So, users of Google Apps for Business, are you OK with Google reading your commercial email?
Last week’s revelation that users of Googles email services should have no expectation of privacy, caused quite a stir. Even when this was clarified as applying only to the privacy of emails sent to Google users, it was still a shock to some.
In case you missed all this, Google was submitting a Motion to Dismiss in response to a class action suit. The salient words are…
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed,”a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” (my emphasis)
This was later clarified and justified on the basis that:
- the text is not about users of Gmail, but rather people to send emails to users of Gmail (presumably including other Gmail users)
- this indeed is what US Law dictates.
For a fuller explanation of the issues, visit Naked Security
My view is that if it prompts more businesses, and individuals, to pay attention to their information security, then it will have been good thing.
Misconceptions about information security
I find that most people suffer from a number of misconceptions when it comes to the privacy of their data in the online world:
- They think that sending an email is like sending a letter: i.e. the contents are sealed. It isn’t, unless you have taken additional measures like encryption.
- They adopt the view that if you haven’t done anything wrong then you have nothing to hide.
Both statements are plainly not true if you are using Gmail for business purposes. Do you really want Google looking through your correspondence with clients, with accountants, or, perhaps most worrying, your legal representatives?
Of course there’s no suggestion that a human being is trawling through your emails. In fact it’s an automaton that is trying to profile you in order to target advertising more effectively.
In of itself this may be a good thing. After all, if we must be bombarded with adverts, at least if they are relevant, it’s maybe not as bad as random ads of no interest. I appreciate this is being a bit too forgiving; but after all, everybody’s got to make a living 🙂
Of greater concern is the potential for the automaton to get it wrong.
How it can all go wrong
Take a look at this Forbes article. It illustrates how Target used data collected from their website to predict that a teenage girl was pregnant and then use that knowledge to target[sic] her with maternity products. It may be an anecdote, but it shows how everything you do online can be aggregated and maybe used against you.
The lesson is to be more aware of the implications of living your life online. Whilst you can take measures to reduce your digital footprint, as Tom Henderson did, for most people this will be over the top. However, at least realise this problem exists and take measures where you feel it is appropriate: e.g.
- by installing something like OpenPGP and using it to encrypt and digitally sign sensitive email correspondence;
- or by installing TrueCrypt to create an encrypted virtual disk on your computer, or on your cloud storage service.
Can I help you?
If you’ve found any of this interesting, or if you disagree, let me know in the comments. If I can advise you further on your specific issues, let me know through the comments.