The Dark Side of Google You Never Knew: Was in Gmail
I recently wrote about Google’s Street View program, and how after a series of investigations in the US and Europe, we learned that Google had used its Street View cars to carry out a covert — and certainly illegal — espionage operation on a global scale, siphoning loads of personally identifiable data from people’s Wi-Fi connections all across the world. Emails, medical records, love notes, passwords, the whole works — anything that wasn’t encrypted was fair game. It was all part of the original program design: Google had equipped its Street View cars with surveillance gear designed to intercept and vacuum up all the wireless network communication data that crossed their path. An FCC investigation showing that the company knowingly deployed Street View’s surveillance program, and then had analyzed and integrated the data that it had intercepted.
We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”
“Your digital identity will live forever… because there’s no delete button.” —Eric Schmidt
Most disturbingly, when its Street View surveillance program was uncovered by regulators, Google pulled every crisis management trick in the book to confuse investors, dodge questions, avoid scrutiny, and prevent the public from finding out the truth. The company’s behavior got so bad that the FCC fined it for obstruction of justice.
The investigation in Street View uncovered a dark side to Google. But as alarming as it was, Google’s Street View wiretapping scheme was just a tiny experimental program compared Google’s bread and butter: a massive surveillance operation that intercepts and analyzes terabytes of global Internet traffic every day, and then uses that data to build and update complex psychological profiles on hundreds of millions of people all over the world — all of it in real time. You’ve heard about this program. You probably interact with it every day. You call it Gmail.
Google launched Gmail in 2004. It was the company’s first major “log in” service and was aimed at poaching email users from Microsoft and Yahoo. To do that, Google offered one gigabyte of free storage space standard with every account. It was an insane amount of data at the time — at least several hundred times more space than what was being offered by Yahoo or Hotmail — and people signed up en masse. At one point, Gmail’s limited pre-public release invites were so desirable that at one point they fetched over $150 on eBay.
To tech reporters Gmail’s free email service was nothing short of revolutionary. New York Times tech columnist David Pogue wrote: “One gigabyte changes everything. You no longer live in terror that somebody will send you a photo, thereby exceeding your two-megabyte limit and making all subsequent messages bounce back to their senders.”
And what about the fact that Gmail scanned your email correspondence to deliver targeted ads?
Well, what of it?
Gmail users handed over all their personal correspondence to Google, giving the company to right to scan, analyze, and retain in perpetuity their correspondence in return for a gigabyte of storage, which even at that early stage already cost Google only $2 per gigabyte per year.
Selling the contents of our private and business life to a for-profit corporation in return for half a Big Mac a year? What a steal!
You’d be hard pressed to find a bum who’d sell out to Google that cheap. But most mainstream tech journalist weren’t that scrupulous, and lined up to boost Gmail to the public.
“The only population likely not to be delighted by Gmail are those still uncomfortable with those computer-generated ads. Those people are free to ignore or even bad-mouth Gmail, but they shouldn’t try to stop Google from offering Gmail to the rest of us. We know a good thing when we see it,” wrote Pogue in 2004.
But not everyone was as excited as Mr. Pogue.
Several privacy groups, including the Electronic Privacy Information Center, were alarmed by Gmail’s vast potential for privacy abuse. In particular, EPIC was concerned that Google was not restricting its email scanning activities solely to its registered user base, but was intercepting and analyzing the private communication of anyone who emailed with a Gmail user:
“Gmail violates the privacy rights of non-subscribers. Non-subscribers who e-mail a Gmail user have ‘content extraction’ performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed,” EPIC explained at the time. The organization pointed out that this practice almost certainly violates California wiretapping statues — which expressly criminalizes the interception of electronic communication without consent of all parties involved.
What spooked EPIC even more: Google was not simply scanning people’s emails for advertising keywords, but had developed underlying technology to compile sophisticated dossiers of everyone who came through its email system. All communication was subject to deep linguistic analysis; conversations were parsed for keywords, meaning and even tone; individuals were matched to real identities using contact information stored in a user’s Gmail address book; attached documents were scraped for intel — that info was then cross-referenced with previous email interactions and combined with stuff gleamed from other Google services, as well as third-party sources…
Here’s are some of the things that Google would use to construct its profiles, gleamed from two patents company filed prior to launching its Gmail service:
Concepts and topics discussed in email, as well as email attachments
The content of websites that users have visited
Demographic information — including income, sex, race, marital status
Geographic information
Psychographic information — personality type, values, attitudes, interests and lifestyle interests
Previous searches users have made
Information about documents a user viewed and or edited by the users
Browsing activity
Previous purchases
To EPIC, Google’s interception and use of such detailed personal information was clearly violation of California law, and the organization called on California’s Attorney General promised to investigate Google’s Gmail service. The Attorney General promise to look into the matter, but nothing much happened.
Meanwhile, Gmail’s user base continued to rocket. As of this month, there are something like 425 million active users around the world usi
ng email services. Individuals, schools, universities, companies, government employees, non-profits — and it’s not just Gmail anymore.
After its runaway success with Gmail, Google aggressively expanded its online presence, buying up smaller tech companies and deploying a staggering number of services and apps. In just a few years, Google had suddenly become ubiquitous, inserting themselves into almost every aspect of our lives: We search through Google, browse the Web through Google, write in Google, store our files in Google and use Google to drive and take public transport. Hell, even our mobile phones run on Google.
All these services might appear disparate and unconnected. To the uninitiated, Google’s offering of free services — from email, to amazing mobile maps, to a powerful replacement for Microsoft Office — might seem like charity. Why give away this stuff for free? But to think that way is to miss the fundamental purpose that Google serves and why it can generate nearly $20 billion in profits a year.
