If Google's lawyers didn't just lie through their teeth in federal court, then a user of Gmail may have "no legitimate expectation of privacy in information he voluntarily turns over to third parties" like Google itself. But did Google just shoot itself in the foot, or is this splitting of legal hairs to a microscopic degree?
The statement from Google is part of a summary motion to dismiss statement in a class-action lawsuit against the search giant that accuses Google of violating state and Federal wiretapping laws when the Gmail service automatically scans messages in a Gmail user's inbox to determine which ads to display for the user.
In the motion to dismiss filed in the Northern District of California Court in San Jose, Google argued that no one should expect privacy when they are using any service to process online communications:
The state law wiretap claims of the Non-Gmail Plaintiffs fail for similar reasons. While the non-Gmail Plaintiffs are not bound to Google’s contractual terms, they nonetheless impliedly consent to Google’s practices by virtue of the fact that all users of email must necessarily expect that their emails will be subject to automated processing.
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.' Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
At this point, some Gmail users might start looking around to find another email provider. They might be well advised to do that for any number of reasons—*cough* PRISM!—but this may not be one of them.
Keep reading the motion, though, and you will see that Google doesn't intend to just ignore the privacy rights of its users—rights Google asserts quite often.
"As numerous courts have held, the automated processing of email is so widely understood and accepted that the act of sending an email constitutes implied consent to automated processing as a matter of law," the motion continues. In English, Google is arguing that any transfer of electronic messaging information will involve automated processes that users inherently understand involve some sort of recording of the message.
Storing the message on a hard drive for later retrieval is one such automated process, Google argues, and the automatic scanning of emails for keywords to serve ads is simply another such process.
Like I said, it's a microscopic splitting of hairs.
While the scanning of my email has never been a favorite thing, it is part of the bargain that I have consciously made with Google in order to take advantage of its free services. Others, like my colleague and fellow Hoosier Tom Henderson, don't like that bargain and have chosen to opt out.
Indeed, Google has never made a secret out of this practice of keyword scanning, and that's another part of Google's argument: the Gmail users in the lawsuit, they claim, knew Gmail was performing these scans and kept on using the service anyway.
Google has had to fend off abuse of privacy complaints before, most recently from Microsoft's "Scroogled" marketing campaign, which baldly claimed that "Google violates your privacy by reading every single word of every single email sent to and from Gmail accounts so they can better target you with ads."
And the organization that made the press announcement originally calling out Google's motion to dismiss was Consumer Watchdog, a consumer advocacy group that runs, among other things, the anti-Google Inside Google site.
To date, Google's response has amounts to variations on the same argument made by their lawyers: the scanning is automated, the ad system that does the scanning is completely separate from the Google account system and users knew what they were getting into when they signed up for Google's services.
Users have a right to know what Google is up to. (Same goes for Microsoft, and Amazon and any other third-party cloud service provider.) But acting shocked about something that's pretty much been known from the beginning is disingenuous, as is not taking the one step that could easily prevent privacy breaches: opting out.