[conspire] (forw) Re: GOOGLE: If You Use Gmail, You Have 'No Legitimate Expectation Of Privacy'

Rick Moen rick at linuxmafia.com
Fri Aug 16 07:20:35 PDT 2013 

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Fri, 16 Aug 2013 07:15:51 -0700
From: Rick Moen <rick at linuxmafia.com>
To: skeptic at lists.johnshopkins.edu
Subject: Re: GOOGLE: If You Use Gmail,
	You Have 'No Legitimate Expectation Of Privacy'
Organization: If you lived here, you'd be $HOME already.

Quoting Scott Peterson (scottp4 at mindspring.com):

> If you happen to be one of the 400 million people who use Google's
> Gmail service for sending and receiving emails, you shouldn't have
> any expectation of privacy, according to a court briefing obtained
> by the Consumer Watchdog website. In a motion filed last month by
> Google to have a class action complaint dismissed, Google's lawyers
> reference a 1979 ruling, holding that people who turn over
> information to third parties shouldn't expect that information to
> remain private. From the filing (emphasis added): Just as a sender
> of a letter to a business colleague cannot be surprised that the
> recipient's assistant opens the letter, people who use web-based
> email today cannot be surprised if their communications are
> processed by the recipient's ECS provider in the course of delivery.
> Indeed, "a person has no legitimate expectation of privacy in
> information he voluntarily turns over to third parties." Smith v.
> Maryland, 442 U.S. 735, 743-44 (1979).

This needs to be seen in its proper context of a tactical argument used
by corporate lawyers to attempt to get a class-action lawsuit dismissed.
The motion to dismiss in question can be read here:
http://www.scribd.com/doc/160134104/Google-Motion-to-Dismiss-061313
My point is that, yes, this is a position being taken tactically by some
corporate legal mercenaries (at Cooley LLP of San Francisco), but
such legal mercenaries are not developing or making corporate policy.

So, no, the court filing doesn't mean GMail users shouldn't have any
expectation of privacy.  On the other hand, there are a number of other
things entirely that _do_ point to that outcome, starting with the
fundamental relationship between all GMail users and Google, Inc.

As is proverbial at this point, users of GMail and other 'free' Web 2.0
services are not the customers of the companies providing them -- and in
fact are the product being sold to the purchasers of data-mined
information who are the real customers.  Just a few minutes of pondering
the economics of such services reveals some vital truths:  Providing the
service costs significant money, you aren't providing any of that money,
therefore the service does not exist for your benefit and the company is
in no way looking out for your interests.

Ordinarily, you as the customer are protected by, if nothing else, the
covenants of good faith and fair dealing that require businesses to give
the customer what he/she paid for and not work against the customer's
interests.  Non-customer GMail users are, by contrast, fair game.

Then, too, the AJAX-type Web 2.0 technology underlying GMail and similar
services' 'dynamic' user interfaces is perfectly suited for the very
most intrusive varieties of data-mining, because it permits the provider
to, if it wishes, follow, record, and analyse every keystroke, every
pointer motion, and every sequence of link-following both within the
service and (with the help of ancillary tracking technologies maintained 
using Javascript-driven triggers) as you subsequently move on to other
services elsewhere.  

(It should be noted that GMail supports a non-AJAX 'classic' Web
interface that is not amenable to real-time user tracking, and an
IMAP/SMTP interface that is even better for users wishing to restore a
bit of control and yield less information.  Users with at least a
minimal interest in privacy should do that much, for starters.)

And it also should be pointed out that Google, Inc. is now _the_
predominant player, in all the world, in data-mining of the public,
ensuring that its very breadth of presence helps them reach out and 
register what you are doing, what you are buying, whom you are social
with, etc.  Even Facebook is a piker compared to the corporation
(Google) that bought infamous spying-on-users firm Doubleclick for US
$3.1B.


And, by the way, the legal mercenaries' citation of Smith v. Maryland
was to a certain extent humbug -- but lawyers are paid to make arguments
citing precedent that may or may not be accepted by judges.  Their
theory is, if you didn't try, you'll never know whether the judge might
have said yes.

Smith v. Maryland concerned a 'pen register' (a simple device that
records all telephone numbers called from a single origin number, with a
time/date stamp, but records absolutely nothing else about those calls,
and in particular nothing about the call contents) in a telco central
office -- without court warrant -- as part of police investigation of a
man named Michael Lee Smith, whom they suspected of robbery and wanted
to see whom he dialed from his home telephone.  Why?  Because robbery
victim Patricia McDonough had given police a description of the robber,
and thereafter started receiving threatening and obscene anonymous
telephone calls.  The calls continued following installation of the pen
register, which duly was found to show calls to McDonough, which gives
police probable cause to search Smith's house, yielding more evidence,
and Smith was indicted for robbery.  At trial, he attempted to suppress
the pen register data (and thus the house search as fruits of the
poisonous tree) as a Fourth Amendment illegal search.  He lost, and
appealed.  

THe USSC agreed.  The telco central office was not Smith's property, 
hence was not his Constitutionally protected area under the Fourth
Amendment.  Also, the court accepted the State of Maryland's contention
that Smith could not have expected to keep the numbers he dialed
private, because he needed to have those numbers register at the telco
in order to connect the call at all, and for accurate billing, to check
for defective dial, and a variety of other legitimate business purposes.

It's also important to note that the telco was not obliged to install
the pen register, and so Smith assumed the risk that the telco might
decide to give information to state authorities.

So, the USSC concluded that there was no Fourth Amendment violation in
the telco's voluntary operation of a pen register, and yielding its
record of telephone numbers to police.  This does not preclude the
possibility of statutory privacy protections -- such as, oh, say, those
of the Electronic Communiications Privacy Act of 1986 (too late to be
cited by Smith).


Google's lawyers' comparison of the current class-action suit to the
Smith case is humbug in that the text data they are harvesting out of
sent and received e-mail, not to mention the real-time tracking data
they are compiling on their users' Web usage, is NOT necessary to the
transport of that e-mail (unlike telephone numbers for the telco).

In any event, cases like the Smith one and the current class-action case
that cites it -- and the attitudes they reveal -- are part of the reason
I choose to outsource as little of my Internet operations as possible,
and don't trust J. Random Web Site's Javascript programs.


----- End forwarded message -----

More information about the conspire mailing list