When Google first rolled out Gmail in 2004, the company's decision to monetize the service by serving targeted ads raised concerns of privacy watchdogs.
The Electronic Privacy Information Center questioned Google's practice, as did a coalition of other organizations. At one point, a California lawmaker proposed legislation to ban email providers from scanning emails. The measure never gained any traction, and concerns about the privacy implications of serving ads based on keywords in messages largely faded.
Until 2010. That's when Web user Keith Dunbar filed a potential class-action lawsuit alleging that Google violated the federal wiretap law by intercepting emails in order to serve ads.
Dunbar's lawsuit — later joined by other Web users — currently is pending in the Northern District of California, where Google recently filed a motion to dismiss the case. The people who are suing include both Gmail users and non Gmail users; the latter group says that Google has no right to scan emails that they send to Gmail account holders.
Google makes a host of arguments in favor of dismissal, including that Gmail users consented to the service's terms — which explicitly state that the company will scan emails for keywords and then serve ads that relate to the keywords.
Google also says that even people who don't have Gmail accounts — and therefore haven't consented to the terms of service — shouldn't be able to proceed in court. As part of this argument, Google says that people who send emails shouldn't expect that they will remain private.
“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s [email] provider in the course of delivery,” the company says. Google goes on to quote a 1979 Supreme Court case, which stated that someone doesn't have a “legitimate expectation of privacy in information he voluntarily turns over to third parties.”
That case dealt with telephone pen registers — or records of outgoing and incoming phone calls. The Supreme Court said in that ruling that law enforcement authorities don't violate the prohibition on unreasonable searches by installing pen registers on telephones. That case is what cleared the way for the National Security Agency to obtain records of metadata associated with people's telephone calls.
But that 34-year-old ruling also is increasingly seen as outdated in the Internet era, when nearly all digital communication relies on intermediaries. In fact, Justice Sonia Sotomayor specifically criticized that ruling last year, characterizing it as “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
She added: “People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.”
As a practical matter, it's odd for Google to rely on that 1979 ruling, given that it applies more to the metadata associated with emails — like the addresses — than the contents.
Also, it seems problematic for Google to cite that case given that the company is part of the Digital Due Process coalition, which is fighting to give users more privacy protections in email. Specifically, the group is fighting to expand the federal wiretap law by requiring law enforcement authorities to obtain search warrants before accessing users' email, regardless of how old the email is. Currently, the statute only requires search warrants for emails that are less than 180 days old.
Regardless, Google's decision to reference the 1979 case in its legal papers has sparked a public relations problem for the company. Earlier this week, the frequent Google critic Consumer Watchdog is calling attention to Google's brief in the case. “Google has finally admitted they don’t respect privacy,” John Simpson, Consumer Watchdog’s Privacy Project director, said in a statement. “People should take them at their word; if you care about your email correspondents’ privacy don’t use Gmail.”