A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology
(1) Google's GMail Highlights General Privacy Concerns
(2) Background on Web Email and GMail
(3) Policy Concerns Associated with Content Searching
(4) Policy Concerns Associated with Third-Party Email Storage
(5) CDT's Preliminary Recommendations
---------------------------------------
(1) Google's GMail Highlights General Privacy Concerns
Google's proposed GMail service, announced recently, has received
widespread attention and attracted a good deal of privacy criticism.
Two specific features of Gmail -- its searching of the content of its
users' email in order to serve targeted ads and its offer to store on
Google's servers enormous volumes of old email -- do raise privacy
concerns. However, Google has been quite clear about these features,
giving potential users the ability to weigh the pros and cons of the
service. Moreover, it is important to note that most of the privacy
concerns associated with Gmail are the same as or similar to concerns
posed by other similar services, albeit heightened because of the
magnitude of what GMail is proposing.
Simply put, on the content searching issue, ISPs and other service
providers are already using machines to scan the contents of email,
especially to block spam. As to the risks of remotely storing email,
users and policymakers need to be aware that, under current statutory
and caselaw, any records stored on the server of a third party -
documents, calendars, email - do not enjoy the same privacy
protection as materials stored in one's own home or on one's hard
drive.
In this Policy Post, CDT offers some preliminary recommendations to
Google and other providers of similar services. We also renew calls
that we have made over the years for legal reforms that will extend
stronger privacy protection to personal materials stored with
Web-based services.
---------------------------------------
(2) Background on Web Email and GMail
For several years, various companies have provided email service on
the Web to consumers who agree to receive ads while they are looking
at incoming mail and to allow ads to be appended to their outgoing
mail.
In many ways, these services exemplify the democratizing potential of
the commercial Internet. They are open, flexible, globally
available, and, in most cases, free. Individuals can set up multiple
accounts for different purposes. In the context of concerns over
workplace privacy, CDT has suggested that individuals in the
U.S.utilize these free accounts instead of work email addresses when
sending personal email because, under current law, an employer can
monitor email sent and received over the employer's system.
Last week, the Internet search company Google announced that it was
testing a new Web e-mail service of its own called GMail. The
service has three features that distinguish it from other free email
services:
* Increased Free Storage -- Other Web mail services offer 2-6 MB of
storage for free. GMail will provide up to 500 times that amount of
storage for free - 1GB. As with other services, the storage includes
not only email, but attachments, expanding the number of documents
that users can store remotely.
* Searchability of Mail -- Most Web mail services allow individuals
to create folders to store mail. GMail uses the Google search engine
to help users find their email messages, further encouraging users to
keep large volumes of material with the assurance that the search
engine will find it for them.
* Content-Based Ads -- Most Web mail services give pop-up ads or
banner ads to individuals based on profiles that they provide at the
time of sign-up. Instead, Gmail will scan through the contents of
each message and dynamically place ads based on the subject matter of
the email. Google promises that only computers will see the content
of messages and that no permanent information will be attached to any
messages or tied to the user based on the scan.
---------------------------------------
(3) Policy Concerns Associated with Content Searching
Generally speaking, all email communications in the U.S. are
protected by the Electronic Communications Privacy Act (ECPA), which
requires a court order for government interception of email in
transit or in storage incident to transmission. Generally, ECPA
prohibits service providers from reading the email of their customers
unless the customer has given consent. One exception, however,
allows ISPs to scan the content of their customers messages in order
to "protect the rights or property" of the service provider. For
years, under this authority, ISPs have been scanning the content of
messages to look for spam and email infected with viruses, among
other purposes. This is legal under ECPA despite the fact that the
ISP may not have received the direct consent of the sender of the
email, because the service is doing so to protect its rights or
property (i.e., its servers).
However, all ISPs should probably also be very clear in their terms
of service and their privacy policies as to what they are doing to
scan the contents of email. And since Google's searching of contents
goes beyond spam detection, Google will have to get very explicit
consent from GMail users.
Google's practice raises the interesting question of whether users
need to be concerned about machines reading their email, if no human
ever sees anything. In 2000, the FBI defended its Carnivore device,
placed in ISPs to search the emails of many customers looking for
those to or from a designated target, by arguing that only the
machine rather than a person was looking at the emails of innocent
people.
Regardless of whether customers will put faith in the fact that a
machine rather than a person is scrutinizing their email, GMail
should be based on explicit prior consent, whereas the FBI, in
carrying out interceptions, does not give notice to the person or
persons whose messages are being scanned or recorded.
Google's "evolving" privacy policy for GMail explains that the only
information it will use in serving ads is the name and login,
collected directly from the user, and the content of the particular
email with which a given ad will be associated. Google states that
it will not ask for demographic information upon enrollment in GMail,
nor will it be compiling user profiles based on email content.
According to the policy, content information will not be shared with
third parties for marketing purposes.
