What's behind gmail? (no privacy)

[Guest guest]

 

Thursday, March 02, 2006 1:14 PM

what's behind gmail?

 

http://www.scroogle.org/cgi-bin/nbgw.cgi?Na=privacy+gmail & x=16 & y=12

1. appeal.html Google-Watch appeals to the American Library Association As you may recall, since you reprinted my nine "Big Brother" points about Google in your newsletter about 18 months ago, I run the site www.google-watch.org. There are issues with Google that have come to light since then. Today the privacy situation is more serious than the points I made 18 months ago. These issues were exposed due to Google's introduction of Gmail last April. Since then Google has admitted that they use a single cookie with a unique ID in it across all of their various services. We already know that they save the IP address and search terms of all searches done at Google, in2. appeal.html Google-Watch appeals to the American Library Association libraries to digitize a portion of their collections. This has been in the news during the past few days. (If not, you can search for "google" and "libraries" on any current news site.) I was one of the signers of the letter at www.privacyrights.org/ar/GmailLetter.htm. Now I am interested in helping put out a similar letter with respect to Google's plans to digitize material from libraries. It is my feeling that those librarians who contract with Google for3. gcook.html Gmail Privacy AlertGmail Privacy Alert Google covets your email address (It's delicious with a cookie)4. gcook.html Gmail Privacy Alert Mr. Rosing said Google did not create links between users' search activity and their Gmail accounts. "We have no immediate plans to do so in the future," he said. What Google really wants to say: "As soon as those privacy nuts with the tin-foil hats grow tired and leave us alone, we can get on with our Master Plan." Evil update: On July 1, 2004, Google modified their main privacy policy to comply with a new California law. Here is the zinger: "If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our services."5. gmail.html Gmail is too creepy delete anything. It's easier to just leave it in the inbox and let the powerful searching keep track of it. Google admits that deleted messages will remain on their system, and may be accessible internally at Google, for an indefinite period of time. A new California law, the Online Privacy Protection Act, went into effect on July 1, 2004. Google changed their main privacy policy that same day because the previous version sidestepped important issues and might have been illegal. For the first time in Google's history, the language in their new policy made it clear that they will be pooling all the information they collect on you from all of their various services. Moreover, they may keep this information indefinitely, and give6. gmail.html Gmail is too creepy Google's policies are essentially no different than the policies of Microsoft, , Alexa and Amazon. However, these others have been spelling out their nasty policies in detail for years now. By way of contrast, we've had email from indignant Google fans who defended Google by using the old privacy language -- but while doing so they arrived at exactly the wrong interpretation of Google's actual position! Now those emails will stop, because Google's position is clear at last. It's amazing how a vague privacy policy, a minimalist browser interface, and an unconventional corporate culture have convinced so many that Google is different on issues that matter. After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this

7. gmail.html Gmail is too creepy Google's relationships with government officials in all of the dozens of countries where they operate are a mystery, because Google never makes any statements about this. But here's a clue: Google uses the term "governmental request" three times on their terms-of-use page and once on their privacy page. Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. Why should we send email to Gmail accounts under such draconian conditions? Problem 2: Google's policies do not apply The phrasing and qualifiers in the Gmail privacy policy are creepy enough, but nothing in any of Google's policies or public statements applies to those of us who don't have Gmail accounts. Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database. They've said that their advertisers won't get personally identifiable information from email, but that doesn't mean that Google won't keep this information for possible future use. Google has never been known to delete any of the data they've collected,8. gmail.html Gmail is too creepy "We're not going to have any choice but to send mail to people at Gmail just to function in the e-mail world," says Daniel Brandt, founder of the Google-Watch.org Web site. "And what guarantees do we have that all this won't end up on some bureaucrat's desk at some intelligence agency someday?" But those who support Gmail say such privacy concerns are not Google issues so much as constitutional ones, best addressed to Congress and law-enforcement agencies. "They've got a beef with the wrong person. The problem there is the FBI, not Google," says Dyson. "And in the scheme of things, I'd rather have Google than my employer have access to my personal mail." -- Baltimore Sun, 20 May 2004 The point is this: Some two-thirds of all Google searches come in from outside the U.S., and Gmail will also have a global reach. We're not dealing with only the FBI (and yes, the same privacy advocates who oppose Gmail are dealing with the FBI), but potentially with hundreds of agencies in dozens of countries. Google has no data retention policies, and never comments on their relationships with governments. The problem must be addressed at the source, which is Google. Elitist digerati do a disservice to the entire world when they assume such narrow points of view. Privacy: Not enough, and too much! While there's no privacy for non-Gmail users who receive mail from a Gmail account and might want to reply, there is too much privacy for those who use Gmail to send spammy, abusive, or threatening messages. Unlike Hotmail, mail, and most other web mail services, browser-based Gmail does not show the originating IP address in the header. This means that system administrators who are trying to stop abuse cannot identify a Gmail abuser without asking Google for assistance. And normal users, assuming they can read headers, cannot check the identity of someone sending from Gmail.9. gmail.html Gmail is too creepy Thirty-one organizations urge Google to suspend Gmail Privacy? Who cares about privacy? Gmail and the privacy issue: a FAQ with more links Mark Rasch: "Google's Gmail: spook heaven?" This is for your copy-and-paste convenience: Dear Gmail user: Due to privacy considerations, we cannot respond unless you resend your email from a different account. For more information, please visit www.google-watch.org/gmail.html Back to home page10. goog-s3.html Form S-3 Table of Contents "Google" brand, or if we incur excessive expenses in this effort, our business, operating results and financial condition will be materially and adversely affected. We anticipate that, as our market becomes increasingly competitive, maintaining and enhancing our brand may become increasingly difficult and expensive. Maintaining and enhancing our brand will depend largely on our ability to be a technology leader and to continue to provide high quality products and services, which we may not do successfully. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">People have in the past expressed, and may in the future express, objections to aspects of our products. For example, people have raised privacy concerns relating to the ability of our Gmail email service to match relevant ads to the content of email messages. In addition, some individuals and organizations have raised objections to our scanning of copyrighted materials from library collections for use in our Google Print product. Aspects of our future products may raise similar public concerns. Publicity regarding such concerns could harm our brand. In addition, members of the Google Network and other third parties may take actions that could impair the value of our brand. We are aware that third parties, from time to time, use "Google" and similar variations in their domain names without our approval, and our brand may be harmed if users and advertisers associate these domains with us. Proprietary document formats may limit the effectiveness of our search technology by preventing our technology from accessing the content of documents in such formats which could limit the effectiveness of our products and services. STYLE="margin-top:0px;margin-bottom:-6px"> A large amount of information on the Internet is provided in proprietary

