The "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" quote has been massively taken out of context by everyone who is covering this story.
The overall case appears to be about people complaining that Google scanning their emails and showing contextual ads is a privacy violation.
Most of this document is an explanation of why that shouldn't hold (Gmail users agreed to this when they signed the ToS, automatic scanning is essential for things like spam filtering and full-text search, legislating against this will kill innovation in online services etc).
The section that contains the "expectation of privacy" quote is in reply to part of the case which suggests that, while Gmail users may have accepted the ToS, non-Gmail users who send an email to a Gmail user have NOT accepted that ToS and hence are having their privacy violated.
The counter-argument presented is that, if you send a letter to someone and they allow their assistant to open it, you shouldn't be surprised by that. The analogy is that if you send an email to someone who has chosen to use a specific email provider, and that email provider automatically scans your email in some way, you shouldn't be surprised either.
As I read it, the "third parties" in the troublesome quote aren't Google themselves - they are the recipients of your email who happen to be using Gmail. You've turned over your information voluntarily to the recipient of your email, they can then chose to allow it to be automatically processed by the email provider they have an agreement with (without this violating your expectations of privacy).
I see your point, it's clear and has plenty of logic to it. Then I guess that the same argument will apply to my medical records, tax returns, GPS coordinates of my car, GPS coordinates of phone, my pay-per-view TV consumption, the who/when/where of the phone calls I make, etc.
Trust is vital in any economy that wants to function. This Google argument will make me trust no one.
Quote:
"...they nonetheless impliedly consent to Google’s practices by virtue of the fact that all users of email must necessarily expect that their emails will be subject to automated processing.
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery.
Indeed,“a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”
Smith v. Maryland,
442 U.S. 735, 743-44 (1979)..."
Agree. The sender has no guarantee that the recipient haven't handed over authority to open and read mail to somebody else. It is not necessarily anything wrong with that.
At my office my secretary reads most of my snail mail, and at home I have authorized my girlfriend to do the same. Gmail reads my email. In all cases my reasons are the same; I am having a hard time keeping up with all the mail that comes in and want someone to filter out what is relevant.
While the non-Gmail Plaintiffs are not bound to Google’s contractual terms, they nonetheless impliedly consent to Google’s practices by virtue of the fact that all users of email must necessarily expect that their emails will be subject to automated processing."
This is talking about non-Gmail users who send email to Gmail users.
Talking about privacy. Why use services like Scribd ?
A simple link to the pdf file hosted somewhere else would have suffice. I then can do my searches locally without them tracking exactly what I do (who views what, who searches what). SASS (Service as Software Substitute) is evil...
Should there not be a larger emphasis here on the nature of the service? It's not humans reading the mail, and the gathered data -as far as I know- does not enter the hands of a third party.
Anyone still using Google services since the NSA revelations is an idiot. I'd like to see them bankrupt after their betrayal of their do-no-evil and open source roots.
What open source roots? Their core software was always proprietary; if anything, with Android and Chromium, they're more open source than ever.
And frankly, I don't see great changes in the "don't be evil" policy either. When has Google been a great champion of users' privacy? Targeted advertising has always been their business model.
Frankly, the only thing I see is people's rose-colored glasses about the early Google.
I'm conscious of what happens, much before the NSA revelations this year.
I use 8.8.8.8 for DNS on some networks (for external resolution and for nagios) knowing perfectly that each request is registered and extrapolated.
I use an apple macbook air for some tasks, even if I know I've no control over many privacy issues in such machine.
On the other side, I've had offline networks for some data I didn't want never go out of my firewall. The only conection of such networks, was a 2TB USB disk, to update the mirrors of the software that such networks did need.
When I want to make something online not related to myself, I start from the beginning: using hardware not related to me or my credit card, and using an internet connection not related to me or my bank account.
I trust certain things, don't care about certain things, and care about others (i.e. my webcams and micros are always with duck tape, since invented, bluetooth? disabled, 3D in the browser? disabled, external fonts in the browser? disabled, etc).
>>Anyone still using Google services since the NSA revelations is an idiot
Care to name a good alternative then? And a good way to notify hundreds of people and companies to change my address to a new one,and convince dozens of friends to stop using hangouts and use X instead?
PKI specifically means you don't have to rely on secure key transfer.
Encrypt everything, and post your public key on any keyserver you choose. There is very little sensitive information in a public key (though it can tie you socially to another party, in a cryptographically strong manner, for those who are concerned about such things).
But the point is that an out-of-band and secure key transfer isn't required.
It's like Google is asking their users to leave their service. How about creating a Lavabit-like solution instead, Google, instead of telling users that "if you use our service, you have no expectation of privacy"?
