Skip to main content

EFFector - Volume 17, Issue 12 - Google's Gmail and Your Privacy - What's the Deal?

EFFector       Vol. 17, No. 12       April 9, 2004

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 284rd Issue of EFFector:


Google's Gmail and Your Privacy - What's the Deal?

As you've no doubt already heard, Google's new "Gmail" beta email service is raising concern about privacy protection. How much concern? Well, it's not often that an email service is widely misinterpreted as an April Fool's joke!

The basic concept: Google plans to offer you a gigabyte's worth of email storage capacity - by one count, up to 500 times that offered by its competitors. But the company also intends to scan the contents of your email messages in order to display advertisements relevant to your online conversations.

Google's announcement last week of the new service sparked widespread speculation about the possible impact Gmail would have on users' privacy. Among the questions EFF has been asking: What information would Google pull from email? Would it log this information? For how long? Could your Gmail address or any other personal identifier be linked to those logs - or to your Google search history?

This week, we sat down with Google and got some preliminary answers:

~ How Google Scans Your Email

The process happens instantaneously: Google scans your email in order to target relevant ads the moment you click to open a message. The scan examines the text of the email you are opening and extracts what Google calls "concepts" in order to target relevant ads. By the time the text of your email is displayed, the ads have already been chosen and placed on the same page.

~ No Log Made of "Concepts" Data

Google says that no record is created of the "concepts" extracted from your email, nor is a log made of which ads are served to you. (Advertisers will see your IP address if you click through an ad, but this is the way most ads work online.)

~ Your Gmail Email Address Can Be Linked to Your Search History

It is possible to link your email address to your search history using your unique Google "cookie" - a bit of software code that automatically allows both the Google search engine and Gmail to "recognize" you whenever you return to the website. Unless you delete it, this cookie will remain on your computer's hard drive for long enough to be effectively permanent.

While Google says that it doesn't currently correlate email addresses with search history, we know that the company will do so if required by law - e.g., if it receives a search warrant, subpoena, etc. For this reason, EFF strongly recommends that Gmail users delete the Google cookie often.

~ What's Next?

Although some of our concerns have been addressed, others remain. In next week's issue of EFFector, we'll discuss these concerns - many of which would apply to any business offering a free gigabyte of Web mail.

NYT article on Gmail:
http://www.nytimes.com/2004/04/08/technology/circuits/08goog.html
(Registration unfortunately required.)

EFF's weblog post on Gmail, including links to other relevant news articles:
http://blogs.eff.org/deeplinks/archives/001375.php#001375

Gmail privacy policy:
http://www.google.com/gmail/help/privacy.html


Comcast Tracks Websurfers, EFF Calls for Wipeout

San Francisco, CA - EFF filed a friend-of-the-court brief this week asking a federal appeals court to overturn a district court's ruling that Comcast Cable did not violate federal privacy law when it secretly logged its customers' web-surfing habits.

At issue in the case is whether Comcast collected "personally identifiable information" (PII). The lower court found that since Comcast covertly linked customers' online surfing patterns to a particular computer IP address rather than to a name, the company was not collecting personally identifiable information. Yet Comcast could easily have matched the IP address to the customer at any time.

"Taken to its logical conclusion, the district court's argument would mean that even your phone number and address do not qualify as personally identifiable information, since the information cannot be used to identify you without additional information from the phone book," said Kevin Bankston, EFF attorney and Equal Justice Works/Bruce J. Ennis Fellow. "Unless overturned, this decision could render useless a number of federal privacy statutes specifically written to safeguard information that could be used to identify you."

EFF amicus brief in the case:
http://www.eff.org/Privacy/20040408_Klimas_v_Comcast_Amicus_Brief.pdf


Courts Reject Record Companies' Bulldozer Litigation Strategy

Orlando, FL - The Federal District Court in the Middle District of Florida last week denied the motion of 16 record companies to force the Internet Service Provider (ISP) Bright House to reveal the identities of 25 individuals accused of copyright infringement using the FastTrack peer-to-peer network. The court ruled that the record companies had improperly joined the 25 individuals, who had nothing in common other than sharing an ISP, into a single lawsuit. The court found that such joining would result in "unreasonable prejudice and expense to the Defendants," as well as cause "great inconvenience" to the court.

In a second ruling this week in Pennsylvania, Judge Clarence C. Newcomer reaffirmed his previous finding requiring that record companies that seek to sue filesharers bring individual cases against the defendants rather than lump them all together.

