# Google admits to reading your emails, claims you should expect it.



## frankthedm (Aug 21, 2013)

http://www.examiner.com/article/google-admits-to-reading-gmail-messages-of-users

Since when did paranoid nutjob become the expected level of distrust? I think my tinfoil hat needs a few more layers...



			
				counsel for Google said:
			
		

> a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.


----------



## Dannyalcatraz (Aug 22, 2013)

> Originally Posted by counsel for Google
> a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.




Realiy?  REALLY?  Methinks the judges who have handled USPS and courier services  cases would beg to differ on this.

Damnit!  I need a roll-eyes smiley!

I am predicting Google gets shot down in flames on this one.


----------



## Bullgrit (Aug 22, 2013)

Not to defend Google on this, nor even to play devil's advocate, but are emails sent through Google "sealed" in any way like envelopes/packages sent through USPS and such? I highly dislike the idea that Google (or any email provider) could/would read my email, and that's why I don't use Google. Honestly, Google scares me more than the NSA. I'm not even exaggerating.

Bullgrit


----------



## MerricB (Aug 22, 2013)

See here for the counterpoint:

http://www.theverge.com/2013/8/14/4621474/yes-gmail-users-have-an-expectation-of-privacy


----------



## Deset Gled (Aug 22, 2013)

I honestly never had expectation of privacy from my email from Google.  They flat out tell you that they target advertising based on it; how do you expect they target the ads without reading the email?  Frankly, I don't expect privacy on any free or web based email.  Or email at work.  Come to think of it, the only email I ever had that was private was the one from my university when I was in college, and that's only because I was specifically told it was private.  

Generally speaking, whenever you send any information over a network, you are voluntarily sharing that information with an completely unknown number of unidentified servers and people.  Unless the website/server/service specifically tells you the info is private, you have no expectation that it would be.  And even then, be suspicious.


----------



## Dannyalcatraz (Aug 22, 2013)

Can 'o' worms: right now, a lot of businesses and institutions- including the legal system and your health care provider- have been acting as if emails were as confidential as the US mail.

Assuming Google's interpretation wins out- and I don't think it will- expect either a wave of legislation to change that OR a slowdown in commerce as we return to a physical paperwork model.  Because if email isn't confidential, that means there are all kinds of communications between lawyers and clients, between doctors and paitents, etc. that will suddenly be discoverable in legal proceedings...in violation of current law.


----------



## Orius (Aug 22, 2013)

I wish I knew where that image of a Borg cube with a Google logo I slapped together a few years ago went.


----------



## Morrus (Aug 22, 2013)

Yeah, as Danny says, medical and legal communications are just the start of it. Email is a standard communication tool for nearly every profession the world over; and if the assumption that emails are private is false there's gonna be major worldwide ramifications. Doctors, lawyers, law enforcement, tech and research companies, accountants, etc. will all suddenly be in the position where they've been sending confidential information out publicly for years.

At least the military and intelligence agencies probably encrypt 'em.


----------



## Dannyalcatraz (Aug 22, 2013)

An amusing thought just occurred to me- if Google's interpretation wins out, it could be a Pyrrhic victory.

I'm no litigator, but all those emails turning from presumptively private to presumptively public would probably trigger a wave of litigation trying to hold Google liable for the exposure of those sending the emails.*  Even if the suits are ultimately found to be without merit, the sheer number of cases- assuming no class action gets approved- could be ruinous, even bankrupting of Google.

Careful what you wish for, Google!










* make no mistake- Google's position winning out would result in an avalanche of litigation: individual citizens, news organizations, law enforcement, and even shady types suing to get their hands on the data; and people suing the people who sent emails containing their sensitive data.


----------



## Slickam (Aug 22, 2013)

Morrus said:


> At least the military and intelligence agencies probably encrypt 'em.




Not always. I've had emails sent to me by mistake (in my gmail account) from another country's military with no encryption at all. They were marked unclassified, so that may be why. I hope they wouldn't send classified messages unencrypted.


----------



## Deset Gled (Aug 22, 2013)

Dannyalcatraz said:


> Can 'o' worms: right now, a lot of businesses and institutions- including the legal system and your health care provider- have been acting as if emails were as confidential as the US mail.
> ...
> Because if email isn't confidential, that means there are all kinds of communications between lawyers and clients, between doctors and paitents, etc. that will suddenly be discoverable in legal proceedings...in violation of current law.