I'll take "Because Google's entire business model around email is processing it to serve relevant ads next to it, which requires that they be able to read it" for $1000, Alex.
[+] [-] simonw|12 years ago|reply
The overall case appears to be about people complaining that Google scanning their emails and showing contextual ads is a privacy violation.
Most of this document is an explanation of why that shouldn't hold (Gmail users agreed to this when they signed the ToS, automatic scanning is essential for things like spam filtering and full-text search, legislating against this will kill innovation in online services etc).
The section that contains the "expectation of privacy" quote is in reply to part of the case which suggests that, while Gmail users may have accepted the ToS, non-Gmail users who send an email to a Gmail user have NOT accepted that ToS and hence are having their privacy violated.
The counter-argument presented is that, if you send a letter to someone and they allow their assistant to open it, you shouldn't be surprised by that. The analogy is that if you send an email to someone who has chosen to use a specific email provider, and that email provider automatically scans your email in some way, you shouldn't be surprised either.
As I read it, the "third parties" in the troublesome quote aren't Google themselves - they are the recipients of your email who happen to be using Gmail. You've turned over your information voluntarily to the recipient of your email, they can then chose to allow it to be automatically processed by the email provider they have an agreement with (without this violating your expectations of privacy).
I call bullshit on the whole story.
[+] [-] antr|12 years ago|reply
Trust is vital in any economy that wants to function. This Google argument will make me trust no one.
[+] [-] caoimhin|12 years ago|reply
[deleted]
[+] [-] nisdec|12 years ago|reply
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery.
Indeed,“a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979)..."
I think this is a good summary.
[+] [-] runarb|12 years ago|reply
At my office my secretary reads most of my snail mail, and at home I have authorized my girlfriend to do the same. Gmail reads my email. In all cases my reasons are the same; I am having a hard time keeping up with all the mail that comes in and want someone to filter out what is relevant.
[+] [-] simonw|12 years ago|reply
While the non-Gmail Plaintiffs are not bound to Google’s contractual terms, they nonetheless impliedly consent to Google’s practices by virtue of the fact that all users of email must necessarily expect that their emails will be subject to automated processing."
This is talking about non-Gmail users who send email to Gmail users.
[+] [-] caoimhin|12 years ago|reply
[deleted]
[+] [-] Shooti|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] hack37|12 years ago|reply
[+] [-] eitland|12 years ago|reply
[+] [-] DanBC|12 years ago|reply
[+] [-] hrkristian|12 years ago|reply
[+] [-] jkl32|12 years ago|reply
[+] [-] icebraining|12 years ago|reply
And frankly, I don't see great changes in the "don't be evil" policy either. When has Google been a great champion of users' privacy? Targeted advertising has always been their business model.
Frankly, the only thing I see is people's rose-colored glasses about the early Google.
[+] [-] txutxu|12 years ago|reply
I'm conscious of what happens, much before the NSA revelations this year.
I use 8.8.8.8 for DNS on some networks (for external resolution and for nagios) knowing perfectly that each request is registered and extrapolated.
I use an apple macbook air for some tasks, even if I know I've no control over many privacy issues in such machine.
On the other side, I've had offline networks for some data I didn't want never go out of my firewall. The only conection of such networks, was a 2TB USB disk, to update the mirrors of the software that such networks did need.
When I want to make something online not related to myself, I start from the beginning: using hardware not related to me or my credit card, and using an internet connection not related to me or my bank account.
I trust certain things, don't care about certain things, and care about others (i.e. my webcams and micros are always with duck tape, since invented, bluetooth? disabled, 3D in the browser? disabled, external fonts in the browser? disabled, etc).
Should I wear an "I'm an idiot" t-shirt ?
[+] [-] gambiting|12 years ago|reply
Care to name a good alternative then? And a good way to notify hundreds of people and companies to change my address to a new one,and convince dozens of friends to stop using hangouts and use X instead?
[+] [-] venomsnake|12 years ago|reply
[+] [-] dredmorbius|12 years ago|reply
Encrypt everything, and post your public key on any keyserver you choose. There is very little sensitive information in a public key (though it can tie you socially to another party, in a cryptographically strong manner, for those who are concerned about such things).
But the point is that an out-of-band and secure key transfer isn't required.
[+] [-] carlesfe|12 years ago|reply
[+] [-] MichaelApproved|12 years ago|reply
[+] [-] bonchibuji|12 years ago|reply
[+] [-] mtgx|12 years ago|reply
[+] [-] cheald|12 years ago|reply
[+] [-] Oletros|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]