The Google services and apps that we interact with on a daily basis aren’t the company’s main product: They are the harvesting machines that dig up and process the stuff that Google really sells: for-profit intelligence.
Google isn’t a traditional Internet service company. It isn’t even an advertising company. Google is a whole new type of beast: a global advertising-intelligence company that tries to funnel as much user activity in the real and online world through its services in order to track, analyze and profile us: it tracks as much of our daily lives as possible — who we are, what we do, what we like, where we go, who we talk to, what we think about, what we’re interested in — all those things are seized, packaged, commodified and sold on the market — at this point, most of the business comes from matching the right ad to the right eyeballs. But who knows how the massive database Google’s compiling on all of us will be used in the future.
No wonder that when Google first rolled out Gmail in 2004, cofounder Larry Page refused to rule out that the company would never combine people’s search and browsing history with their Gmail account profiles: “It might be really useful for us to know that information. I’d hate to rule anything like that out.” Indeed it was. Profitable, too.
It’s been almost a decade since Google launched its Gmail service, but the fundamental questions about the legality of the company’s surveillance operations first posed by EPIC have not been resolved.
Indeed, a class action lawsuit currently winding its way through California federal court system shows that we’ve not moved an inch.
The complaint — a consolidation of six separate class action lawsuits that had been filed against Google in California, Florida, Illinois, Maryland and Pennsylvania — accuses Google of illegally intercepting, reading and profiting off people’s private correspondence without compensation. The lawsuit directly challenges Google’s legal right to indiscriminately vacuum up people’s data without clear consent, and just might be the biggest threat Google has ever faced.
Here’s how the New York Times described the case:
Wiretapping is typically the stuff of spy dramas and shady criminal escapades. But now, one of the world’s biggest Web companies, Google, must defend itself against accusations that it is illegally wiretapping in the course of its everyday business — gathering data about Internet users and showing them related ads.
…The Gmail case involves Google’s practice of automatically scanning e-mail messages and showing ads based on the contents of the e-mails. The plaintiffs include voluntary Gmail users, people who have to use Gmail as part of an educational institution and non-Gmail users whose messages were received by a Gmail user. They say the scanning of the messages violates state and federal antiwiretapping laws.
Google has aggressively fought the lawsuit. It first convinced a judge to put it under seal — which redacted most of the complaint and made it unavailable to public scrutiny — and then made a series of disingenuous arguments in an attempt to get the get the lawsuit preemptively dismissed. Google’s attorneys didn’t dispute its for-profit surveillance activities. What they claimed was that intercepting and analyzing electronic communication, and using that information to build sophisticated psychological profiles, was no different than scanning emails for viruses or spam. And then they made a stunning admission, arguing that as far as Google saw it, people who used Internet services for communication had “no legitimate expectation of privacy” — and thus anyone who emailed with Gmail users had given “implied consent” for Google to intercept and analyze their email exchange.
No expectation of privacy? Implied consent for surveillance?
Google’s claims were transparently disingenuous, and Judge Lucy Koh rejected them out of hand and allowed the lawsuit to proceed.
Unfortunately, it’s difficult to comment on or analyze the contents of the class action lawsuit filed against Google, as the company redacted just about all of it. One thing is clear: the complaint goes beyond simple wiretapping and brings into question an even bigger concern: Who owns the digital personal information about our lives — our thoughts, ideas, interactions, personal secrets, preferences, desires and hopes? And can all these things be seized bit by bit, analyzed, packaged, commodified and then bought and sold on the market like any other good? Can Google do that? What rights do we have over our inner lives? It’s scary and crazy. Especially when you think kids born today: Their entire lives will be digitally surveilled, recorded, analyzed, stored somewhere and then passed around from company to company. What happens to that information?
What happens to all this data in the future should be of serious concern. Not only because, with the right warrant (or in many cases without) the data is available to law enforcement. But also because in the unregulated hands of Google, our aggregated psychological profiles are an extremely valuable asset that could end us used for almost anything.
EPIC points out that Google reservers the right to “transfer all of the information, including any profiles created, if and when it is merged or sold.” How do we know that information won’t end up in some private background check database that’ll be available to your boss? How do we know this information won’t be hacked or stolen and won’t fall into the hands of scammers and repressive dictators?
The answer is: We don’t. And these tech companies would rather keep us in the dark and not caring.
Google’s corporate leadership understands that increased privacy regulations could torpedo its entire business model and the company takes quite a lot of space on its SEC filing disclosing the dangers to its investors:
Privacy concerns relating to elements of our technology could damage our reputation and deter current and potential users from using our products and services…
We also face risks from legislation that could be passed in the future. For example, there is a risk that state legislatures will attempt to regulate the automated scanning of email messages in ways that interfere with our Gmail free advertising-supported web mail service. Any such legislation could make it more difficult for us to operate or could prohibit the aspects of our Gmail service that uses computers to match advertisements to the content of a user’s email message when email messages are viewed using the service. This could prevent us from implementing the Gmail service in any affected states and impair our ability to compete in the email services market…
Former Google CEO Eric
Schmidt has not been shy about his company’s views on Internet privacy: People don’t have any, nor should they expect it. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” he infamously told CNBC in 2009. And he’s right. Because true Internet privacy and real surveillance reform would be the end of Google.
And not just Google, but nearly every major consumer Silicon Valley company — all of them feed people’s personal data one way or another and depend on for-profit surveillance for survival.
Which brings me to Silicon Valley’s “Reform Government Surveillance” project.
The fact that the biggest, most data-hungry companies in Silicon Valley joined up in a cynical effort to shift attention away from their own for-profit surveillance operations and blame it all on big bad government is to be expected. What’s surprising is just how many supposed journalists and so-called privacy advocates fell for it.
Yasha Levine is a roving correspondent at Pando Daily. Visit his website at yashalevine.com.