Maybe I'm missing something critical, but I can't follow the jumps that you're making.  What makes the ruling so universal?  The case being heard is specifically regarding Google's email; I can't see why it would have an effect on emails found on a lawyer's or doctor's server.  Why would one person's contract granting Google the right to read their email affect a different person's contract with a different email provider that guarantees privacy?  

Furthermore, Google never claimed the information in your emails was public.  They said that it wasn't private -- because you shared it with them.  And only them.  Google's Terms of Service allows them to access the information, but that same TOS guarantees they don't share it with other parties (without opt-in consent).  So even if you received an email from your lawyer in a Gmail account, it still wouldn't be discoverable as public information.

I think a lot of people are jumping to a lot of conclusions that simply aren't germane to the legal case at hand.  Then again, IANAL.


----------



## Dannyalcatraz (Aug 22, 2013)

> The case being heard is specifically regarding Google's email




1) A lot of professionals use Google's gmail and other, similar services.  (I myself have a professional email address with Verizon AND with Google.)

2) Just because we're talking about Google's gmail doesn't mean a ruling in the case couldn't have broader impact.  It is entirely conceivable, for instance, that if Google's interpretation were to so out, ANY email provider that did not expressly guarantee privacy would be considered non-private.



> Furthermore, Google never claimed the information in your emails was public. They said that it wasn't private -- because you shared it with them. And only them.




A communication is only privileged between a lawyer & client, priest & penitent, doctor & patient, or husband & wife- and certain designated agents, employees or colleagues) as long as it is not shared with another party.  If Google is correct, the mere fact of sending information via their gmail service means that any formerly privileged data is now outside the privilege, and thus discoverable.

So, for example, that means every time a doctor gmails a colleague about a patient to aid in his diagnosis, he has just violated that patient's right to privacy.  Under HIPPA, that would make him liable to the tune of $100 per violation, capped at $25k/year.  It's worse if the violation was intentional:



> 42USC1320d-6 Wrongful disclosure of individually identifiable health information
> 
> (a) Offense
> 
> ...




Note- _it is quite possible that subsection (b)(3) could apply to Google itself, if it is using patient data to target ads.
_

Like I said, I don't think a Google's interpretation will be upheld.  But if it is, Zuck could be facing a big (to people like us) fine and a decade in a Federal prison.  Not to mention what would happen to Google's stock and the company itself.

Caveat: while I am a lawyer, I'm a contracts, negotiations & drafting guy, not a litigator.  But I can assure you that these are _very_ real concerns.


----------



## pedr (Aug 22, 2013)

Google's argument is that no one who sends an email has a legitimate or reasonable belief that the data contained in that email will not be processed by the computers of the recipient email service. This is self evident because, unlike a letter, the technical steps to transmit the content of a email to a recipient require technical processes to be performed on the data which contains the "content" - Google's computers must do "stuff" to the bits which encode the words of an email to get the email to a Google user.

What is controversial is that Google adds steps whereby its computers use that content to influence the advertisements displayed to recipient Google users. The suit argues this is a violation of privacy, and Google says that it is no different from what it would have to do anyway, so there's no reasonable expectation of privacy.

Google doesn't assert that Google employees have the right to read or provide access to emails by other humans (or other organisations computers), just that adding computer analysis to aid in advertising is conceptually no different from computer analysis to turn computer data back into the displayed words of an email for display to the recipient. This may not be convincing, but I'm not sure it means Google argues that emails aren't private. 

Of course the recent revelations mean that email in fact isn't private, and it may, actually, be an ethics violation or unlawful to use email (and Dropbox etc) for legal and medical communication and storage, given what's now known about government access to such systems. That's an issue that's only just coming to the fore, but it isn't really connected with this particular suit against Google.


----------



## Mustrum_Ridcully (Aug 22, 2013)

On the plus side, maybe things like this could actually lead to a new message interchange protocol with build in encprytion and security, something to replace e-mail?


----------



## Umbran (Aug 22, 2013)

Dannyalcatraz said:


> Can 'o' worms: right now, a lot of businesses and institutions- including the legal system and your health care provider- have been acting as if emails were as confidential as the US mail.