11. goog-s3.html Form S-3 STYLE="margin-top:0px;margin-bottom:0px"> Index spammers could harm the integrity of our web search results, which could damage our reputation and cause our users to be dissatisfied with our products and services. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">There is an ongoing and increasing effort by "index spammers" to develop ways to manipulate our web search results. For example, because our web search technology ranks a web page's relevance based in part on the importance of the web sites that link to it, people have attempted to link a group of web sites together to manipulate web search results. We take this problem very seriously because providing relevant information to users is critical to our success. If our efforts to combat these and other types of index spamming are unsuccessful, our reputation for delivering relevant information could be diminished. This could result in a decline in user traffic, which would damage our business. SIZE="2">Privacy concerns relating to elements of our technology could damage our reputation and deter current and potential users from using our products and services. SIZE="1"> From time to time, concerns may be expressed about whether our products and services compromise the privacy of users and others. Concerns about our collection, use or sharing of personal information or other privacy-related matters, even if unfounded, could damage our reputation and operating results. For example, several groups raised privacy concerns in connection with our Gmail free email service which we announced in April 2004, and these concerns attracted a significant amount of public commentary and attention. The concerns relate principally to the fact that Gmail uses computers to match advertisements to the content of a user's email 12 Table of Contents message when email messages are viewed using the Gmail service. Privacy concerns have also arisen with products that enable the storage of search histories, facilitate the accelerated delivery of web pages, and provide improved access to personal information that is already publicly available, but that we have made more readily accessible by the public. STYLE="margin-top:0px;margin-bottom:0px"> Our business is subject to a variety of U.S. and foreign laws that could subject us to claims or other remedies based on the nature and content of the information searched or displayed by our products and services, and could limit our ability to provide information regarding regulated industries and products. The laws relating to the liability of providers of online services for activities of their users are currently unsettled both within the U.S. and abroad. Claims have been threatened and filed under both U.S. and foreign law for defamation, libel, invasion of privacy and other data protection claims, tort, unlawful activity, copyright or trademark infringement, or other theories based on the nature and content of the materials searched and the ads posted or the content generated by our users. From time to time we have received notices from individuals who do not want their names or web sites to appear in our web search results when certain keywords are searched. It is also possible that we could be held liable for misinformation provided over the web when that information appears in our web search results. If one of these complaints results in liability to us, it could be potentially costly, encourage similar lawsuits, distract management and harm our reputation and possibly our business. In addition, increased attention focused on these issues and legislative proposals could harm our reputation or otherwise affect the growth of our business. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">The application to us of existing laws regulating or requiring licenses for certain businesses of our advertisers, including, for example, distribution of pharmaceuticals, adult content, financial services, alcohol or firearms, can be unclear. Existing or new legislation could expose us to substantial liability, restrict our ability to deliver services to our users, limit our ability to grow and cause us to incur significant expenses in order to comply with such laws and regulations. Several other federal laws could have an impact on our business. Compliance with these laws and regulations is complex and may impose significant additional costs on us. For example, the Digital Millennium Copyright Act has provisions that limit, but do not eliminate, our liability for listing or linking to third-party web sites that include materials that infringe copyrights or other rights, so long as we comply with the statutory requirements of this act. The Children's Online Protection Act and the Children's Online Privacy Protection Act restrict the distribution of materials considered harmful to children and impose additional restrictions on the ability of online services to collect information from minors. In addition, the Protection of Children from Sexual Predators Act of 1998 requires online service providers to report evidence of violations of federal child pornography laws under certain circumstances. Any failure on our part to comply with these regulations may subject us to additional liabilities. We also face risks associated with international data protection. The interpretation and application of data protection laws in Europe and elsewhere are still uncertain and in flux. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data practices. If so, in addition to the possibility of fines, this could result in an order requiring that we change our data practices, which in turn could have a material effect on our business. We also face risks from legislation that could be passed in the future. For example, there is a risk that state legislatures will attempt to regulate the automated scanning of email messages in ways that interfere with our Gmail free advertising-supported web mail service. Any such

