Gmail’s not the problem: A look at misguided and dangerous privacy positioning

communication tools, google, law, society, technology

HARK! A powerful new technology! Let’s [try it / ignore it / ban it]!

History repeats itself. When new technology is developed, there are the early adopters who coo excitedly, those living under a rock who grunt “huh?” and varying degrees of those who issue warnings, which — at least as of late — seem to fit into one of several convenient categories:
1) Fighting against terrorism
2) Safeguarding values (e.g., “Protecting the children!”)
3) Protecting privacy

To simultaneously save me from getting writer’s cramp and enable you to finish reading this essay in under two hours, I’m just going to tackle the issue of privacy for now.

* * *

Examining privacy

First, let’s take into consideration the two fundamental aspects of privacy:

1) SECLUSION: Right to be left alone; protection from intrusion, interruption, etc.
2) SECRECY: Right to keep one’s personal life from prying eyes

Much ado has been made of Gmail’s alleged or potential violations of both types of privacy by other individuals (advertisers, hackers, employees) or entities (Google, other companies, government agencies). And admittedly, with seemingly so many potential loci for abuse, it’s understandable that many folks are concerned about a project of the scope of something like Gmail.

However, in this essay, I’d like to offer my opinions as to why these risks are outweighed by benefits and — more importantly — why focusing on ‘reforming’ (or even suspending) Gmail harmfully takes our eye off the real problems in our society.

* * *

Assessing privacy issues in the context of Gmail

It’s easiest to dispense immediately with the ‘right to be left alone’ aspect of Gmail. Unlike the flashy, gaudy, intelligence-insulting “You’re winner number 314159!” pop-ups that pollute leading Web mail services (and much of the rest of the Web), Gmail’s ads are deliciously unobtrusive. They don’t blink, they don’t flash, they just sit there quietly on the side — barely noticeable. And since Gmail does not insert so much as a tag line (much less ads) in any outgoing mails, it becomes even more difficult to forward an argument that Gmail creates an interruption or other intrusion into one’s daily life.

One might counter that the very presence of contextual ads may create a feeling of queasy intrusion. However, Gmail has (in my testing) been pretty cautious about placing ads next to apparently-personal or otherwise sensitive e-mails, and of course, it does not place any ads next to e-mail marked (automatically or manually) as spam. Still, there’s admittedly the possibility of an unpleasant juxtaposition of a heartfelt e-mail with a angst-inducing related ad, but such an occurence is also possible via a song on a radio, an ad on TV, a seemingly random phone call, and so on. Our minds are rich in imagination, and capable — for better or worse — of astounding leaps of correlation. Once again, this is not something one should hold Gmail responsible for, IMHO, and it hardly seems to fit into the issue of privacy. And of particular note, the Gmail text ads are lightyears away from the ludicrous example of a billboard in one’s living room, as one clearly-clueless senator has suggested in tandem with her anti-Gmail legislation.

So what we’re left with, then, is the more meaty and complex aspect of privacy-as-secrecy. With Gmail’s one gig of storage, it’s no doubt that many folks will practically be entrusting their life’s story — AND secrets — to Google. And in this area, I honestly have no easy answers. I will, however, attempt to address the various pieces:

– Security breaches / the bored employee
Google has an excellent history of data integrity, having (to my knowledge) avoided any data theft from its multi-billion dollar AdWords or AdSense programs. But other big players haven’t been quite so successful. Many of Amazon.com’s anonymous viewers found their screen names exposed a few months ago (frankly, much to my evil delight, since many if not most of the anons were shills and twits). On a less innocuous note, many Hotmail users found their accounts suddenly ‘open to the public’ due to a security exploit that Microsoft then understandably scrambled to fix.

Could Google stumble here? Nothing’s impossible. Unfortunately (and in fairness to Google), however, this is a universal problem. Though I’d frankly trust Google with my data over most other companies, I think it’d be a mistake to assume that anyone’s data is 100% safe, anywhere.

On a similarly sobering note, I’ll add that it’s trivially possible for an Information Systems worker at your company or your ISP to read your incoming and outgoing mail. Google has vehemently highlighted precautions it’s taken to prevent this happening at their company, and frankly, I believe them. Would you, as a highly-compensated employee, risk your job at such a coveted organization for the opportunity to snoop into likely banal exchanges? Seems unlikely to me. But that aside… once again, this is not a Gmail issue. This is a general e-mail issue.

– Selling/giving data to other companies
As a Google (AdWords) Advertiser and Publisher (AdSense), I can tell you point-blank that Google does an incredible job at protecting the data of both its users (visitors to Google.com and AdSense Web sites) and its advertisers. As both an advertiser and publisher, I am absolutely unable to glean any personal information about people who click on my ads. Google actually maintains a very strict separation between its departments, and were it (or another company) to risk this integrity in the future, the brand would be tarnished beyond recovery (and it’s not like there’s not competition!). In other words, unlike with almost every other transaction we partake in In Real Life, I firmly believe we can trust Google not to share our personal info with other companies.

– Giving our secrets to federal governments… oh yeah, and lawyers
If Ashcroft applied enough pressure to Google next month and insisted on wiretapping a few dozen “suspected terrorist” accounts, I’m betting that Google would buckle.

Wow, that’s probably not what you expected me to say, is it?

I’ll surprise you further: I have no doubt that lawyers are indeed salivating at the likelihood of millions of people getting Gmail accounts and storing voluminous amounts of discoverable data, perfect for future lawsuits.

Of course, Ashcroft and — to a less chilling but likely more common extent — Dewey Cheatem and Howe have been subpoening mail records from Hotmail, Earthlink, Comcast, Big 10 universities, Fortune 500 companies, and so on. Gmail just expands the scope.