Well, note something: they're talking about "automated processing".  That's not necessarily the same as having a living person *reading* your mail.

If the content is mechanically scanned (for example, to generate targeted ads) but not stored _or comprehended by a living being_, has it been "read"?  Has privacy been violated if no *person* ever sees the data in a way that connects it to the individuals in question.

(And Zuckerberg is Facebook, not Google.  Unless you're extending to "private" posts talking about medical concerns on Facebook, which I may have missed.)


----------



## Umbran (Aug 22, 2013)

Mustrum_Ridcully said:


> On the plus side, maybe things like this could actually lead to a new message interchange protocol with build in encryption and security, something to replace e-mail?




No real need.  Folks could simply start using PGP (Pretty Good Privacy) to encrypt e-mails.  This would step people back to using desktop e-mail clients again, rather than use Google's (or another provider's) web-interface.


----------



## tomBitonti (Aug 22, 2013)

pedr said:


> Google's argument is that no one who sends an email has a legitimate or reasonable belief that the data contained in that email will not be processed by the computers of the recipient email service.




Just read one of the links (having some trouble with my DNS today, so was only able to read one.)

This seems to wildly conflate necessary non-interpretive processing (on the same order as copying bits between disk and RAM as a part of normal processing), with unnecessary interpretive processing (looking for keywords or phrases, today, eventually, much deeper analysis) to build a profile for use in directed advertising.

Are there any precedents out there for photo processing services?  Certainly, there is a a need to have a machine scan photographic negatives and for a person to review the processing, say, to correct color and darkness levels.  Incidental to those views, if there is evidence of a crime, I don't think one is protected.  But, for the processor to tag your image (pet lover; sexual preference; nature lover; &etc) and use that information for directed sales _seems_ to break privacy.

Thx!

TomB


----------



## tomBitonti (Aug 22, 2013)

A related (I'm thinking) question: If a lawyer or physician hired a legal/medical assistant to help with records keeping and other office work, are they considered third parties, or as extensions of the lawyer or physician?  If a lawyer hires a trusted / secure messenger who delivers a confidential communication which is held in a locked case across town, would that expose the communication to a third party?

Thx!

TomB


----------



## Janx (Aug 22, 2013)

tomBitonti said:


> A related (I'm thinking) question: If a lawyer or physician hired a legal/medical assistant to help with records keeping and other office work, are they considered third parties, or as extensions of the lawyer or physician?  If a lawyer hires a trusted / secure messenger who delivers a confidential communication which is held in a locked case across town, would that expose the communication to a third party?
> 
> Thx!
> 
> TomB




They're considered part of the staff and thus covered under the NDA and BLA you should have with them

My company is a middle-ware and IT company for other medical and insurance handling businesses.  I apologize if this sounds like a commercial.  I won't tell you where I work, and you've never heard of us anyway.  But this may give some perspective from the medical/insurance/legal business as we have clients in these areas and this is what we do.

Under HIPPA we have to have NDAs and Business Level Agreements to secure the data and have the other party agree that we secured the data.  It's a 2 way street, so as the client audits us, we audit them, and since we're in the middle between their clients, we audit their client and they audit us.  The audit intensity varies, and the bar is lower for smaller businesses (though certain minimal expectations are there).

Generally speaking, any office staff who has a need, has authorization to read your file (as a patient).  So the doctor, the billing department, the med assistant, the scheduling department, they all get to open your file because they have a need to see info from it to do their job.

Ideally, they'd only be authorized to see your file WHILE you're in the time frame of needing work done, and they'd see as little as possible.

However, that tends to be less practical than logging their access and detecting if they make unusual accesses.  It is surprisingly complicated to enable/disable rights for individual employees who sometimes have a need than it is for the main office staff to see what they want, when they want, because if they were going to screw you, they'd do it in the window they have anyway.

Generally speaking, they're OK.

Now when that office contracts out to a EDI clearing house or something, audits have to happen and contracts get signed.  In EDI, there's encryption going on and it's all fairly secure.

The sloppy area is when the office emails files to doctors because doctors can't be bother to learn the system, or when insurance people email files because they don't use the web portal.

Within your company, Exchange is secure.  I can email Patient XYZ to you if we're both employees, and hackers aren't getting it, HIPPA isn't mad.  If I email that file your gmail account, as this thread indicates, there's problems.

