Pro-regulatory groups: Gmail may be illegal, "must" be suspended [priv]

[Declan McCullagh <declan () well com>]

[So if a company offers a service and its customers voluntarily agree
to use it (in fact, let's say they *want* it), the company may not do
it? It seems like these regulatory enthusiasts want the government --
some government, any government -- to stop in and interfere. Making
your point of view heard is one thing, but calling for government
action is another. If I'm mistaken and these groups oppose government
action against Google, I hope they'll write in and let the list
know. --Declan]


http://www.privacyrights.org/ar/GmailLetter.htm

   FOR IMMEDIATE RELEASE
   Media Contacts:

   Pam Dixon, Executive Director,
   World Privacy Forum
   Office: (760) 436-2489, Mobile: (760) 470-2000
   pdixon () worldprivacyforum org
   pdixon () worldprivacyforum org
   www.worldprivacyforum.org 

   Beth Givens, Director,
   Privacy Rights Clearinghouse
   Phone: (619) 298- 3396
   bgivens () privacyrights org 
   www.privacyrights.org 

           Twenty Eight Privacy and Civil Liberties Organizations
                       Urge Google to Suspend Gmail 

   San  Diego,  CA, April 6, 2004 -- The World Privacy Forum and 27 other
   privacy  and  civil  liberties  organizations  have  written  a letter
   [inserted  below]  calling  upon  Google  to suspend its Gmail service
   until  the  privacy  issues  are adequately addressed. The letter also
   calls   upon  Google  to  clarify  its  written  information  policies
   regarding data retention and data sharing among its business units.

   The 28 organizations are voicing their concerns about Google's plan to
   scan  the  text  of  all  incoming  messages  for  the  purposes of ad
   placement,   noting  that  the  scanning  of  confidential  email  for
   inserting  third  party  ad  content violates the implicit trust of an
   email  service  provider.  The  scanning creates lower expectations of
   privacy in the email medium and may establish dangerous precedents.

   Other  concerns  include  the unlimited period for data retention that
   Google's  current  policies  allow,  and  the potential for unintended
   secondary uses of the information Gmail will collect and store.

   ------------------
   An Open Letter to Google Regarding Its Proposed Gmail Service

   From:
   World Privacy Forum
   Privacy Rights Clearinghouse
          and
   Grayson Barber, Privacy Advocate
   Bits of Freedom (Netherlands)
   Murray Mollard, Executive Director
   British Columbia Civil Liberties Association (Canada)
   CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)
   Consumer Action
   Consumer Federation of America
   Consumer Federation of California
   Consumer Task Force for Automotive Issues
   Electronic Privacy Information Center
   Foundation for Information Policy Research
   Mari Frank, Esq., Author of Identity Theft Survival Kit
   Simson L. Garfinkel, Author of Database Nation
   Edward Hasbrouck, Author and Consumer Advocate
   Massachusetts Consumer Assistance Council
   Massachusetts Consumers' Coalition
   National Association of Consumer Agency Administrators (NACAA)
   National Consumers League
   PrivacyActivism
   Privacy International (United Kingdom)
   Privacy Rights Now Coalition
   Privacy Times
   Private Citizen, Inc.
   Privaterra (Canada)
   Public Information Research, Inc.
   Utility Consumers' Action Network

   April 6, 2004

   Sergey Brin, Co-Founder & President, Technology
   Larry Page, Co-Founder & President, Products
   Google Inc.
   1600 Amphitheatre Parkway
   Mountain View, CA 94043

   Dear Mr. Brin and Mr. Page: 

   Google's  proposed Gmail service and the practices and policies of its
   business units raise significant and troubling questions.

   First,  Google  has  proposed scanning the text of all incoming emails
   for  ad  placement.  The  scanning  of confidential email violates the
   implicit  trust  of  an email service provider. Further, the unlimited
   period for data retention poses unnecessary risks of misuse.

   Second,  Google's  overall data retention and correlation policies are
   problematic  in  their lack of clarity and broad scope. Google has not
   set  specific,  finite limits on how long it will retain user account,
   email,  and  transactional  data. And Google has not set clear written
   policies about its data sharing between business units.

