Google claims that Gmail refrains from displaying ads next to potentially sensitive messages, such as those that mention race, religion, sexual orientation, health, or financial statements.
Automated scanning of email content
Google’s mail servers automatically scan emails for multiple purposes, including to add context-sensitive advertisements next to emails, and to filter spam and malware.
In 2004, thirty-one privacy and civil liberties organizations wrote a letter calling upon Google to suspend its Gmail service until the privacy issues were adequately addressed. The letter also called upon Google to clarify its written information policies regarding data retention and data sharing among its business units. The organizations also voiced their concerns about Google’s plan to scan the text of all incoming messages for the purposes of ad placement, noting that the scanning of confidential email for inserting third-party ad content violates the implicit trust of an email service provider.
In March 2011, a former Gmail user in Texas sued Google, claiming that its Gmail service violates users’ privacy by scanning e-mail messages to serve relevant ads.
In July 2012, some California residents filed two class action lawsuits against Google and Yahoo!, claiming that they illegally intercept emails sent by individual non-Gmail or non-Yahoo! email users to Gmail and Yahoo! recipients without the senders’ knowledge, consent or permission. A motion filed by Google’s attorneys in the case concedes that Gmail users have “no expectation of privacy”.
A court filing uncovered by advocacy group Consumer Watchdog in August 2013 revealed that Google stated in a court filing that no “reasonable expectation” exists among Gmail users in regard to the assured confidentiality of their emails. In response to a lawsuit filed in May 2013, Google explained:
“… all users of email must necessarily expect that their emails will be subject to automated processing … Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communications service] provider in the course of delivery.
A Google spokesperson stated to the media on August 15, 2013 that the corporation takes the privacy and security concerns of Gmail users “very seriously.”
April 2014 Terms of service update
Google updated its terms of service for Gmail in April 2014 to create full transparency for its users in regard to the scanning of email content. The relevant revision states: “Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.” A Google spokesperson explained that the corporation wishes for its policies “to be simple and easy for users to understand.”
In response to the update, Jim Killock, executive director of the Open Rights Group, stated: “The really dangerous things that Google is doing are things like the information held in Analytics, cookies in advertising and the profiling that it is able to do on individual accounts”.
Microsoft ad campaign against Google
In 2013, Microsoft launched an advertising campaign to attack Google for scanning email messages, arguing that most consumers are not aware that Google monitors their personal messages to deliver targeted ads. Microsoft claims that its email service Outlook does not scan the contents of messages and a Microsoft spokesperson called the issue of privacy “Google’s kryptonite.” In response, Google stated; “We work hard to make sure that ads are safe, unobtrusive and relevant … No humans read your e-mail or Google Account information in order to show you advertisements or related information. An automated algorithm — similar to that used for features like Priority Inbox or spam filtering — determines which ads are shown.” The New York Times cites “Google supporters”, who say that “Microsoft’s ads are distasteful, the last resort of a company that has been unsuccessful at competing against Google on the more noble battleground of products”.
Other privacy issues
2010 attack from China
In January 2010, Google detected a “highly sophisticated” cyber-attack on its infrastructure that originated from China. The targets of the attack were Chinese human rights activists, but Google discovered that accounts belonging to European, American and Chinese activists for human rights in China had been “routinely accessed by third parties”. Additionally, Google stated that their investigation revealed that “at least” 20 other large companies from a “wide range of businesses” – including the Internet, finance, technology, media and chemical sectors – had been similarly targeted. Google was in the process of notifying those companies and it was also working with relevant US authorities. In light of the attacks, Google enhanced the security and architecture of its infrastructure, and advised individual users to install anti-virus and anti-spyware on their computers, update their operating systems and web browsers, and be cautious when clicking on Internet links or when sharing personal information in instant messages and emails.
The February 2010 launch of Google Buzz, a former social network that was linked to Gmail, immediately drew criticism for publicly sharing details of users’ contacts unless the default settings were changed.
A new Gmail feature was launched in January 2014, whereby users can email people with Google+ accounts even though they do not know the email address of the recipient. Marc Rotenberg, President of the Electronic Privacy Information Center, called the feature “troubling”, and compared it to the Google Buzz initial launch privacy flaw.
Gmail suffered at least seven outages in 2009 alone, causing doubts about the reliability of its service. It suffered a new outage on February 28, 2011, in which a bug caused Gmail accounts to be empty. Google stated in a blog post that “email was never lost” and restoration was in progress. Another outage occurred on April 17, 2012, September 24, 2013, and January 24, 2014.[
Google has stated that “Gmail remains more than 99.9% available to all users, and we’re committed to keeping events like today’s notable for their rarity.”
On behalf of
In May 2009, Farhad Manjoo wrote on The New York Times blog about Gmail’s “on behalf of” tag. Manjoo explained: “The problems is, when you try to send outbound mail from your Gmail universal inbox, Gmail adds a tag telling your recipients that you’re actually using Gmail and not your office e-mail. If your recipient is using Microsoft Outlook, he’ll see a message like, “From email@example.com on behalf of firstname.lastname@example.org.” Manjoo further wrote that “Google explains that it adds the tag in order to prevent your e-mail from being considered spam by your recipient; the theory is that if the e-mail is honest about its origins, it shouldn’t arouse suspicion by spam checking software”.The following July, Google announced a new option that would remove the “On behalf of” tag, by sending the email from the server of the other email address instead of using Gmail’s servers.