Technically, to include a 3rd party in the transaction requires a BLA under HIPPA.  The third party is liable for securing that data, and if they don't KNOW that you're putting Protected Health Information (PHI) on them, how can they comply with HIPPA?

On top of that is that email from my server to your server is not secure, unless there's a pre-established encryption between us (TLS, forget what it stands for).

We have TLS setup with some specific clients, but our general approach is NEVER send patient data via email.  Our products include web portals for logging in to see your authorized patient data/files and emails that contain links to our web portal.  We never send any PHI in our automated emails.

On top of that Exchange 2010 and above has enforcement rules for preventing a user from sending an email that contains PHI because it looks for the patterns of it (like a social security number)

We're a small company, a breach means somebody gets the data we hold, and we pay for notifications for the affected people, and we pay a million dollar fine to the Department of Health.  That's what any of these businesses face.  For us, we're scared to death of the HIPPA monster.


----------



## Janx (Aug 22, 2013)

In finally reading the article (I woke up in the wrong order).

the lawyer's language is jerky.

His first statement is correct.  google's server is going to read the bits of your secret email.  Google is in the business of showing YOU ads relevant to YOU which they get to know from YOUR email.

if all you email about is cars, you will see more ads about cars.  if all you talk about is medical conditions (because you are unwisely conducting your practice through gmail), then you will see medical ads.

You will never see an ad displaying anybody's social security number, nor is google collecting those and storing them.

Google probably needs a better public relations writer to refine that so it is clear.

It is also improbable that any human at google is actually reading any emails.  that might not be entirely true as the guys who code up email parsing routines to detect ad-useful keywords may be using copies of the live email database to get natural examples of content (this kind of thing happens because live data takes more random shapes than fake data).


----------



## tomBitonti (Aug 22, 2013)

Janx said:


> It is also improbable that any human at google is actually reading any emails.




I have to ask, is _who_ or _what_ reads email actually relevant?  Wouldn't the purpose of reading the email matter as much if not more?  I'm wondering whether the distinction between a computer reading the email and a person reading the email is relevant, and is being presented perhaps as a bit of misdirection.  I could be all wrong about this, but if I write a problem that intercepts and scans emails looking for certain keywords, the program is an extension of me, and that I didn't actually read the emails myself doesn't matter.

Thx!

TomB


----------



## Dannyalcatraz (Aug 22, 2013)

> Well, note something: they're talking about "automated processing". That's not necessarily the same as having a living person *reading* your mail.




AFAIK, the law does not make a distinction between live and automated data processing.  It IS a possible distinction that could save fines and jail time, but would you really want to risk that if it were you?  Live people made the decision to do this, then automate this.  The idea that automation is going to insulate you from personal or corporate liability is a mighty thin aegis.

As it stands, all HIPPA talks about is getting the protected data and using it for commercial reasons before swinging its hammer.  And Google does this- if they're being truthful & accurate, in part to legitimately process the data- but also to target advertising.  THAT is what could get them in the worst trouble.

(Also, sorry 'bout the Zuckerberg goof- typed that before going to bed. )


----------



## tomBitonti (Aug 22, 2013)

Janx said:


> They're considered part of the staff and thus covered under the NDA and BLA you should have with them




That seems pretty robust!

Legally, would all of that prevent you from testifying about particular data which you (your company) processed?

My layman's understanding is that confidential discussions, for example, between a lawyer and their client, or between a doctor and their patient, and, I'm thinking, between a priest and a congregant, have specific legal protections which are hard to overcome, but, one way to overcome them is for a third party to be present (who would not be considered one of the clients; I'm presuming if a lawyer had two clients in a single case, the second person doesn't count as a third party).

That is, if a lawyer speaks to a client in a secure room (no other people present, no recording devices, no remote observation), then a third party is not present and the conversation remains protected.  But, if the conversation were held in the presence of a third party, say, if the client had a friend present for support, then the protection is removed.  Perhaps more likely, if a lawyer or doctor had lunch (or say, golfed) with a client, and remarked on confidential matters in the presence of third parties also at the lunch.  Maybe the lawyer or doctor would know better (or should), but the client might bring something up when they oughtn't.