"Courts are beginning to recognize that the record companies' crusade against filesharers is stepping on the privacy and due process rights of those accused," noted Cindy Cohn, EFF's Legal Director. "These decisions are simply requiring the record companies to follow the same rules that everyone else has to follow when bringing litigation."

For the full breaking news item:
http://www.eff.org/news/breaking/archives/2004_04.php#001360

Florida decision:
http://www.eff.org/cgi/tiny?urlID=169
(EFF; PDF)

Pennsylvania decision:
http://www.eff.org/cgi/tiny?urlID=170
(EFF; PDF)


EFF Seeks Socially Responsible Technical Director

EFF is seeking a fulltime technical director to start immediately and work out of EFF's San Francisco (Mission District) office. This person will be responsible for managing four members of EFF's technical staff and their various projects. Technical staff responsibilities include keeping our internal systems running and providing expert support to our attorneys and members. It also includes actively building, and supervising the building of, technologies that advance free speech and privacy. The technical director will be responsible for creating a cogent technology strategy for EFF. The director must be a team player. This person must be a good writer, good speaker and good listener. This person may be called on to be an expert witness, conference speaker, declarant in a court case, or debater against entertainment companies or government attorneys. Comfort with advocating for a position essential.

Project management experience absolutely required. Extensive experience (10 years+) with the Internet and various related technologies also required. Ideally, this person is already well known and respected within the Internet community. The job requires an in-depth understanding of network protocols and security, and experience with software and/or hardware development. Experience with telecom industry and technologies highly desirable. Familiarity with Internet civil liberties issues and EFF's work required. Salary at nonprofit scale and includes benefits package. This is a job for someone who wants to affect positive social change in the world. While the compensation is low and the work is hard, what we're working on is cutting edge, and you couldn't find a better group of people with which to work.

To apply, send a cover letter and your resume with links to some samples of your work to ctojob@eff.org no later than April 15, 2004. We request that you send these materials in a non-proprietary format, such as an ASCII text file. No phone calls please!


You Can Still Donate Your CD Settlement Check to EFF!

In the past month, EFF has received over $900 in CD price-fixing settlement checks, both directly through the public and through a website set up by EFF supporter Marc Freedman at www.donatemymusiccheck.com.

Thanks for your generosity! We're putting the funds to good use, battling to protect your rights against an industry that has shown little respect for its customers.

Help us bring donations from the settlement up over the $1,000 mark. With just a few more donations, we'll get there!

Stand up for your rights - donate your check now at the below URL:


http://www.donatemymusiccheck.com


miniLinks

miniLinks features noteworthy news items from around the Internet.

Info Activism Comes of Age
Siva Vaidhyanathan on the recent history of copyright and what activists are doing to change it:
http://firstmonday.org/issues/issue9_4/siva/index.html

Broad Coalition Asks FCC to Leave VoIP Alone
The group focused on economic arguments, opting not to comment on the FBI's request for surveillance access in VoIP services:
http://news.com.com/2100-7352_3-5186747.html

Canada Moves Toward VoIP Regulation
Our northern neighbors don't have a CALEA-styled surveillance future hanging in the balance, but they nevertheless want more control over the services:
http://news.com.com/2100-7352_3-5186851.html

Gmail Runs into Trademark Trouble
Is Goomail taken?
http://www.theregister.co.uk/2004/04/07/google_trademark/

Wal-Mart Joins the Copyfight?
The retail giant will soon sell DVD players equipped with ClearPlay - an on-the-fly editing technology that allows users to excise racy scenes. Directors claim that it violates copyright law and unacceptably drains the films' mojo:
http://www.eff.org/cgi/tiny?urlID=173
(San Francisco Chronicle)

Court Allows Challenge in Copyright "Boomerang" Case
A Colorado court has allowed a group of artists to continue its fight against the re-copyrighting of public domain work:
http://cyberlaw.stanford.edu/packets/vol_1_no_12/002081.shtml

Unfriendly Skies: ACLU to File Suit Over No-Fly Lists
The class-action suit will challenge the lists that keep supposedly dangerous people - and those who happen to have similar names - permanently grounded:
http://www.wired.com/news/privacy/0,1848,62964,00.html

Ohio Wants Paper Trails
Ohio's Joint Committee on Ballot Security, comprised of bipartisan legislators, voted 7-1 that all Ohio voting machines should have voter-verified paper audit trails by 2006. Now it's up to the legislature and Secretary of State to act on the recommendation:
http://www.ohiocitizen.org/moneypolitics/2004/ballotreport.htm

Lord of the Sims
Reason Magazine on unexpected patterns of social (mis)behavior in "The Sims Online":
http://www.reason.com/0404/cr.jw.hobbes.shtml

Op-ed: Florida's E-Day Tech Still Flawed
Mark Grossman of The Miami Herald with a scathing editorial on the e-voting situation in Florida:
http://www.miami.com/mld/miamiherald/business/technology/8362759.htm
(Registration unfortunately required.)

