Google admits to reading your emails, claims you should expect it.

[Vyvyan Basterd]

While I don't agree with Google's email policy (and thus don't have an email account with them), it seems some perspective is being lost.

Why would you use a non-secure email address to send sensitive information? You've breached your own security by doing so. That's why most corporations block webmail as a potential security breach, requiring any work-related emails to be sent via secure email.

Why would you share a computer with anyone, at home or especially at work, that you couldn't trust with your confidential information? You've breached your own security by doing so. And most likely violated your company's security policy by sharing at work.

 

[Janx]

So, just for example, let's say you're using a shared computer (the family PC at home, or a work PC) to send private e-mails, relying for your privacy upon the password-resctricted access to your webmail account, and some of those e-mails discuss private and personal subjects.

And then somebody else is browsing the web using the same computer, and starts seeing ads pop up for specialised medical sites, or dating sites, or recruitment sites.

Google may not have explicitly revealed the fact that you have a specific medical condition, or sexual preference, or that you're planning on firing a particular person, but it's certainly doing a lot to help someone join the dots.

Part of the problem with this example is profile management on shared devices.

In the Windows 95 era, normal people didn't have logins to their computer. You turned it on, surfed porn, turned it off. then your mom turned it on, surfed for recipes, looked at porn ads, and that was it. You had no real privacy (technically you could, but normal people didn't know that) because it wasn't in your face.

Sometime around Windows XP, that model changed, and EVERYBODY got a login prompt. Instead of being off by default, it was now enforced by default. This meant you login as you, surf porn, cookie gets written to YOUR profile's cookie directory, then you log off. When your mom logs in, she's loading cookies from HER profile directory.

Problem solved.

Except that now we get to mobile devices which don't account for different users when you pick up the device. So we're back to the old model that this highly personal device isn't all that personally protected.

Now in the last few years, I'd heard some Androids were getting a front-facing profile selector when you swipe open the device. Basically setting the stage for Mommy's profile, and the kids, so the stuff is separate again.

And the alleged fingerprint scanner in the Home button on the next iPhone would presumably be for the same purpose. Identify WHO is using the device, before showing apps, content and data.

Once every device is secured by user profile and users are not foolishly sharing their profile, then you've got protection over this simple part of the privacy problem.

Which is sharing your machine with other people without isolating your data, cookies, profile from them.

this problem isn't the password to my gmail account or the cookies I'm collecting when I surf. The problem is letting somebody else use my profile on the PC/mobile device.

do not F'ing do that. That's actually a HIPAA violation in the workplace. Any IT shop or InfoSec office at a company should ban profile sharing or password sharing. I login, I do stuff, I logout or lock the console before I step away.

the same applies at the house. My wife logs in on her account, I log in as mine. We don't share smart phones, except in the most utilitarian ways (can you look up XYZ that only exists on my device, my hands are full).

 

[Dannyalcatraz]

Why would you use a non-secure email address to send sensitive information?

1) Simple economics: small businesses- about 50%+- of most economies- may not be able to afford secure email addresses, and use what everyone else does. This is especially true of start ups. And once you've established an email address, changing it is ridiculously expensive.

2) Publicity: not everyone is aware that such things as secure email services exist as a commercial option. They go with whatever their initial hookup is.

3) Simple ignorance: most people probably assume their email service operates like a postal service or package delivery service and does not look at message content...myself inluded, in all honesty. And I just looked at a random sampling of fellow professionals' (lawyers, mediators, accountants, MDs, etc.) email addresses in my inbox & address book: I saw Verizons, Gmails, Hotmails, etc. IOW, unless you're very tech savvy, this is probably news to you.

 

[Janx]

While I don't agree with Google's email policy (and thus don't have an email account with them), it seems some perspective is being lost.

Why would you use a non-secure email address to send sensitive information? You've breached your own security by doing so. That's why most corporations block webmail as a potential security breach, requiring any work-related emails to be sent via secure email.

Why would you share a computer with anyone, at home or especially at work, that you couldn't trust with your confidential information? You've breached your own security by doing so. And most likely violated your company's security policy by sharing at work.

