the
column is about Google, and the ads are about PageRank. But here’s the
point: A relevant ad that shows poor judgment
is much worse than an irrelevant ad that shows poor judgment.
The ads at the bottom of her column disprove her pro-Google arguments.
She has no control over this, and is probably not even aware that
it happened.
Most writers, even if they are only writing an email message
instead of a column in a major newspaper, have more respect for
their words than Google does. Don’t expect these writers to
answer their Gmail.
Esther Dyson, queen of the digerati, gets it wrong
“We’re not going to have any choice but to send mail to people at
Gmail just to function in the e-mail world,” says Daniel Brandt,
founder of the Google-Watch.org Web site. “And what guarantees do
we have that all this won’t end up on some bureaucrat’s desk at
some intelligence agency someday?” But those who support Gmail say
such privacy concerns are not Google issues so much as constitutional
ones, best addressed to Congress and law-enforcement agencies.
“They’ve got a beef with the wrong person. The problem there is the
FBI, not Google,” says Dyson. “And in the scheme of things, I’d
rather have Google than my employer have access to my personal
mail.” — Baltimore Sun, 20 May 2004
The point is this: Some two-thirds of all Google searches
come in from outside the U.S., and Gmail will also have a global
reach. We’re not dealing with only the FBI (and yes, the same
privacy advocates who oppose Gmail are dealing with the
FBI), but potentially with hundreds of agencies in dozens of
countries. Google has no data retention policies, and never
comments on their relationships with governments. The problem must
be addressed at the source, which is Google. Elitist digerati do a
disservice to the entire world when they assume such narrow points
of view. |
Privacy: Not enough, and too
much!
While there’s no privacy for non-Gmail users who receive mail from a Gmail
account and might want to reply, there is too much privacy for those who
use Gmail to send spammy, abusive, or threatening messages. Unlike
Hotmail, Yahoo mail, and most other web mail services, browser-based Gmail
does not show the originating IP address in the header. This means that system
administrators who are trying to stop abuse cannot identify a Gmail abuser
without asking Google for assistance. And normal users, assuming they can
read headers, cannot check the identity of someone sending from Gmail.
(With an IP address, you can at least do a quick check on the country or
city of origin by looking it up at dnsstuff.com or some
similiar service.) Since Google always seems to be too busy making
billions to bother with complaints, many decide it’s easier to just say
“no” to all Gmail.
|
For more information
Your cookie tastes
better with your email address
Thirty-one
organizations ask Google to suspend Gmail
Privacy? Who
cares about privacy?
Gmail and
the privacy issue: a FAQ with more links
Mark Rasch:
“Google’s Gmail: spook heaven?”
This is for your copy-and-paste convenience:
Dear Gmail user: Due to privacy
considerations, we cannot respond unless you resend your email from a
different account. For more information, please visit www.gmail-is-too-creepy.com
|