I'm trying to figure out when a separate person becomes a third party.  I imagine (but could be rather wrong, not knowing in particular), that a person on staff in a law office would not be a third party, so long as the practice maintained security practices, and that the person on staff had a practical need to access protected materials.  That is, a clerk who filed a lawyers notes could not be forced to testify about those notes.  (But, if a lawyer had a conversation with a client and a cleaning person were in the room, and was not made to leave, they might be considered a third party.)

Something that I wonder about in this context is what difference does an un-authorized intrusion make?  If a lawyer and client have a conversation which is recorded unlawfully, does that break protections?  That makes a difference in that if 75% of all emails are subject to routine scanning, and this became the everyday presumption, than every email would automatically have a third party involved, and would automatically lose protection.

Thx!

TomB


----------



## tomBitonti (Aug 22, 2013)

In regard to google, I was thinking that there would be a specific policy which was agreed to by gmail users which would cover google's use of the email content.

I found this:

http://www.google.com/intl/en/policies/privacy/

But I don't see any notice that google will use use email _contents_ in this policy statement.

However, specific application such as gmail may have additional specific terms which are in addition to or modifications of the general policy.  Does anyone have a link to such?  Based on this general policy, I don't see that a user will have agreed to allow interpretive access to email contents.

As a second matter, even if a user accepts a policy which allows access, what would that mean for emails from non-gmail users to gmail users?  My thinking is, unfortunately for the non-gmail user, that they give up protection to the gmail recipient.  Then, the issue becomes a matter of trust between the email users.  As an analogue, if I exchange love letters with a partner, I'm relying on my partner to keep the letters secret.  But once I've sent the letters, I can't force my partner to keep the letters private.

Thx!

TomB


----------



## Janx (Aug 22, 2013)

tomBitonti said:


> I have to ask, is _who_ or _what_ reads email actually relevant?  Wouldn't the purpose of reading the email matter as much if not more?  I'm wondering whether the distinction between a computer reading the email and a person reading the email is relevant, and is being presented perhaps as a bit of misdirection.  I could be all wrong about this, but if I write a problem that intercepts and scans emails looking for certain keywords, the program is an extension of me, and that I didn't actually read the emails myself doesn't matter.
> 
> Thx!
> 
> TomB




Speaking technically, rather than legally, it's a yes and no problem.

I am, at this moment (well, a few moments ago), writing code to parse emails to extract a link to login to a portal to download a patient file and then parse that file into my system for my client to use.

During the development, I am likely to see a little PHI but am covered by NDA and need to know.

Once it is deployed, I am not seeing any PHI, nor is anybody else.  It's a pipeline from Company A to Company B, even though "something" is reading the email, it is not doing so in the more sentient form of "knowing" what's in your record.

It's kind of like if the Post Office had transporters.  They technically know EVERY atom and it's location and thus the contents of the package you shipped.  But for practical purposes, they don't actually know what's in the box, even if they scanned it for explosives as part of the process.  So a module might "know" what's in the box for the sake or processing the box, but your privacy is still intact from the sense of nobody knows what the present for Timmy was when he gets it but you.

Privacy is not a giant mega-shape that can cover every bit of information about you.  It's just not feasible, nor is it conducive to making things work.

there's different kinds of privacy.

Nobody needs to know your social security number
Nobody needs to know who you dated last night
Nobody needs to know about that lump you have
nobody needs to know that you are planning to fire Tom in accounting tomorrow.

These are private things, that should only be shared when you choose and as needed.

As we do know, some people do need your social security number to process your claim
And the computer does need to know your address so it can mail the bill to you
And Google does need to skim your mail for nouns so they can display advertisements about those nouns to you while you use their free service.

but does that mean they've violated those core things I identified at the top?  probably not.

Technically your pharmicist knows about the lump you have, because you've got a script for cream for it.  It's irrelevant to her, because everybody has a rash somewhere and it's meaningless noise.  Pre-HIPPA, everybody knew your business as you stood at the pharmacy counter.

The real point of the privacy laws is to protect your assets, not your privates.

As long as google isn't collating a big database of identities to sell to the Russian hackers, or building a secret black mail profile against you, you don't have a problem.

Your core risk is not that my program is reading your information.  It is whether I am opening up the database snapping off a export and selling it to the russians or contacting you on a disposable phone to get you to pay me to not tell your wife about your activities.