But Gmail isn’t the problem

And now we get to the meat of this essay, in which I argue — after acknowledging Gmail’s unwilling-but-likely facilitation of government and lawyerly snooping — that Gmail is absolutely, positively not the problem.

Electronic Freedom Fighter and longtime smart-geek Brad Templeton gives us a good start here via his entry on Privacy and Gmail, which includes:

…there are also some deep issues here, worth discussing with not just Google but all the other webmail providers

…but Brad doesn’t go far enough. E-mail privacy concerns aren’t — or at least shouldn’t — be just limited to Webmail. As noted above, your mail is susceptible to snooping no matter where it resides… unless you’re one of the 0.0000002% of geeks who use encryption, and that’s likely to send up a red flag to Ashcroft anyway ;-). And though Brad’s suggestion that Gmail incorporate a more user-friendly form of encryption has merit, I think it’s a mere bandaid on larger problems. In fact, I’m generally uncomfortable with the feeling that Brad places the onus of responsibility (and solutions) upon technology, rather than those who abuse human rights via such technologies.

As we move these things [record of peoples’ lives] online and outside, we build some of the apparatus for a surveillance society.

I strongly disagree. This is like saying that when Japan set up high-speed rail transit, the country created the apparatus for criminals to flee farther and faster. Or as long distance calling costs have become insanely cheaper over the last 15 years, it’s made it much, much easier for people to plot nefarious acts over the phone more affordably.

The introduction of new technologies — or the exponential improvement of existing technologies — facilitates opportunities for good and for not-good. But blaming the technologies (particularly communication technologies) is horribly wrong for two reasons:

1) It stifles innovation, and keeps costs artificially high.

Can you imagine how much more work — and perhaps more value — Google could be putting into Gmail if they were able to spend less time fighting PR fires?

2) It takes our attention off of the real culprits: federal powers without sufficient accountability or checks or balances, not to mention a legal system which rewards, even necessitates antagonism over consensus.

Let’s stop blaming tools, and start fixing the deeper problems

We should channel our indignations towards privacy-enroaching intrusions such as the Patriot Act. We should vote our representatives — Democrat or Republican — out of office when they value false security over liberty. We should demand accountability, and insist that our journalists actually ask tough questions in Washington D.c. (and around the world). We should, as Brad rightly notes, fix The Electronic Communications Privacy Act (“ECPA).

Wringing our hands over Google isn’t just misguided, it’s dangerous in that it blinds us to the root of deeper problems in our society:

1) As a society and individually, we’re generally unable to intelligently weigh risks.

In our quest to “fight terrorism” we forget that far more people die from spousal abuse, drunk driving, malnutrition, etc. Will Ashcroft start scanning our e-mails for keywords relating to those causes of death? That’s (thankfully) doubtful, but only because he — and most of the FOX-watching public — is unable to thoughtfully weigh risks and benefits.

In the vast storage that Gmail offers, non-profits can save and find key documents that help them better deliver social services. Grandparents can pull up pictures of their grandkids. Self-employed folks can be more productive, boosting their bottom line and doing their part to also buoy the economy. Sure, these are all butterfly-flaps, so to speak, in the ongoing history of society, but in the aggregate it adds up to a lot of good.

2) We are tragically misinformed and poorly educated and we don’t seem to care.

We fail to take our liberties seriously until we see sensationalist articles in the paper or hear about grandstanding bills proposed by a tech-ignorant senator.

When I recently chatted with some friends here in the generally tech-savvy area of San Francisco about Gmail, nearly half suggested to me that they wouldn’t touch Gmail with a ten-foot pole. “They’re gonna read all the e-mail I get!” was the oft-expressed concern. Clearly, these people had no clue that their e-mails are already “read” many times enroute to their destination, nor did they think to actually visit Google’s Gmail pages to get the real info about what the service would and would not be doing. Funny, but I don’t recall my friends worrying about the privacy of their e-mail before.

I don’t think the masses are misinformed because they’re dumb (though there’s certainly some of that). Rather, we absorb AND support the lowest common denominator in journalism. Not only does sex sell, but so does any bad news — whether it’s relevant or even true. “Duh, Sherlock” I hear you saying, teasing me for pointing out the obvious.

But if it’s so obvious, why aren’t people like Brad and other prominent technologists decrying the lack of journalistic integrity and dearth of basic technological education and knowledge in our society? I have no doubt that if more people knew and truly understood the tenuousness of our personal privacy in society (with regards to credit card purchases, political affiliations, and yes, e-mail), they’d be concerned and mobilized to change the fabric of society and government… rather than throwing stones at a Webmail provider that’s providing a richer offering than its competitors.

In summary…

We need to focus on the fundmental roots of the erosion of our privacy, and realize that Gmail is a serendipitous wakeup call, not a culprit.

True… Gmail, in itself, is not likely to lead to absolute world peace, and indeed, it’s admittedly easy and sometimes tempting to overstate what may be more of an evolutionary rather than revolutionary technological offering. But every moment people spend attacking this or any other communication tool amounts to time and efforts distracting us from the real (and real serious) issues facing our nation and our world.

* * *

Related entries:
Brad Tempton’s essay on The GMail Saga
My review of Gmail
My writeup of Gmail tips and tricks
– Blog posts (via Technorati) on Gmail and Privacy

1 comment… add one
  • James Mar 11, 2008

    Hi Adam,
    You are right G mail is seems as corporate use,
    and it’s serves the best it’s services, but the sister of G mail is orkut is failed in protecting privacy, security and spoiling the social life.
    Do G mail can separated from orkut?
    For orkut users there would be different registration and no need of G mail account for the same.

What do you think?