   Third,  the  Gmail  system  sets  potentially dangerous precedents and
   establishes  reduced  expectations of privacy in email communications.
   These precedents may be adopted by other companies and governments and
   may persist long after Google is gone.

   We  urge you to suspend the Gmail service until the privacy issues are
   adequately
   addressed.

   Email Scanning in Google's Proposed Gmail Service

   The  email  text  scanning  infrastructure  that  Google  has built is
   powerful  and global in reach. Google has not created written policies
   to   date  that  adequately  protect  consumers  from  the  unintended
   consequences of building this structure. It is, in fact, arguable that
   no  policy  could adequately protect consumers from future abuses. The
   societal   consequences  of  initiating  a  global  infrastructure  to
   continually  monitor the communications of individuals are significant
   and far-reaching with immediate and long-term privacy implications.

   Currently, individuals may have the understanding that Google's system
   is not that different in nature from scanning messages for spam, which
   is  a  common  practice  today.  There  is  a  fundamental difference,
   however.  With Gmail, individuals' incoming emails will be scanned and
   seeded  with  ads.  This will happen every time Gmail subscribers open
   their  emails  to  re-read  them,  no  matter  how long they have been
   stored. Inserting new content from third party advertisers in incoming
   emails  is  fundamentally  different than removing harmful viruses and
   unwanted spam.

   Another  potential  misconception  about  the Gmail system is that the
   scanning  will  take  place in isolation. The email is scanned, and ad
   text  is delivered. But that is not the end of the story. The delivery
   of  the  ad  text  based on emails is a continual "on the fly" stream.
   This  technology  requires  a  substantial  supply  chain of directory
   structures, databases, logs, and a long memory. Auditing trails of the
   ad  text  are  kept,  and  the  data could be correlated with the data
   Google  collects  via its other business units such as its search site
   and its networking site, Orkut.

   Google  has  countered  criticism  of  Gmail  by  highlighting  that a
   computer,  not  a  human, will scan the content of the e-mail, thereby
   making  the system less invasive. We think a computer system, with its
   greater storage, memory, and associative ability than a human's, could
   be just as invasive as a human listening to the communications, if not
   more so.

   That  the  Gmail scanning and monitoring is being used for advertising
   right  now  is  distracting,  because  it is a transient use. Scanning
   personal  communications in the way Google is proposing is letting the
   proverbial  genie  out  of  the  bottle. Today, Google wants to make a
   profit  from  selling  ads.  But  tomorrow,  another  company may have
   completely different ideas about how to use such an infrastructure and
   the data it captures.

   Google  could  --  tomorrow -- by choice or by court order, employ its
   scanning  system  for  law  enforcement  purposes. We note that in one
   recent  case,  the  Federal  Bureau  of Investigation obtained a court
   order  compelling  an  automobile  navigation  service  to convert its
   system  into a tool for monitoring in-car conversations. How long will
   it be until law enforcement compels Google into a similar situation?

   Google has been quick to state that it does not intend to correlate or
   share consumer data between its business units. But unless Google puts
   a  consumer  promise into its privacy policy that states it will never
   correlate  the  data,  then  Google is not putting its money where its
   mouth  is.  In  a nation of laws, Google needs to make its promises in
   writing.

   Gmail's Potential Conflict with International Law 

   The   Gmail   system   may   conflict   with  Europe's  privacy  laws,
   specifically,   Directive   95/46/EC,   also  called  the  EU  Privacy
   Directive.  This  directive  states,  among  other things, that users'
   consent  must  be  informed,  specific,  and  unambiguous (pursuant to
   Article 7(a) of Dir. 95/46/EC).

   As  it  has  been  proposed,  and  based  on the current Gmail privacy
   policy,  the  consent  of  EU-based  Gmail users cannot necessarily be
   considered  informed,  specific,  and  unambiguous  in  regards to the
   scanning,  storage  and  further processing of their e-mails. The need
   for  informed,  specific,  and unambiguous consent also applies to the
   potential  linking  of EU citizens' e-mails to their search histories.
   Additional  issues  with  data  retention  may also exist under the EU
   Privacy Directive.