No More Recording "American Idol" for Cousin Vera
A Hollywood panel is pushing for locked-down set-top boxes that can record television only onto encrypted, device-specific DVD discs:
http://www.eff.org/cgi/tiny?urlID=172
(EE Times)

WIPO Broadcast Treaty Hits the Fan
It's only a draft - perhaps they're waiting for the final version to remove the evil?
http://www.wipo.int/documents/en/meetings/2004/sccr/pdf/sccr_11_3.pdf

http://www.freedom-to-tinker.com/archives/000571.html

http://www.corante.com/importance/archives/002925.html

Weinberger's Three Horsemen of the Infopocalypse
The noted author says that DRM, digital identity technologies and trusted computing will significantly damage our ability to work with digital content:
http://www.npr.org/rundowns/segment.php?wfId=1813438

France Moves Forward on "Digital Economy" Bill
The controversial legislation increases ISPs' liability for material they host and lowers the protections for users' email privacy:
http://www.rsf.fr/article.php3?id_article=9714

The RIAA Has No Clothes
The NYT on the recent study finding that file sharing doesn't hurt album sales:
http://www.nytimes.com/2004/04/05/technology/05music.html
(Registration unfortunately required.)

Gov't Clarifies Rule on Editing Foreign Work
A recent rule seemed to ban scientists from editing the work of colleagues in embargoed countries; the feds say that's not their intent:
http://www.nytimes.com/2004/04/05/politics/05PUBL.html
(Registration unfortunately required.)

Industry Standardizes DRM
ISO has codified MPEG Rights Expression Language - an expandable DRM-signaling system - into a standard:
http://www.drmwatch.com/standards/article.php/3334611

Lee Tien's Talk @ the Yale Cybercrime Conference
As blogged by Cardozo law professor Susan Crawford:
http://scrawford.blogware.com/blog/_archives/2004/3/28/30130.html

Music to Our Ears: Donating to Bands You Download
A Wilco fan got the group's latest album by downloading it from the Net, so he set up a site where others could donate to the band:
http://www.rollingstone.com/news/newsarticle.asp?nid=19556

B-Flag Burns Open Software Radio Projects
Software-defined radio makes it possible for one device to use many bands of spectrum, reducing the need to partition and sell swaths of the public airwaves to corporate squatters. Too bad the FCC's broadcast flag would make open source projects like this illegal:
http://software-radio.sourceforge.net/

iTunes Under Scrutiny
The Berkman Center's Digital Media Project with a study of the norms and laws around Apple's iTunes:
http://cyber.law.harvard.edu/media/itunes

FCC Loses Bid to Call Cable "Information Services"
Instead, the 9th Circuit held that cable providers look an awful lot like telecom services - a distinction that may force the coaxial giants to share their networks with competitors:
http://news.com.com/2100-1034_3-5183423.html

E.U. Grounds U.S. Request for Passenger Data
The E.U. Parliament says that U.S. requests for passenger data may violate privacy laws. Oh, really?
http://www.wired.com/news/politics/0,1283,62883,00.html


Staff Calendar

For a complete listing of EFF speaking engagements (with locations and times), please visit the full calendar.

  • April 13 -

    Fred von Lohmann speaks at the Association of the Bar of the City of New York
    New York, NY
    "The Future of Music and Video: The Latest Legal and Business Developments"
    http://stevegordonlaw.com/cuny_seminar.htm
    6:30 p.m. - 8:30 p.m.


Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
 http://www.eff.org/

Editor:
Donna Wentworth, Web Writer/Activist
  donna@eff.org

To Join EFF online, or make an additional donation, go to:
  https://secure.eff.org/

Membership and donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements and articles may be reproduced individually at will.

To change your address or other information, please visit: http://action.eff.org/subscribe/

If you have already subscribed to the EFF Action Center, please visit: http://action.eff.org/login.asp/

To unsubscribe from the EFFector mailing list, send an email to alerts@action.eff.org with the word "Remove" in the subject.

(Please ask donna@eff.org to manually remove you from the list if this does not work for you for some reason.)

Back issues are available at:
  http://www.eff.org/effector/

You can also get the latest issue of EFFector via the Web at:
  http://www.eff.org/effector/

Back to table of contents

Return to EFFector Newsletters Index


Please send any questions or comments to webmaster@eff.org

JavaScript license information