Yup. This is one of the reason's it's a HIPAA violation to send patient info via email unless it is "secure" which means encryption, contracts, etc.


For work, it's a completely dumb idea.

For home, it's probably a little more complicated. I tell everybody I know to NEVER use the free email address from your internet provider. At the simplest because one day you will fire them, and now you've got drama with your friends to get them to switch to the new address. Plus, there's the technical hassles that they invariably don't connect to smartphones well, or have crappy web interfaces (or none at all), so now we have to port your email over when you change computers.

From that position, using Hotmail or Gmail are the top leading free- email providers. Never use yahoo, they're a hacker-fest, and AOL is for Clydes. Gmail has the best support for mobile devices and other email clients (it supports IMAP, hotmail only does POP and POP sucks compared to IMAP for features).

That pretty much means, everybody gets recommended to use Gmail. It works, until now, it was reasonably private and mostly secure.

For normal people, I am pretty much guaranteed to be able to get them going with Gmail, get it working in an intelligent way with their smart phone (the mail stays on the server with IMAP) and even get it working with Outlook if they insist on using that.

Everybody who insists on using something else runs into problems, so Gmail wins because it is stable, not obscure, and it just works.


So the question is, what do "normal" people who aren't cheating on their spouse or plotting to overthrow the government have to fear from Google?

And don't give us the "slippery slope to erode our freedoms" argument, as society tends to backlash on that before the "horrible consequences" ever get here.

While I agree Google's statement is horribly stated and logically leads to "Being Evil", let's look at where the rubber actually meets the road for a second.

What could normal people be doing that this policy ACTUALLY causes a problem for?

 

[Vyvyan Basterd]

I do have hotmail (as I don't do mobile) and use that for emails between friends, etc. But I use a secure email address when dealing in anything I would rather be kept private. So even if I do "fire" my service provider (haven't for over a decade) I have very few people that would have to be updated.

 

[Janx]

I do have hotmail (as I don't do mobile) and use that for emails between friends, etc. But I use a secure email address when dealing in anything I would rather be kept private. So even if I do "fire" my service provider (haven't for over a decade) I have very few people that would have to be updated.

I'd bet you pay money for that secure service, and that it does NOT operate like normal email.

One of the factoids I forgot to mention, as it may form some of the basis for Google's position is that basic email is NOT secure per its specification.

SMTP is the protocol used and it does not guarrantee delivery or secrecy.

When I send an email from my server to yours, it is transmitted in clear text. Anybody with a packet sniffer that is sitting between our servers on the network could intercept those bytes and read the message.

thus, there is no expectation of privacy in the sense that your email is safe from criminals or even someone doing a network test for an unrealted and legitimate reason.

Truly secure email requires more technical aspects to be aligned.

If you and I work in the same company running Exchange for instance, mailing something to you is secure because Exchange talks to itself with its own protocol.

If you work at a different company, IT can setup TLS (forget what it stands for) between our 2 servers and that can be secure.

If both parties are on the same server, the data never leaves the server. For example If I email Vyvyan from my hotmail to his, then it is secure by virtue of it never traveled outside of Microsoft.

In the case of services offering Secure Email, they invariably have a few different forms. The one snowden used could accept email from outside services that were thus
"unsecure" but they could guarantee that NOBODY but you could log into your account to read it once it got to their server.

Other services require all parties to be have accounts with them (a form of "all in the same server" solution). At best, your insecure email will get an email saying you have new email on the secure service and contain a link to the web site so you can log in and see it.

Google's argument may be relying on this foundation that plain email was never secure in the first place.

 

[Dannyalcatraz]

So the question is, what do "normal" people who aren't cheating on their spouse or plotting to overthrow the government have to fear from Google?

And don't give us the "slippery slope to erode our freedoms" argument, as society tends to backlash on that before the "horrible consequences" ever get here.

While I agree Google's statement is horribly stated and logically leads to "Being Evil", let's look at where the rubber actually meets the road for a second.

What could normal people be doing that this policy ACTUALLY causes a problem for?