It all snaps back to what a human is misusing the data for.  the software is often the innocent party, just processing your work, like the assistant at the front desk booking your appointment and taking your credit card to bill you.


----------



## Janx (Aug 22, 2013)

tomBitonti said:


> That seems pretty robust!
> 
> Legally, would all of that prevent you from testifying about particular data which you (your company) processed?
> 
> ...




HIPPA is a loosey-goosey law.  It basically says "you must protect" with very little definition of what standards to follow.  the credit card industry follows DCI which is very specific and strict.  it is a stronger standard.

On the third party present question, you do NOT conduct business with an unsecured party present.  Cleaning staff don't have need to know, so you ask them to leave.  Otherwise, you have a risk.

In my world, you don't just walk into a room and transform into a third party.  Negotiations, contracts and audits happen before we start passing data.  I would be in breach if I sent PHI to somebody we didn't have a BLA with.

What HIPPA says is "do whatever you want to protect"  But if there's a breach, you are screwed.  So it's more Stick, than book of tips on how to secure your business.

Some specifics are, if an unauthorized party gets PHI, I have to notify the affected people (patients) and probably pay for credit fraud protection (I've had a few of those from the financial industry loosing laptops).  If they crack my server and steal my database, I am protected ONLY if the database was reasonably encrypted.

So if my PHI is unreadable in my Patient table, I'm safe.  If not, then I will pay large fines and fees that could destroy my business.  But it is all up to me on whether to do that, and up to my client to choose to do business with me.  This is where a large business expects higher security, and a small business is exempted from being expected to have huge piles of documented security practices when doing the BLA.

It's all moot until a breach, when blame flies and money has to be paid.


----------



## Umbran (Aug 22, 2013)

Dannyalcatraz said:


> AFAIK, the law does not make a distinction between live and automated data processing.  It IS a possible distinction that could save fines and jail time, but would you really want to risk that if it were you?




Well, I am not personally a billion-dollar company that lives or dies based on advertising, so "if it were me" is perhaps not the best measure.  

The law may not currently make a distinction, but that question is going to get asked eventually.  The real question here is simple - is it a breach of privacy if *you* are the only one who ever sees the relevant bits?  It isn't like Google it taking your information and giving it to someone else.  They use the data from *your* e-mail to show things to *you*.  Your information does not go to anyone else in a non-anonymized way.  How is your privacy violated?  Your data doesn't actually go to anyone but you! 

This gets to the basic question - what is "privacy"?  That has not been answered in a solid way for the digital age.


----------



## Dannyalcatraz (Aug 22, 2013)

Umbran said:


> The law may not currently make a distinction, but that question is going to get asked eventually.  The real question here is simple - is it a breach of privacy if *you* are the only one who ever sees the relevant bits?  It isn't like Google it taking your information and giving it to someone else.  They use the data from *your* e-mail to show things to *you*.  Your information does not go to anyone else in a non-anonymized way.  How is your privacy violated?  Your data doesn't actually go to anyone but you!
> 
> This gets to the basic question - what is "privacy"?  That has not been answered in a solid way for the digital age.



Here's the potential problem:



> 42USC1320d-6 Wrongful disclosure of individually identifiable health information
> 
> (a) Offense
> 
> ...




Google may be using the data it gleaned from emails to target ads to the email users.  If they are, that is a potential violation of HIPPA...even if it is completely automated.  In a very real & legal sense, Google IS sharing your data with someone else.

Even though its a bunch of computer programs talking to each other, its your personal information being used without your permission for other than its intended purpose by organizations not within the boundaries of the doctor/patient privilege.  They are using the data for targeting ads to you (the patient) and to the doctors who share that data between themselves.

And legally, corporations are "people."  When Google's computers talk to Glaxo Smith-Kline's to target drug ads to you and your doc based on your patient data, that means a "person" has disclosed your data to another "person" for commercial purposes.

That is almost a textbook case of violating your privileged communication.  (It WILL be at some point after this all sorts out.)  Pharma companies can't have reps in the room with you & your doc during an appointment to hawk their meds and procedures– that would be a clear violation.  Allowing them to do essentially the same thing via targeted emails is, IMHO, every bit as violative of the privacy laws as the former.  That it is automated should not be a shield from liability.