12. index.html Google Watch Google Watch Google's monopoly,algorithms, and privacy policies Refresh or click the cartoon to see a new one --ð Google v. copyright Big Broother is well-connected Creepy Gmail Rotten cookie13. playboy.html Playboy Interview: Google Guys SIZE="4">PLAYBOY: But there's a catch. You have stated that you will scan e-mail in order to target advertisements based on its content. As a San Jose Mercury News columnist wrote, "If Google ogles your e-mail, could Ashcroft be far behind?" BRIN: When people first read about this feature, it sounded alarming, but it isn't. The ads correlate to the message you're reading at the time. We're not keeping your mail and mining it or anything like that. And no information whatsoever goes out. PLAYBOY: Regardless, it's analogous to someone looking over our shoulder as we write private messages. FACE="Times New Roman" SIZE="4">PAGE: You should trust whoever is handling your e-mail. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">BRIN: We need to be protective of the mail and of people's privacy. If you have people's e-mail, you have to treat that very seriously. We do. Everyone who handles e-mail has that responsibility. SIZE="4">PLAYBOY: The Electronic Privacy Information Center equates such monitoring with a telephone operator listening to your conversations and pitching ads while you talk. SIZE="3"> BRIN: That's what Hotmail and do, don't forget. They have big ads that interfere with your ability to use your mail. Our ads are more discreet and off to the side. Yes, the ads are related to what you are looking at, but that can make them more useful. SIZE="3"> PAGE: During Gmail tests, people bought lots of things using the ads. STYLE="margin-top:0px;margin-bottom:0px"> B-414. playboy.html Playboy Interview: Google Guys BRIN: Today I got a message from a friend saying I should prepare a toast for another friend's birthday party. Off to the side were two websites I could go to that help prepare speeches. I like to make up my own speeches, but it's a useful link if I want to take advantage of it. STYLE="margin-top:0px;margin-bottom:0px"> PLAYBOY: Even that sounds ominous. We may not want anyone-or any machine-knowing we're giving a speech at a friend's birthday party. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">BRIN: Any web mail service will scan your e-mail. It scans it in order to show it to you; it scans it for spam. All I can say is that we are very up-front about it. That's an important principle of ours. SIZE="4">PLAYBOY: But do you agree that it raises a privacy issue? If you scan for keywords that will trigger ads, you could easily scan for political content. SIZE="3"> BRIN: All we're doing is showing ads. It's automated. No one is looking, so I don't think it's a privacy issue. To me, if it's a choice between big, intrusive ads and our smaller ones, it's a pretty obvious choice. I've used Gmail for a while, and I like having the ads. STYLE="margin-top:0px;margin-bottom:0px"> PLAYBOY: Do the ads pay for the extra storage space? BRIN: Yes. Targeted advertising is an important component. We could have had glaring videos appear before you look at every message. That could generate revenue too. Our ads aren't distracting; they're helpful. SIZE="3"> PAGE: I find it works well. And it's an example of the way we try to do good. It's a high-quality product. I like using it. Even if it seems a little spooky at first, it's useful, and it's a good way to support a valuable service. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">PLAYBOY: Did the outcry about the privacy issue surprise you? SIZE="3"> BRIN: Yes. The Gmail thing has been a bit of a lesson. STYLE="margin-top:0px;margin-bottom:0px"> PAGE: We learned a few things. There was a lot of debate about whether we were going to delete people's mail if they wanted it to be deleted. Obviously, you want us to have backups of your mail to protect it, but that raises privacy issues. We created a policy statement about privacy, and the attorneys probably got a little ahead of themselves. The lawyers wrote something that was not very specific. It said something like, "If you request that we delete your e-mail, it may remain on a backup system for a while." It led people to say, "Google wants to keep my deleted mail." That's not our intent at all. Since then we have added some language explaining it. We intend to try to delete it. SIZE="3"> PLAYBOY: That's not reassuring. SIZE="3"> PAGE: But you wouldn't want us to lose your mail, either. There's a trade-off. So yes, we learned some things. We could have done a better job on the messaging. In its earliest testing stages Gmail was available only to a small number of people. People started talking about it before they could try it. I didn't expect them to be so interested. We released the privacy policy, and they were very interested in that. It was all they had access to, so it sparked a lot of controversy. The more people tried Gmail, however, the more they understood it. STYLE="margin-top:0px;margin-bottom:0px"> BRIN: Journalists who tried it wrote positive reviews. PLAYBOY: With the addition of e-mail, Froogle-your new shopping site-and Google news, plus your search engine, will Google become a portal similar to , AOL or MSN? Many Internet companies were founded as portals. It was assumed that the more services you provided, the longer people would stay on your website and the more revenue you could generate from advertising and pay services. STYLE="margin-top:0px;margin-bottom:0px; text-indent:4%">PAGE: We built a business on the opposite message. We want you to come to Google and quickly find what you want. Then we're happy to send you to the other sites. In fact, that's the point. The portal strategy tries to own all of the information.