If Google's lawyers were being precise when they used the "expectations of privacy" language, then everything sent via their system is essentially discoverable and admissible in court since it was handled by a third party excluded from all incarnations of privacy rules. Law enforcement might not even need a warrant to search the stuff. Because if there is no expectation of privacy, it is as if you were conversing with someone on a busy street corner in public.

So, email communications with your MD, lawyer, accountant, etc. is all fair game. Email between MDs, lawyers and accountants, etc. discussing your information would be fair game.

Communications between the "home office" and your mobile device would be fair game. Even if its a company phone, you have no "expectation of privacy" according to G.

All because they want to target some ads.

And lets not discount discussions of things like adultery. That's still a criminal offense in some states, as well as an offense under the UCMJ punishable by dishonorable discharge, forfeiture of all pay and allowances, and confinement for 1 year.

Again, all because they want to target some ads.

So, Google (and others), either charge me for the service and do away with the ads or keep emai free and put the ad software on "randomize"so you don't need to scan the contents.

 

[Vyvyan Basterd]

SMTP is the protocol used and it does not guarrantee delivery or secrecy.

When I send an email from my server to yours, it is transmitted in clear text. Anybody with a packet sniffer that is sitting between our servers on the network could intercept those bytes and read the message.

True. I didn't mean secure as in what my company uses. I mean "not scanned by the host." I don't send critically vital information via email and only expect a modicum of privacy, not guaranteed privacy.

 

[Janx]

If Google's lawyers were being precise when they used the "expectations of privacy" language, then everything sent via their system is essentially discoverable and admissible in court since it was handled by a third party excluded from all incarnations of privacy rules. Law enforcement might not even need a warrant to search the stuff.

So, email communications with your MD, lawyer, accountant, etc. is all fair game. Email between MDs, lawyers and accountants, etc. discussing your information would be fair game.

Communications between the "home office" and your mobile device would be fair game. Even if its a company phone, you have no "expectation of privacy" according to G.

All because they want to target some ads.

And lets not discount discussions of things like adultery. That's still a criminal offense in some states, as well as an offense under the UCMJ punishable by dishonorable discharge, forfeiture of all pay and allowances, and confinement for 1 year.

Again, all because they want to target some ads.

Note: I'm just playing Phil the Prince of Insufficient Light's advocate here. I'm hoping the discussion reveals some specific examples of "harm" that Google's policy can make.

On privacy with your MD, he shouldn't be emailing you about anything. One of mine uses a secure web portal for all such communications about tests and appointments.

For lawyer, the clients I have use a Secure Email service. We talk in voice or they send stuff over that. I've never had a lawyer for more traditional things, but I would hope we stick to voice or direct meeting.

For accountants, assuming they are an employee, they will have a company account (even if it's just a small part time accountant). I wouldn't want email from them explaining how offshore accounts work outside of my server....

For company emails to smart phones, your smart phone should be tying into the corporate mail server (Exchange usually). Employees should not be forwarding work email to a gmail account in order to receive it on their smart phone. Most smart phones can bind to multiple email services/mailboxes for this reason.

I'm not as caring to folks breaking laws as I am to people who don't have anything to hide. Are the latter being harmed?

The generic situation I envision in most privacy is violated is where someone with access and authority goes snooping for data on somebody they know (or gets paid by a "friend" to snoop) and the lack of access controls gives them info they shouldn't have.

To me, this is an abuse of power (technically, that's what Snowden did) due to opportunity (having access without safety checks) and motive (wanting the info for non-work related reasons).

I think all email should require a warrant/subpoena thing. Something from a court, documented and authorized.

Email might not be perfectly secure, but there is the expectation that only bad guys are violating that privacy/security barrier.

 

[Dannyalcatraz]

Note: I'm just playing Phil the Prince of Insufficient Light's advocate here. I'm hoping the discussion reveals some specific examples of "harm" that Google's policy can make.

On privacy with your MD, he shouldn't be emailing you about anything. One of mine uses a secure web portal for all such communications about tests and appointments.

Just sticking with the MDs, there are all kinds of communication that can occur via mail or phone that- by Google's logic- would be outside of MD/patient privilege.

