This week, the consumer advocacy group Consumer Watchdog got a lot of press over their publication of Google’s statement in a court document that Gmail users–and anyone who emails them–can’t expect any privacy in their email.
The paragraph that everyone’s talking about is as follows:
“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed,“a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979).” (emphasis added)
It seems like a shocking admission, but it’s really nothing new. Google has done automated scans of Gmail since it launched in 2005. And because Google offers Gmail as a “free” (translation: you pay with your data) service, it monetizes it through tracking and advertising. Any free email service comes with privacy violations, including Outlook.com (formerly Hotmail) or Yahoo! Mail.
The extremely consumer-unfriendly legal principle that Google bases its argument upon is called the Third Party Doctrine. Simply put, it means that if you share information with any third party, you can’t expect privacy in it. A real life example: if I have a secret I want to keep from you, but I tell my friend, it’s out of the bag as far as the law is concerned. When you think about all the third parties you’re forced to interact with online–Internet Service Providers, cloud storage services, social networks–it means pretty much nothing is secret.
The Third Party Doctrine is yet another example of how far behind the technological times US law is. Another example: you have far more privacy in a physical letter you send in real life than in a digital email you send online.
Google’s argument that people who use Gmail can’t expect any privacy in the service should be a wakeup call that “free” email services are hardly private. When you use a service like Gmail, plenty of people and companies can access your data:
- The email provider company itself, like Google
- Their partners and affiliates
- Your ISP
- Your employer, in some cases
- Various government agencies, from the NSA to the FBI
They don’t just store what’s in your emails and who’s sending and receiving them, but information like IP address, location, common topics you talk about, your interests, your clicks, and more.
There are more private alternatives to Gmail, but nothing’s bulletproof. In fact, two quality private email services shut down in the past week because government snooping would force them to violate their users’ privacy (Lavabit and Silent Circle). There are a few private email services out there, like Unspyable, Countermail, or Riseup.net, but you may have to pay a few dollars a month. Look for a service that encrypts your data, and stay away from email services that make their money by collecting user data: it’s a business model that’s bad for privacy.
If you want to stick with your existing email but add another layer of privacy between your email address and outsiders, try using Masked or alias emails. They can forward messages to your real account so you still receive them, but you reduce the number of people who know your real email address. Plus leaked government documents show that using alias emails can interfere with the NSA’s surveillance processes, although it’s not a foolproof privacy solution.
You can also use a Virtual Private Network (VPN) to anonymize your IP address while you’re using your email. You won’t be stopping tracking, but you’ll feed the trackers a different IP address that doesn’t accurately show where you’re located.
There’s no denying that Gmail is super convenient–they have over 400 million users to prove it–but is the privacy tradeoff worthwhile to you?