Google has also said that it currently plans to use the same cookie
for its web search engine, GMail and all other Google services to
provide users a single sign-on. This raises the concern that
correlation of data between services will be very easy if Google ever
decides to move in this direction. One story quotes a Google
official as saying that the company may in the future want to
correlate search engine usage with email content. Google's policies
currently state that this correlation could only be used to help
improve GMail, not other Google services. Many other Web services
also use single sign-on for multiple services, although no others
have suggested that they intend to use the contents of emails to the
extent Google has. Since the cookie's only benefit to the user is
the single-sign on, users that don't want the convenience can simply
block the cookie without other impact to service. New cookie controls
in browsers offer users even greater ability to block all cookies
from Google or delete the cookie regularly, although only advanced
users are likely to protect their privacy in this way.
One other area of consideration are state laws on wiretapping. A
number of states have laws that require the approval of all parties
in a communication. It is unclear how this would apply to the kind
of scanning that would occur with GMail.
GMail's Privacy Policy -- http://gmail.google.com/gmail/help/privacy.html
Text of 18 USC § 2701-02 (the relevant portions of ECPA) --
http://www4.law.cornell.edu/uscode/18/pIch121.html
Privacy groups' open letter to Google on GMail --
http://www.privacyrights.org/ar/GmailLetter.htm
Reporter's Committee for the Freedom of the Press "Can We Tape?" A
list of state communications confidentiality laws --
http://www.rcfp.org/taping/index.html
---------------------------------------
(4) Policy Concerns Associated with Third-Party Email Storage
For a number of years, CDT has raised concerns about the low
standards under which government agents and civil litigants can get
access to personal information stored on a third party server.
ECPA was written in 1986 before the World Wide Web even existed. At
the time, Congress was focused on protecting the privacy of
communications in transit, not on the protection of stored data. DOJ
argued that data stored with a third party did not enjoy the
protection of the warrant clause of the Fourth Amendment. ECPA
adopted a two-tiered rule: email in transit or in storage incident to
transmission for 180 days or less may be obtained by the government
only pursuant to a search warrant issued under the probable cause
standard of the Fourth Amendment. Email in storage for more than 180
days loses this protection and becomes a stored record that may be
obtained with a mere subpoena, issued on a very low standard,
normally without any review by a judge. In neither case is the user
entitled to contemporaneous notice that his email is being seized by
the government. Moreover, the DOJ argues that once an email is
opened by the recipient, it loses the protection of a communications
and becomes a mere stored record, no matter how recent it is.
Also, under current federal law, ISP customers are not entitled to
notice when email is subpoenaed in civil lawsuits. This means that
individuals in divorce cases and other civil disputes are able to
subpoena records held by an ISP or any other third party with no
notice to the owner of the email account.
Google has also pointed out that residual copies of email may remain
on its systems, even after the user has deleted them from his or her
mailbox and even after a user has terminated the account. Again,
this is true of all email systems, but highlights the limitations of
ECPA in the area of third party storage.
CDT has recommended a series of improvement to ECPA that would update
the law to take into account the nature of Web-based services:
* Require a warrant based on probable cause for seizure without
prior notice of information stored on third-party systems, and prior
notice and an opportunity to object for subpoena access.
* Require notice and an opportunity to object when civil subpoenas
seek personal information about Internet usage.
* Require statistical reports for access to stored email, similar to
the reports required under the wiretap law.
* Make it clear that Internet queries are content, which cannot be
disclosed without consent or a probable cause order.
For more background on the law and CDT's recommended reforms, see
Executive Director Jim Dempsey's April 6, 2000 testimony on "The
Fourth Amendment and the Internet" --
http://www.cdt.org/testimony/000406dempsey.shtml
---------------------------------------
(5) CDT's Preliminary Recommendations for GMail and Online Privacy
CDT is still examining the complex issues related to GMail. Based on
our preliminary research, we offer the following recommendations:
* Google should promise in its privacy policy never to correlate the
content of email with a user's cookie or with other
personally-identifiable information for any purpose.
* Google should give users an active choice as to whether they would
like the convenience of single sign-on for multiple services or
separate log-ins (through multiple cookies).
* Google should also agree to notify users by email of any changes to
its GMail policy rather than merely posting the changes to the login
page.
* In an age of unlimited storage, lawmakers should ensure that data
stored on networks is afforded full privacy protection including
providing enhanced protection for information on networks, probable
cause for seizure without prior notice, opportunity to object for
subpoena access.
* Notice and an opportunity to object should be required when civil
subpoenas seek personal information about Internet usage.
With full notice, Internet users should be able to decide whether to
accept scanning of their email in return for free services. Consumers
should be fully aware of the implications of using a system that
scans messages as a requirement for using that system. All service
providers should be very explicit about their practices in scanning
emails for any purpose.
--
To subscribe to CDT's Activist Network, sign up at:
http://www.cdt.org/join/
--
Michael Clark, Grassroots Webmaster
mclark@cdt.org
PGP Key available on keyservers
Center for Democracy and Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
http://www.cdt.org/
voice: 202-637-9800
fax: 202-637-0968