(edit)
Q: Does the HIPAA Privacy Rule require hospitals and doctors’ offices to be retrofitted, to provide private rooms, and soundproof walls to avoid any possibility that a conversation is overheard?

A: (edit)

...the Privacy Rule does not require the following types of structural or systems changes:

- Private rooms.

- Soundproofing of rooms.

- Encryption of wireless or other emergency medical radio communications which can be intercepted by scanners.

- Encryption of telephone systems.

(edit)

Q: May physician’s offices or pharmacists leave messages for patients at their homes, either on an answering machine or with a family member, to remind them of appointments or to inform them that a prescription is ready? May providers continue to mail appointment or prescription refill reminders to patients’ homes?
A: Yes. The HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes, whether through the mail or by phone or in some other manner. In addition, the Rule does not prohibit covered entities from leaving messages for patients on their answering machines. However, to reasonably safeguard the individual’s privacy, covered entities should take care to limit the amount of information disclosed on the answering machine. For example, a covered entity might want to consider leaving only its name and number and other information necessary to confirm an appointment, or ask the individual to call back.
A covered entity also may leave a message with a family member or other person who answers the phone when the patient is not home. The Privacy Rule permits covered entities to disclose limited information to family members, friends, or other persons regarding an individual’s care, even when the individual is not present. However, covered entities should use professional judgment to assure that such disclosures are in the best interest of the individual and limit the information disclosed. See 45 CFR 164.510(b)(3).
In situations where a patient has requested that the covered entity communicate with him in a confidential manner, such as by alternative means or at an alternative location, the covered entity must accommodate that request, if reasonable. For example, the Department considers a request to receive mailings from the covered entity in a closed envelope rather than by postcard to be a reasonable request that should be accommodated. Similarly, a request to receive mail from the covered entity at a post office box rather than at home, or to receive calls at the office rather than at home are also considered to be reasonable requests, absent extenuating circumstances. See 45 CFR 164.522(b).
(edit)

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/incidentalu&d.pdf

Because if you request the email and get it, it doesn't matter if the MD's, lawyer's or accountant's service was secure or not if yours wasn't.

And the thing is, if communications using the US Mail and the phone companies aren't required to be encrypted to have an expectation of privacy, why should Google be treated any differently? Because they want to sell targeted ads? I don't think any court will buy that, especially since they could just as easily send users non-targeted ads.

I'm not as caring to folks breaking laws as I am to people who don't have anything to hide. Are the latter being harmed?

If the communication is otherwise privileged, then yes. The law says that the protection granted by privilege is content-neutral. If we start making exceptions for violating the privilege because it is about illegal or immoral acts, then we undermine the function of many of the privileges.

For example, it makes no sense for priest/penitent privilege to be nullifiable if the penitent is discussing bad things- that's the point of the relationship.

It would also impede the Constitutional right of a defendant to fully communicate with his attorney to mount a defense.

It may be essential to your treatment for an ailment or injury to disclose to the medical staff that you did something illegal. (For public health reasons alone, it is preferable that criminals undergo successful treatment of infectious agents instead of fearing arrest and therefore becoming Patient Zero.)

Etc.

I think all email should require a warrant/subpoena thing. Something from a court, documented and authorized.

I agree. And AFAIK, it currently does.

But if Google is right and you don't have an expectation of privacy, that may not be required. It would no more require a subpoena or warrant than asking for the testimony of the guy who sat at the next table from you when you discussed taking out a hit on Carrot Top.

Email might not be perfectly secure, but there is the expectation that only bad guys are violating that privacy/security barrier.

Or the police...or the Media...or a business rival...

If you have no expectation of privacy, whatever you say is as fair game as an overheard conversation.

Which is why- if you go to jail- you don't openly discuss your case via the provided phones. You have no expectation of privacy- they listen to those, and anything and everything you say can be used against you...and even leaked to the media. Instead, you make an appointment and get a private room.

Which is why- if you are seated in the back of a police car, unrestrained with the door open and the officers standing 50 yards away, you don't openly discuss the situation. It's the same as the prison phones- the radio may be on, and there may even be a camera on you. IOW, they'll be listening.