Gmail says no expectation of privacy, kinda.

Consumer Watch put out a press release yesterday about a court filing made by Gmail that says Gmail users have no expectation of privacy. I pulled a bunch of the docs yesterday, but have had no real time to read or digest them.
For recap users everything I pulled (and stuff other people have pulled) are available at Archive.org.
The initial complaint was filed under seal at the request of Google. The redacted complaint doesn’t tell us a lot, but it’s available for people to read if they’re interested.
The doc everyone is talking about is Google’s Motion to Dismiss. Everyone is up in arms about Google saying, in that filing, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” (page 28, line 9). What no one seems to have mentioned is that this is actually a quote from a case that Google is referencing. The whole paragraph may lead one to a different conclusion.

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979). In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the Court explained that in using the telephone, a person “voluntarily convey[s] numerical information to the telephone company and ‘expose[s]’ that information to its equipment in the ordinary course of business.” Id. at 744 (emphasis added).
The same is true of email sent through an ECS provider. As numerous courts have held, the automated processing of email is so widely understood and accepted that the act of sending an email constitutes implied consent to automated processing as a matter of law. See, e.g., State v. Townsend, 57 P.3d 255, 260 (Wash. 2002) (finding that sender of email impliedly consented to interception of his email because “in order for e-mail to be useful it must be” subjected to automated processes, such as being “recorded on another computer’s memory.”); Commonwealth v. Proetto, 771 A.2d 823, 829 (Pa. Super. Ct. 2001), aff’d, 837 A.2d 1163 (Pa. 2003) (“Any reasonably intelligent person, savvy enough to be using the Internet, however, would be aware of the fact that messages are received in a recorded format, by their very nature, and can be downloaded or printed by the party receiving the message. By the very act of sending a communication over the Internet, the party expressly consents to the recording of the message.”);State v. Lott, 879 A.2d 1167, 1172 (N.H. 2005) (sender of instant messages “implicitly consented” to the interception of his communications where he voluntarily sent instant messages knowing that, by the medium’s nature, his messages would be automatically recorded).

It’s not that Google is saying this, Google is quoting a 1979 court case: Smith v. Maryland. Smith v. Maryland says that recording the numbers dialed is not a search and does not require a warrant.
I’m not a lawyer, so I don’t know how applicable Smith v. Maryland is in this case. It seems to me that a phone number is closer to the email address rather than the entire content of the email. But, I can also see that any email provider has to “record” the entire body of an email in order to transmit it.
What I can tell you is that I disagree that Gmail has somehow broken new ground in privacy violations and being arrogant about it. They’re quoting a 30+ year old court case, which has been referenced in thousands of other cases. This isn’t new, it’s business as usual.