   The Dangers of Lowered Privacy Expectations in the Email Medium

   Ultimately, however, this discussion is not solely about Google. It is
   about  the  global  tools Google is building, and the ways these tools
   and  systems  stand  to alter how individuals perceive the sanctity of
   private communications in the electronic sphere. These perceptions and
   standards may persist long after Google as a company is gone.

   Google  needs  to  realize  that  many  different  companies  and even
   governments  can  and likely will walk through the email scanning door
   once  it  is  opened.  As  people become accustomed to the notion that
   email  scanning  for  ad  delivery is acceptable, "mission creep" is a
   real  possibility.  Other  companies  and  governments  may  have very
   different  ideas about data correlation than Google does, and may have
   different  motivations for scanning the body of email messages. Google
   itself,  in  the  absence  of clear written promises and policies, may
   experience  a  change  of  course  and choose to profit from its large
   stores of consumer data culled from private communications.

   The lowered expectations of email privacy that Google's system has the
   potential   to   create  is  no  small  matter.  Once  an  information
   architecture  is  built,  it  functions  much  like a building -- that
   building  may be used by many different owners, and its blueprints may
   be replicated in many other places.

   Google's  technology  is  proprietary,  but the precedents it sets are
   not.

   Conclusion 

   We request the following of Google:

   1.  First, Google must suspend its implementation of scanning the full
   text of emails for determining ad placement.

   2.  Second,  Google  must  clarify  its information retention and data
   correlation   policy   amongst   its  business  units,  partners,  and
   affiliates.  This  means that Google must set clear data retention and
   deletion  dates  and  establish  detailed  written policies about data
   sharing and correlation amongst its business units and partners.

   Respectfully submitted and signed, 

   Pam Dixon, Executive Director
   World Privacy Forum

   Beth Givens, Director
   Privacy Rights Clearinghouse

     and the following individuals and organizations:

   Grayson Barber
   Privacy Advocate

   Maurice Wessling
   Bits of Freedom (Netherlands)

   Murray Mollard, Executive Director
   British Columbia Civil Liberties Association (Canada)

   Katherine Albrecht, Ed.M., Founder and Director
   CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)

   Ken McEldowney, Executive Director
   Consumer Action

   Jean Ann Fox, Director of Consumer Protection
   Consumer Federation of America

   Richard Holober, Director
   Consumer Federation of California

   Will deHoo, Director
   Consumer Task Force For Automotive Issues

   Chris Hoofnagle, Associate Director
   Electronic Privacy Information Center

   Ian Brown
   Foundation for Information Policy Research

   Mari Frank, Esq.
   Author of the Identity Theft Survival Kit

   Simson L. Garfinkel
   MIT Computer Science and Artificial Intelligence Laboratory
   Author, Database Nation: The Death of Privacy in the 21st Century

   Edward Hasbrouck
   Author and Consumer Advocate

   Paul Schrader, Executive Director
   Massachusetts Consumer Assistance Council

   Paul J. Schlaver, Chair
   Massachusetts Consumers' Coalition

   Kathleen Thuner, President
   National Association of Consumer Agency Administrators (NACAA)

   Linda Golodner, President
   National Consumers League

   Deborah Pierce, Executive Director
   PrivacyActivism

   Simon Davies
   Privacy International (United Kingdom)

   Remar Sutton, Co-Founder
   Privacy Rights Now Coalition

   Evan Hendricks
   Privacy Times

   Robert Bulmash, President
   Private Citizen, Inc.

   Robert Guerra, Managing Director
   Privaterra    (project    of   Computer   Professionals   for   Social
   Responsibility) (Canada)

   Daniel Brandt, President
   Public Information Research, Inc.

   Michael Shames, Executive Director
   Utility Consumers' Action Network

                                   - 30 -
   ______________________________________________________________________
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)