Google Kicks the Privacy Hornet's Nest
Just because it happens to be stored on a server Google owns doesn't mean the company "owns" the email or has any right to scan into its contents.
With all of the revelations regarding the state of privacy that have come out over the past few months, maybe people will finally start to take these issues more seriously. First there was Edward Snowden's revelations regarding the data collection practices of NSA, more of which seem to be coming out on a weekly basis. Sen. Al Franken, (D-Minn), who chairs the Senate Subcommittee on Privacy, Technology, and the Law, has been questioning the practice of retailers tracking consumers by their Wi-Fi equipped smartphones. And now Google has upped the ante, arguing that it's okay to sort through your emails so they can send you targeted advertisements.
Many UC capabilities, like presence and location-based presence, involve issues of privacy, and as Google continues to roll out more consumer UC tools like Hangouts, Google Voice, Google Docs, etc. we have to ask if they will they be taking a peek at all of the content under their control?
The scary part about Google's position is that they seem to think they have the right to read through your emails. In a brief filed by Google as part of a motion to dismiss the case, Google's lawyers write, "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.'"
I don't know about you, but I think my email is a private communication between me and the party or parties I'm sending it to, and yes, I expect it to stay private. It's hard to tell if the lawyers are just really bad at analogies or if they honestly think that Google has the right to computer-scan private communications for the purposes of increasing Google's profit.
In their argument they are crossing the line from "business correspondence" to "private correspondence," and eliminating the distinction between a trusted admin and a big company that wants to make money selling private information you have put in an email. Just because it happens to be stored on a server Google owns doesn't mean the company "owns" what's on the server or has any right whatsoever to scan into its contents.
The idea of "targeted advertising" is somewhat suspicious, but it has existed for so long that people (at least the ones who know what targeted advertising is) seem to have come to expect it. Tracking cookies planted by Web sites is one thing, but sorting through what I would argue the vast majority of Americans would consider and expect is private communications seems to be jumping way over the line.
Contrast Google's position with what Microsoft says in its Terms of Service. "[W]e may occasionally use automated means to isolate information from email, chats, or photos in order to help detect and protect against spam and malware, or to improve the services with new features that makes them easier to use." Yeah, it's spying in a way, but the purpose is to improve the product, not to profit from providing the information to a third party so they can try to sell us stuff.
While we're at it, why don't we have a Do Not Email list akin to the federal Do Not Call list. Actually there is one, run by the National Email Registry, LLC, but it has two rather significant limitations: It's a government agency and it doesn't work. The Direct Marketing Association also has a program called DMAChoice, but it's only supported by a subset of marketers--not the folks who want to sell you Viagra, electronic cigarettes, and mortgage refinancing. Those are all the ones whose Opt Out page requires you to type in your email address even if they have it displayed there--nice waste of time.
It may be a fantasy to hope for an end to spam, but now that Google's behavior is in full public view, I think maybe, just maybe, computer privacy issues will move higher on the public agenda. I'm glad that Gmail is free, but "free and private" would be a much better deal. It might be time to start laying out regulations people can understand that specify what's private and what's not.
Enterprise UC systems will likely not be held to the same standards as public services like Google's, because they are after all "private systems" installed primarily to support business operations. Employees know that business email is for business, and in a tough economy, employees are glad to have a job and are less likely to raise a fuss.
That said, I don't think we've heard the end of this Google story.
Follow Michael Finneran on Twitter and Google+!