15. playboy.html Playboy Interview: Google Guys ink on Google? Is it because the founders are billionaires, scoot along on rollerblades and Segways, and have girlfriends? The most remarkable thing about Google is not their "Don't be evil" mantra, but that so many forget to gag on it. For starters, Google is the biggest privacy invader in history. They track the search terms you use with a unique ID number in a cookie that expires in 2038. If you have ever given Google your e-mail address, then this ID can identify you as a person. When you sign up for News Alerts or to post on newsgroups, or indicate an interest in a Gmail account, or request that Google delete your telephone number with its zoom-in street map to your house, they associate your e-mail address with your cookie ID. This single cookie, and the information associated with it, is shared among all of Google's services. This sharing was finally admitted by Google in their privacy policy of July 1, 2004. That was the day that a new California law went into effect, making it illegal to use misleading language in such policies. The previous policy hadn't been updated in four years. It allowed Google's vice-president of engineering Wayne Rosing to tell the Associated Press, on April 6, 2004, that an information wall would separate Gmail from the main index search. Thanks to the new law, we now know that this is not true. There was a lot of spin from Google in April, which was when Gmail was attacked by 31 privacy groups, and Mr. Page was writing his letter for the prospectus. It was also when the Playboy interview took place. Today's browsers let you block your Google cookie. This happy circumstance is the result of privacy battles that took place in 1999-2000, the same time that Google emerged as a significant search engine. When I first saw the expiration date on their cookie, I read it as one might read a barometer: "If Google keeps getting bigger, there will be tough weather ahead for privacy advocates," I thought. Google did and there was. It amazed me that in the middle of the cookie wars, when the worst cookie I had ever seen expired after ten years, Google began sending out their 2038 cookie. Such an expiration date, the maximum16. toolbar.html Google's new toolbar maps and/or another search. Lots of local ads will fit on one of our map pages. 4. After the above three have been implemented, it won't even raise an eyebrow if we start linking keywords inside of Gmail text. If those privacy advocates get upset again, we can just open up Gmail to everyone, and the stampede to sign up for Gmail will drown out the critics. Notice how we've already stopped deleting Gmail in the trash folder after 30 days, now that the critics have dispersed.17. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven? Google's plans to run targeted advertising with the mail that you see through its new Gmail service represents a potential break for government agencies that want to use autobots to monitor the contents of electronic communications travelling across networks. Even though the configuration of the Gmail service minimises the intrusion into privacy, it represents a disturbing conceptual paradigm - the idea that computer analysis of communications is not a search. This is a dangerous legal precedent which both law enforcement and intelligence agencies will undoubtedly seize upon and extend, to the detriment of our privacy. The Gmail advertising concept is simple. When you log into the Gmail to retrieve and view your email, the service automatically scans the contents of the email and displays a relevant ad on the screen for you to see. Although it has been said that neither Google nor the advertiser "knows" the text or essence of the email18. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven? both the ads themselves and the text of the messages into which they were inserted be relevant, and therefore discoverable? I can't imagine why not. If a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy. But perhaps the most ominous thing about the proposed Gmail service is the often-heard argument that it poses no privacy risk because only computers are scanning the email. I would argue that it makes no difference to our privacy whether the contents of communications are read by people or by computers programmed by people. My ISP offers spam filtering, spyware blocking and other filtering of email (with my consent) based at least partially on the content of these messages. Similarly, I can consent to automated searches of my mail to translate it into another language or do

19. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven? Don't Be Echelon The government has already ventured a few steps down that road. In August 1995 the Naval Command and Control Ocean Surveillance Center detected computer attacks coming through Harvard University. Because Harvard's privacy policy did not give them the right to monitor the traffic, federal prosecutors obtained a court ordered wiretap for all traffic going through Harvard's computer systems to look for packets that met certain criteria. Literally millions of electronic communications from innocent users of Harvard's system were analysed by a en read pursuant to the court order. In a press release, the U.S. Attorney for Massachusetts explained, "We intercepted only those communications which fit the pattern. Even when communications contained the identifying pattern of the intruder, we limited our initial examination ... to further protect the privacy of innocent communications." Thus, the government believed that the "interception" did not occur when the computer analysed the packets, read their contents, and flagged them for human viewing. Rather, the government believed that only human reading impacted a legitimate privacy interest. The U.S. Attorney went on to state, "This is a case of cyber-sleuthing, a glimpse of what computer crime fighting will look like in the coming years. We have made enormous strides in developing the investigative tools to track down individuals who misuse these vital computer networks." Then-Attorney General Reno added that the process of having computers analyse the intercepted messages was an20. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven? But imagine if the government were to put an Echelon-style content filter on routers and ISPs, where it examines billions of communications and "flags" only a small fraction (based upon, say, indicia of terrorist activity). Even if the filters are perfect and point the finger only completely guilty people, this activity still invades the privacy rights of the billions of innocent individuals whose communications pass the filter. Simply put, if a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy. Google may also argue that its computers do not learn the contents of the message while in transmission but only contemporaneously with the recipient, making wiretap law inapplicable. That argument, while technically accurate, is somewhat fallacious. If taken to its logical extreme, electronic communications are never intercepted in21. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail 31 organizations urge Google to suspend Gmail http://www.privacyrights.org/ar/GmailLetter.htm Twenty Eight Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail Posted: Released April 6, 2004 Updated April 19, 2004 Contact: Beth Givens, Director, Privacy Rights Clearinghouse Phone: (619) 298- 3396 bgivens (AT) privacyrights (DOT) org www.privacyrights.org Pam Dixon, Executive Director, World Privacy Forum Office: (760) 436-2489, Mobile: (760) 470-2000 info2004 (AT) worldprivacyforum (DOT) org www.worldprivacyforum.org 3100 - 5th Ave., Suite B San Diego, CA 92103 Voice: (619) 298-3396 Fax: (619) 298-5681 Web: www.privacyrights.org Contact Us: www.privacyrights.org/inquiryform.html HOME Twenty Eight Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail San Diego, CA, April 6, 2004 (Updated April 19) -- The World Privacy Forum and 30 other privacy and civil liberties organizations have written a letter [inserted below] calling upon Google to suspend its Gmail service until the privacy issues are adequately addressed. The letter also calls upon Google to clarify its written information policies regarding data retention and data sharing among its business units. The 31 organizations are voicing their concerns about Google's plan to scan the text of all incoming messages for the purposes of ad placement, noting that the scanning of confidential email for inserting third party ad content violates the implicit trust of an email service provider. The scanning creates lower expectations of privacy in the email medium and may establish dangerous precedents. Other concerns include the unlimited period for data retention that Google's current policies allow, and the potential for unintended secondary uses of the information Gmail will collect and store. ------------------ An Open Letter to Google Regarding Its Proposed Gmail Service World Privacy Forum Privacy Rights Clearinghouse and Australian Privacy Foundation Grayson Barber, Privacy Advocate Bits of Freedom (Netherlands) British Columbia Civil Liberties Association (Canada) Calegislation CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) Roger Clarke, Privacy Research and Advocate (Australia) Consumer Action Consumer Federation of America Consumer Federation of California Consumer Task Force for Automotive Issues Electronic Privacy Information Center Federacin de Consumidores en Accin (FACUA) (Spain) Foundation for Information Policy Research (United Kingdom) Mari Frank, Esq., Author of Identity Theft Survival Kit Simson L. Garfinkel, Author of Database Nation Edward Hasbrouck, Author and Consumer Advocate Massachusetts Consumer Assistance Council Massachusetts Consumers' Coalition National Association of Consumer Agency Administrators (NACAA) National Consumers League PrivacyActivism Privacy International (United Kingdom) Privacy Rights Now Coalition Privacy Times Private Citizen, Inc. Privaterra (Canada) Public Information Research, Inc. Utility Consumers' Action Network April 6, 2004

22. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail has not set specific, finite limits on how long it will retain user account, email, and transactional data. And Google has not set clear written policies about its data sharing between business units. Third, the Gmail system sets potentially dangerous precedents and establishes reduced expectations of privacy in email communications. These precedents may be adopted by other companies and governments and may persist long after Google is gone. We urge you to suspend the Gmail service until the privacy issues are adequately addressed. Email Scanning in Google's Proposed Gmail Service The email text scanning infrastructure that Google has built is powerful and global in reach. Google has not created written policies to date that adequately protect consumers from the unintended consequences of building this structure. It is, in fact, arguable that no policy could adequately protect consumers from future abuses. The societal consequences of initiating a global infrastructure to continually monitor the communications of individuals are significant and far-reaching with immediate and long-term privacy implications. Currently, individuals may have the understanding that Google's system is not that different in nature from scanning messages for spam, which is a common practice today. There is a fundamental difference, however. With Gmail, individuals' incoming emails will be scanned and seeded with ads. This will happen every time Gmail23. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail system into a tool for monitoring in-car conversations. How long will it be until law enforcement compels Google into a similar situation? Google has been quick to state that it does not intend to correlate or share consumer data between its business units. But unless Google puts a consumer promise into its privacy policy that states it will never correlate the data, then Google is not putting its money where its mouth is. In a nation of laws, Google needs to make its promises in writing. Gmail's Potential Conflict with International Law The Gmail system may conflict with Europe's privacy laws, specifically, Directive 95/46/EC, also called the EU Privacy Directive. This directive states, among other things, that users' consent must be informed, specific, and unambiguous (pursuant to Article 7(a) of Dir. 95/46/EC). As it has been proposed, and based on the current Gmail privacy policy, the consent of EU-based Gmail users cannot necessarily be considered informed, specific, and unambiguous in regards to the scanning, storage and further processing of their e-mails. The need for informed, specific, and unambiguous consent also applies to the potential linking of EU citizens' e-mails to their search histories. Additional issues with data retention may also exist under the EU Privacy Directive. The Dangers of Lowered Privacy Expectations in the Email Medium Ultimately, however, this discussion is not solely about Google. It is about the global tools Google is building, and the ways these tools and systems stand to alter how individuals perceive the sanctity of private communications in the electronic sphere. These perceptions and standards may persist long after Google as a24. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail may have different motivations for scanning the body of email messages. Google itself, in the absence of clear written promises and policies, may experience a change of course and choose to profit from its large stores of consumer data culled from private communications. The lowered expectations of email privacy that Google's system has the potential to create is no small matter. Once an information architecture is built, it functions much like a building -- that building may be used by many different owners, and its blueprints may be replicated in many other places. Google's technology is proprietary, but the precedents it sets are25. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail data sharing and correlation amongst its business units and partners. Respectfully submitted and signed, Pam Dixon, Executive Director World Privacy Forum Beth Givens, Director Privacy Rights Clearinghouse and the following individuals and organizations: John Corker, Chair Australian Privacy Foundation Grayson Barber Privacy Advocate Maurice Wessling Bits of Freedom (Netherlands) Murray Mollard, Executive Director British Columbia Civil Liberties Association (Canada) Dian Black, Executive Director Calegislation Katherine Albrecht, Ed.M., Founder and Director CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) Roger Clarke (Australia) Privacy Researcher, Advocate and eBusiness Consultant Ken McEldowney, Executive Director Consumer Action Jean Ann Fox, Director of Consumer Protection Consumer Federation of America

26. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail Consumer Federation of California Will deHoo, Director Consumer Task Force For Automotive Issues Chris Hoofnagle, Associate Director Electronic Privacy Information Center Francisco Sanchez Legrn, President of FACUA, Federacin de Consumidores en Accin (FACUA) (Spain) Ian Brown Foundation for Information Policy Research (United Kingdom) Mari Frank, Esq. Author of the Identity Theft Survival Kit Simson L. Garfinkel MIT Computer Science and Artificial Intelligence Laboratory Author, Database Nation: The Death of Privacy in the 21st Century Edward Hasbrouck Author and Consumer Advocate Paul Schrader, Executive Director Massachusetts Consumer Assistance Council27. cgi-bin/nb18/0059 31 organizations urge Google to suspend Gmail National Association of Consumer Agency Administrators (NACAA) Linda Golodner, President National Consumers League Deborah Pierce, Executive Director PrivacyActivism Simon Davies Privacy International (United Kingdom) Remar Sutton, Co-Founder Privacy Rights Now Coalition Evan Hendricks Privacy Times Robert Bulmash, President Private Citizen, Inc. Robert Guerra, Managing Director Privaterra (project of Computer Professionals for Social28. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page EPIC: Gmail Privacy Page http://www.epic.org/privacy/gmail/faq.html Gmail Privacy Page FAQs | Resources Frequently Asked Questions 1. What is Gmail and and what privacy risks does it raise? 1.1 What is Google's Gmail? 1.2 What is your position on Google's Gmail? 1.3 What privacy risks are presented by Gmail? 1.4 When did this issue arise, and what has happened since then? 1.5 What other things has Google been doing that might affect my privacy? 2. Technical details about Gmail 2.1 How does Google's "content extraction" work? 2.2 What is "internal" and "external" e-mail information used in the analysis? 2.3 Will Gmail build profiles of rs and/or non-rs? 2.4 Why is Gmail different than spam29. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page 4. What can you do? 4.1 Don't sign up for Gmail 4.2 Don't send e-mails to @gmail.com addresses 4.3 Reduce the possibility of tracking you through your cookies 4.4 What are YOU guys doing about it? 1. What is Gmail and and what privacy risks does it raise? 1.1 What is Google's Gmail? Gmail is a web-based e-mail service offered by Google offering one-gigabyte (1000 megabytes) of e-mail storage to users, five hundred times the capacity offered by Microsoft's Hotmail (as30. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page to the user. For example, if the user is having an e-mail conversation about applying for a job, Gmail might present the user with ads about online job search sites and resume writing services. 1.2 What is your position on Google's Gmail? Gmail violates the privacy rights of non-rs. Non-rs who e-mail a Gmail user have "content extraction" performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed. Subscribers to Gmail also face risks to their privacy; those risks are outlined below. 1.3 What privacy risks are presented by Gmail? a. Non-Subscribers Do Not Consent to "Content Extraction." Subscribers consent to "content extraction" and analysis of their e-mail ("We serve highly relevant ads and other information as part of the service using our unique content-targeting technology," according to the privacy policy). But non-rs who are e-mailing a Gmail user have not consented, and indeed may not even be aware that their communications are being analyzed or that a profile may being compiled on him or her. (See 2.3 "Will Google Build Profiles of Subscribers and/or Non-rs?") b. Unlimited Data Retention. While the prospect of never31. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page rule anything like that out," said Google co-founder Larry Page). Google retains a powerful ability to create incredibly detailed profiles on users, whether or not they do so today: e-mail addresses and "concept" information about a persons's friends, family and co-workers; the daily search terms typed into Google; and myriad personal information provided to Orkut. The Gmail privacy policy explicitly allows such uses: "Google may share cookie information among its other services for the purpose of providing you a better experience." (See also 2.3 "Will Google Build Profiles of Subscribers and/or Non-rs?") Additionally, Google has extremely long cookie expiration dates that preserve the cookie until the year 2038 (see 1.5 What other things has Google been doing that might affect my privacy?) d. Bad Legal Precedent. In the United States, violations of privacy with respect to the Fourth Amendment are based partly on whether the person had a legitimate expectation of privacy. If a major online e-mail provider such as Google is allowed to monitor private communications -- even in an automated way -- the expectations of e-mail privacy may be eroded. That is, courts may consider the service as evidence of a lack of a reasonable expectation in e-mail. Businesses and government organizations may thus find it easier to legally monitor e-mail communications. These effects are long-term and will undoubtedly outlive Google. e. Insufficient Privacy Policy. Google can transfer all of the information, including any profiles created, if and when it is merged or sold ("We reserve the right to transfer your personal information in the event of a transfer of ownership of Google, such as acquisition by or merger with another company".) Also, Google can make unilateral changes to the policy and unless it deems them "significant," it may not even notify users ("If we make any significant changes to this policy, we will notify you by posting a notice of such changes on the Gmail login page.") Finally, as outlined above, the policy regarding retention is very broad: "...residual copies of e-mail may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account." (These and the rest of the references to the privacy policy are based on the 6/28/2004 version.) Google changed the Google privacy policy on 6/28/2004 in order to comply with the California Online Privacy Protection Act. (Google should provide a "redline" version that shows the differences between the two policies, as it has done with the Gmail Program Policies.) The most significant change in the privacy policy is that Google more explicitly reserves its legal right to track users across Google products ("If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our service") much like a similar provision in the Gmail Privacy Policy (see 2.3 "Will Google Build Profiles of Subscribers and/or Non-rs?"). Google claims that they do not currently track users or create profiles, nor does it intend to do so in the future. But if that is so, why does it need to explicitly reserve the right to do so? Additionally, privacy policies may provide weak protection as other major online web service providers have unilaterally changed their privacy policies to the detriment of their users, including Amazon.com. 1.4 When did this issue arise, and what has happened since then? April 1, 2004

32. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page Google's traditional April Fools joke. The service is only available to a limited number of beta testers, not yet to the general public. April 6, 2004 * Thirty-one privacy and civil liberties groups signed an open letter to Google, urging it to suspend the Gmail service until its serious privacy issues are resolved. April 20, 2004 * California State Senator Liz Figueroa advanced an amended version of SB 1822, a bill concerning privacy of electronic communications. May 3, 2004 * EPIC, Privacy Rights Clearinghouse, and World Privacy Forum sent a letter to California's Attorney General, arguing that Gmail violates California Wiretapping law (see 3.2 for more details). May 6, 200433. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page * CA's Attorney General responded to the letter, acknowledging the potential wiretapping violation, and promising to look into the matter. 1.5 What other things has Google been doing that might affect my privacy? It is common knowledge that Google's general motto and one of their "cherished core values" is "Don't be evil." (See Google's Jobs Page, left hand sidebar). However, many have recently come to question this assertion, criticizing Google's actions across a wide range of activities. The following is a brief list of some criticisms directed at Google's record on privacy in arenas other than Gmail: * Every time you visit a Google.com site, a cookie placed on your computer. This cookie is linked to your computer by34. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page information * Directory and file information based on the path name of attachments sent in previous e-mails (e.g. building an index of filenames on sender or recipient's computer) As noted, the Gmail privacy policy does not prohibit Google from building such profiles (see 1.3c "Profiling Across Google Product Line"). 2.4 Why is Gmail different than spam filtering? From a technical standpoint, there is no categorical35. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page engine, Orkut, etc). 2.5 It's a computer, not a person reading your e-mail. What's the big deal? In some ways, having a person reading your e-mail to target the ads would be less privacy invasive. Unlike large computer systems, people do not have unlimited storage, memory and associative capability. But Google has the ability to build profiles of users based on their communications, unhindered by the Gmail privacy policy which does not prohibit such actions. Additionally, Gmail's "content extraction" will make its privacy invasions continuous and automated, making it a difficult privacy problem to solve just as spam and telemarketing, both of which are also continuous and automated by computer. 2.6 What patents has Google filed for Gmail? Google has filed three different patents:36. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page 3. Legal details 3.1 What are the Federal wiretapping laws, and does Gmail implicate them? The Electronic Communications Privacy Act (ECPA) was passed in 1986 as an update to the law governing the interception of electronic communication, including e-mail. Title I of ECPA (The Wiretap Act) (18 U.S.C. 2511) governs communications "in transit." The federal Wiretap Act only requires one of the parties to consent to the acquisition of the communication. However, the Ninth37. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page incident to the rendition of his service"), content analysis for the purposes of targeted marketing is not "a necessary incident" to the provision of e-mail service. 3.4 What legal objections have been raised in other countries? Data protection and privacy advocates in other countries have also voiced objections to Gmail, particularly in the EU. In April, Privacy International filed a complaint with the UK Information Commissioner, outlining their privacy objections to the Gmail service. The EU's Data Protection Directive (95/46/EC) affords strong privacy protections, exeeding those available in the United States. EU privacy advocates are very concerned that the Gmail service, which is of course available internationally, violates key principles and provisions embodied in the Data Protection Directive. Generally, EU privacy advocates have argued that Gmail is a violation of closely-held data protection principles, such as responsibility for the security of personal information held by a provider of service (in its terms of service Google disavows all responsibility for security violations), confidentiality of communications between one party and another (the Directive's working group stated that "no third party should be allowed to read the contents of e-mail between two parties), and control over personal information (Gmail users are not permitted to use any device, manual or otherwise, to monitor, cache, or copy any content from the Gmail service). Specifically, privacy advocates have claimed that Gmail violates several specific provisions of the Data Protection Directive. For example, Gmail's Terms of Use indicate that in the event of account termination, copies of your information may remain on their servers indefinitely, implicating Article 6 of the Directive which states that data should be kept "no longer than is necessary for the purposes for which the data were collected." For more information, see Privacy International's complaint_ Finally, international advocates raise risks about the openness of Google's intentions, especially when it comes to their "unstable" Terms of Use and Privacy Policy (i.e. the Terms of Use state that "Google may, in its sole discretion, modify or revise these terms and conditions and policies at any time, and you agree to be bound by such modifications or revisions." This provision contains no guarantee of notice of changes, stating elsewhere only that Google "may attempt to notify you via your Gmail address when major changes are made." 4. What can you do? 4.1 Sign up with a different large capacity webmail provider Of course, the easiest thing you can do to prevent Google's invasion of your privacy is to not sign up for an Gmail account. In fact, this is what Google and other Gmail advocates have been saying in response to privacy complaints_simply use another e-mail service. Several other services which offer large storage capabilities without the privacy violations: * Rediffmail (1GB + no content extraction) * Walla (1GB + no content extraction) * Spymac (1GB + no content extraction)

38. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page happens when all the large-scale providers of e-mail start employing Gmail-like e-mail scanning and extraction practices. 4.2 Don't send e-mails to @gmail.com addresses Remember, since Gmail is scanning and extracting incoming e-mails as well, even if you aren't a Gmail user, your privacy may still be violated by Gmail. To avoid such scanning, keep an eye on the domain of e-mail addresses to which you are you are sending and replying. If you get an e-mail from a Gmail account and you wish not to reply consider explaining something like this: Dear Friend, I have received your e-mail, but due to privacy concerns, I don't want to send my response to your Gmail account. Please give me another e-mail address where I can reach you. If you don't have another e-mail address, consider the following free e-mail accounts with generous storage which do not pose the same privacy risks: * Rediffmail (1GB + no content extraction) * Walla (1GB + no content extraction) * Spymac (1GB + no content extraction) * Aventure-mail (2GB + no content extraction) For more information on the privacy risks posed by Gmail, see http://www.epic.org/privacy/gmail/faq.html. Sincerely, Concerned Citizen 4.3 Reduce the possibility of tracking you through your cookies As noted above, the Gmail service may look at cookies from previous Google searches in deciding which ads to target to you in Gmail. One way to "decrease" the privacy violation if you do choose to use Gmail is to decrease the amount of information your browser keeps about your previous interactions with Google websites. EFF proposes two possible solutions to prevent "future linkability" (beyond deleting your Google and Gmail cookies each and every time you use Gmail and Google): 1. Use two browsers. have one browser dedicated to checking your Gmail, which you never use for Google searches, thus preventing your Google search cookies from being linked to your Gmail account. 2. Use an anonymizer. For example, download Anonymizer.com's free privacy toolbar which enables anonymous browsing and blocks and tracks cookie settings. However, it is unknown whether using these methods will "de-link" you from any information Google has already collected about your searching and e-mailing habits. 4.4 What are YOU guys doing about it? Privacy groups have responded in various ways to Gmail. For example, EPIC signed an open letter to Google regarding Gmail and co-wrote a letter to the California Attorney General outlining possible violations of California wiretapping laws. Legislative proposals to address Gmail have been introduced in in California and Massachusetts. In California, State Senator39. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page information to third parties, deletes messages in a timely manner upon request, etc.) and has the express consent of all parties to a communication. Exceptions are made for scanning e-mails for spam and viruses, and for businesses' provision of e-mail services to employees. The Massachusetts legislation, House Bill 1209, is not directed specifically towards Gmail, but is a general bill that would set up a "Special Commission on Privacy Concerns" that could consider data protection issues and threats to electronic and informational privacy, such as Gmail. Resources News Articles * Google bans Gmail sales, BBC News, July 2, 2004.40. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page * Legislator seeks to block Gmail, CNET News.com, April 22, 2004. * State senator drafts Google opt-out Bill, The Register, April 13, 2004. * Gmail likely to clear U.K. privacy hurdles, ZDNet, April 13, 2004. * Google values its own privacy. How does it value yours?, The Register, April 13, 2004. * Germans garotte Google Gmail over privacy, The Register, April 8, 2004. * Google mail is evil - privacy advocates, The Register, April 3, 2004. * Google: 'Gmail' no joke, but lunar jobs are, USA Today, April 1, 2004. * Google launches e-mail, takes the Bill Gates defense, The Register, April 1, 2004. Non-Profit/Advocacy Links * Open letter from thirty-one privacy and civil liberties organizations to Google urging them to suspend Gmail until its serious privacy issues are resolved (April 19, 2004). * Letter from EPIC, Privacy Rights Clearinghouse and World Privacy Forum to California Attorney General arguing that Gmail violates the California Wiretap Statute (May 3, 2004). * Letter from EPIC, Privacy Rights Clearinghouse and World Privacy Forum to Google founders S. Brin and L. Page urging suspension of Gmail (May 3, 2004). * Response from CA AG acknowledging Gmail's potential wiretap violation (June 4, 2004). Google/Gmail Links * Google's Press Release announcing launch of Gmail service (April 1, 2004). * Gmail Privacy Policy * Gmail Program Policies * Gmail Terms of Use Government/Legal Links

41. cgi-bin/nb18/0060 EPIC: Gmail Privacy Page * Federal Wiretap Act, 18 U.S.C. 2511. * Federal Stored Communications Act, 18 U.S.C. 2701. * California wiretapping law, CA Penal Code 631. * California Sen. Figueroa's electronic privacy bill, SB 1822. EPIC Home Page Last Updated: August 18, 2004 Page URL: http://www.epic.org/privacy/gmail/faq.html