No expectation of privacy, says Google

I spent yesterday afternoon in Judge Koh’s courtroom listening to arguments on whether or not the class action suit against Google based on their scanning of emails for advertising purposes can go forward. This is the case that made news a few weeks ago because Google stated in their brief that users have “no expectation of privacy” in using online services.
That does appear to be what Google is actually saying, based on the arguments by attorney Whitty Somvichian. He made it clear that Google considers everything that passes through their servers, including the content of emails, covered under “information provided to Google” in the privacy policy. Google is arguing that they can read, scan, and use that content to display ads and anything else they consider to be in the normal course of business.
I have pages and pages of notes but I have some paying work to finish before I can focus on writing up the case. There were multiple reporters and bloggers in the courtroom, but I’ve not found many article. Some I’ve found are:

This is an interesting case, though. The plaintiffs are asserting that Google scans and “reads” (electronically) every message that comes through their systems and that this is illegal interception. Google is stating that this is part of their normal business processes and vital for providing the Gmail service.
The judge had Google’s lawyer walk her through the different privacy policies submitted with the motion to dismiss. She wanted to know what specific phrases in the policies state that Google will be scanning information.
The defense lawyer asserted that Google tells users that any information “provided to Google” will be used, and that the content of emails sent to and from Gmail are part of the information “provided to Google.” This was a bit of a surprise to me, because I expect information I give to Google to be things like my phone number and recovery account addresses. I even expect the content of my docs stored on Google docs to be “information provided to Google.” But I never really expected the content of my emails to be part of that.
The plaintiff’s lawyer pointed out that the advertising is a “smokescreen” and that the real point of all of this is for Google to amass data about users and non-users. This data accumulation is not for the benefit of the users, it’s for the benefit of Google.
I’ll be going through my notes and the complaint this weekend and should have a more detailed post up early next week; I have some paying work to finish before I can focus on the case.
The judge scheduled a case management meeting for October 2 at which point they’re going to set a trial date. She does still have the option of granting Google’s motion, but I did not get the impression she was inclined to do that.

Related Posts

Spamming to hide fraud

An interesting article at NetworkWorld last month, describing spam bombs to victims of fraud and identity theft to hide the transactions and notifications from financial institutions.

Read More

Email verification – what are we verifying

One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid.
But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one part of validating email addresses.
That isn’t the only part, though. In my opinion, an even more important thing to validate is that the email address belongs to the person giving it to you. The Consumerist has had an ongoing series of articles discussing people getting mis-directed email from various companies.
Today the culprit is AT&T, who are sending a lot of personal information to an email address of someone totally unconnected to that account. There are a lot of big problems with this, and it’s not just in the realm of email delivery.
The biggest problem, as I see it, is that AT&T is exposing personally identifiable information (PII) to third parties. What’s even worse, though, is that AT&T has no process in place for the recipient to correct the issue. Even when notified of the problem, support can’t do anything to fix the problem.

Read More

Motion to dismiss in Penkava v. Yahoo case

Earlier this month Yahoo filed a motion to dismiss in the Penkava v. Yahoo. This is the class action lawsuit where an Alabama resident is attempting to sue Yahoo for violation of the California wiretapping law.
Here’s the short synopsis.
People send mail to Yahoo. Yahoo “creeps and peeps” on that mail so they can profit from it. Plaintiff doesn’t like this, and thinks that he can use the California Invasion of Privacy Act (“CIPA”), (Cal. Penal Code § 630, et seq;) to stop Yahoo from doing this. Additionally, there is a whole class of people who live in every state but California who have also been harmed by Yahoo’s actions. The plaintiff would like the court to make Yahoo stop doing this. (First Amended Complaint)
Yahoo’s motion to dismiss is actually pretty dry and there aren’t really any zinger pull quotes that make sense without reading the whole 35 pages. The short version is that what Yahoo is doing is not a violation of California law, it is simply handling email as it has to be done to get it to recipients. Plus, California law cannot apply to mail sent from a non-CA resident to a non-CA resident because that would violate the dormant commerce clause. The class as defined makes no sense. Finally, the plaintiff continues to send mail to Yahoo addresses knowing the mail is being “scanned” and that is implicit permission for Yahoo to do it.
In the initial complaint there was an allegation that Yahoo’s behaviour was a violation of Federal and/or California Wiretapping laws. These allegations appear to have been dropped in the First Amended Complaint.
Right now there is a hearing scheduled for March 13, 2013. I’ll keep an eye on the filings.

Read More