• United States



Google wants to black out court details about data-mining e-mails

Mar 16, 20146 mins
Data and Information SecurityEmail ClientsMicrosoft

In fighting the alleged illegal wiretapping lawsuit, Google now wants to black out 'sensitive' details about scanning emails for 'security' reasons.

Google has been fighting a lawsuit that claims it intercepted, read and data-mined e-mail messages for targeted advertising and to build user profiles; that interception of e-mails may qualify as illegal wiretapping. Google has now asked the judge to “black out portions of a transcript from a public court hearing that includes information on how it mines data from personal e-mails,” reported Bloomberg.

The “confidential” information in the Feb. transcript may be what was revealed about “Content OneBox.” Google switched to scanning unopened e-mails after determining Content OneBox couldn’t data-mine unopened or deleted e-mails, or e-mail “opened on an iPhone or sent through an e-mail provider other than Google.” At that time, Google also started “creating profiles of people ‘from which they could extrapolate additional advertisements’.”

During the Feb. hearing, Google attorney Michael Rhodes said, “We came here today and we unburdened the court of any sealing effort. We agreed that all of the material that had been previously designated confidential could be aired in the public courtroom so that those folks back there in the media could see that Google has nothing to hide here.”

Let the confusion begin because now Google claims portions of the public transcript are “sensitive” and should be redacted for “security reasons and for competitive reasons.”

Some educational institutions and businesses had opt-out agreements with Google so the company would not scan their e-mails. Let’s take Google Apps for Education as an example highlighted in the California lawsuit as the plaintiffs alleged [pdf]:

Google treats Google Apps for Education e-mail users virtually the same as it treats consumer Gmail users. That means not only mining students’ e-mail messages for key words and other information, but also using resulting data-including newly created derivative information, or “metadata”- for “secret user profiling” that could serve as the basis for such activities as delivering targeted ads in Google products other than Apps for Education, such as Google Search, Google+, and YouTube.

Bram Bout, director of Google Apps for Education, told Education Week that “ads in Gmail are turned off by default for Google Apps for Education and we have no plans to change that in the future.” But just because you don’t see ads, does not mean that the e-mail was not scanned to create secret “profiles.” And that could violate the opt-out agreements. And, according to the Education Department’s guidance on student-data privacy, if Google is scanning Apps for Education users’ e-mails, then that could also violate the Family Educational Rights and Privacy Act (FERPA).

A Google spokeswoman confirmed to Education Week that:

the company ‘scans and indexes‘ the e-mails of all Apps for Education users for a variety of purposes, including potential advertising, via automated processes that cannot be turned off – even for Apps for Education customers who elect not to receive ads. The company would not say whether those e-mail scans are used to help build profiles of students or other Apps for Education users, but said the results of its data mining are not used to actually target ads to Apps for Education users unless they choose to receive them.

Chris Hoofnagle, director of Berkeley Center for Law and Technology (BCLT) privacy programs, wrote:

Hiding ads while analyzing data takes advantage of a key deficit users have around internet services: users only perceive profiling if they receive ads. The content one box infrastructure would allow Google to understand the meaning of all of our communications: the identities of the people with whom we collaborate, the compounds of drugs we are testing, the next big thing we are inventing, etc. Imagine the creative product of all of Berkeley combined, scanned by a single company’s “free” e-mail system. Through the glass of the Fread v. Google lawsuit [pdf], darkly, we are just beginning to understand what it means to outsource our communications system.

When previously trying to kill the class action lawsuit about scanning Gmail, Google’s attorneys wrote, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based e-mail today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communications service] provider in the course of delivery.”

However Hoofnagle points out that Google seems to be arguing that consent to scan e-mails was given by universities when they implemented services like bMail. “A Google employee cites dozens of examples of news articles and public controversy surrounding Gmail scanning, which apparently put the world on notice of Google’s activities.”

But Microsoft’s Scroogled campaign and news articles should not be considered enough to “put the world on notice.” In fact, U.S. District Judge Lucy H. Koh previously wrote that not even Google’s terms of service and privacy policy in 2012 were enough. “A reasonable Gmail user who read the Privacy Policies would not have necessarily understood that her e-mails were being intercepted to create user profiles or to provide targeted advertisements.”

As Hoofnagle eloquently explained:

It has always been understood that communications providers sometimes have to access content of user communications for technical rendition of service. Thus, phone companies can, through sampling, listen to calls to check for sound quality. Internet providers can screen for malware and the like. But Google argues that it is “ordinary” for a service provider to read content of individuals’ communications for business purposes, such as pitching advertising. Google’s position would allow AT&T and Verizon to listen to your calls and voicemail in order to pitch advertising, or the Postal Service to break the seal of your envelopes to stuff ads in them.

Bold emphasis was mine. Would you stand for that? Of course not! Whether or not Google is guilty of illegal wiretapping, the company is trying to shield portions of the transcript from media attention. Everyone who cares about privacy should pay attention to this case.

Like this? Here’s more posts:

  • Don’t you have a right to link to a hack without going to jail?
  • Top 25 most commonly used and worst passwords of 2013
  • Google Map jacker called a hero by feds he wiretapped
  • Former BlueHat Prize winner pwns Microsoft, researcher bypasses all EMET protections
  • How to customize Windows 8.1 Start screen and keyboard shortcut tricks
  • Microsoft surveys tech elites on online privacy
  • Microsoft finally gets a clue: Boot to desktop as default in Windows 8.1 update
  • Mt. Gox files for bankruptcy in U.S. to stop lawsuits
  • Ballmer calls Microsoft a two-trick pony, but real trick is Windows XP to 8 ‘upgrade’
  • How to change Windows 8.1 to local account with no Microsoft email account required
  • Microsoft: Windows 8.1 update great for mouse-and-keyboard AND touch users
  • Researchers: Phone metadata surveillance reveals VERY personal info about callers

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.