(Disclosure: even though its not my primary field, I have done some legal work for my father's medical practice.)


----------



## Janx (Aug 22, 2013)

Umbran said:


> This gets to the basic question - what is "privacy"?  That has not been answered in a solid way for the digital age.




Yup.  

There's the obvious things I can't have floating out there like my account numbers

There's my personal business that I don't care to share with neighbors, let alone the world

There's "harmless" data I'm dropping off with out realizing that technology can now collect and make surprising deductions from.  

Like DNA samples, fingerprints on discard pop cans, cameras catching my car going to places that have always been there, but only now can something sneaky or useful come of it.

There's machine processes that do legitimate work on my and others data that then are vulnerable to criminal attack.

There's machine processes that offer genuine services for hosting my data, and are inherently reading it to do things on my behalf (like showing me targeted ads)

there's machine processes that parse my data that I willingly gave it to then perform statistics on that deduce surprising things that I hadn't thought I opted into.


Now bring in that Snowden guy, who was an IT worker, who inherently had "need to know" access on the back-end to NSA data (meaning the agents may have been locked to certain data by need, but an IT guy kind of needs access to everything, even though he's not reading it per se).  There's your risk factor, somebody HAS to have access to everything to keep the server running.  Now in his case, he apparently didn't like how the data was being used, and made a big deal about it (not commenting on the details of his case).

Now bring in that kid in England who got banned by the game shops.  His name was out there for anybody to know what he did and who he was.  He voluntarily gave away his privacy, and yet, when the news was reported, others were trying to protect his privacy by saying his name shouldn't be disclosed.

To sum up, nobody really knows that the heck privacy is.  it's a magic word that means whatever you didn't want to happen after the cat was let out of the bag.


----------



## Dannyalcatraz (Aug 22, 2013)

Forgot to address this: 



> This gets to the basic question - what is "privacy"? That has not been answered in a solid way for the digital age.




At its most basic level, "privacy" in the sense we are discussing here is the legal right to restrict and control access to information of a particular kind.  Nothing more, nothing less.  Each of the recognized forms of it- Priest/penitent, Attorney/Client, Doctor/Patient, husband & wife have certain commonalities but also unique boundaries.

The privilege belongs to the person disclosing the information to the second party- only that person can legally disclose the information to a third party.

And not everything disclosed to the second party is covered- only such information as is vital for the proper functioning of the relationship is protected.  So if you tell your Lawyer about your medical conditions, or your Doctor about your legal woes, those would not necessarily be privileged communications.

That we live in the digital age doesn't change any of this.


----------



## Janx (Aug 22, 2013)

Dannyalcatraz said:


> Forgot to address this:
> 
> 
> 
> ...




To my eye, except for husband/wife being a longer term/intensive data share, the other examples are simple data transfers.

The doctor/priest/lawyer knows what I tell tell them.  They seldom give their own private information.  They may give me advice or info that is contextually related to the info I gave them.

in the husband/wife scenario, along with conversations about where I hid the money, the spouse is inherently observing and learning oodles of data points (the kind Google would love to collect).  the spouse is learning things about me that I may or may not have intentionally disclosed to them.

Aside from legal definitions (which Danny will know about), the data flow pattern is relevant as is the context and content.

The lawyer might not be able to deny having met with me (don't know), though he can refuse to disclose the content of our discussion.

The doctor is definitely in position to not confirm or deny seeing a patient, as that would violate HIPPA (knowing I saw a proctologist tells where the secret lump is).  Even spouses have to sign extra papers to grant permission to disclose to their partner.

Whereas, is the wife required to keep private the boxers/briefs answer?  Is her husband human?  Male?

What data is insiginificant and thus not protected, what is significant and should be protected?


----------



## Dannyalcatraz (Aug 22, 2013)

> The lawyer might not be able to deny having met with me (don't know), though he can refuse to disclose the content of our discussion.




Client or patient ID is something on the penumbra of privacy- most MDs and lawyers will at least ask for a subpoena before disclosing that info.  HIPPA tries to make it clear that patient ID is priviliged.


----------



## Umbran (Aug 22, 2013)

Dannyalcatraz said:


> Google may be using the data it gleaned from emails to target ads to the email users.  If they are, that is a potential violation of HIPPA...even if it is completely automated.  In a very real & legal sense, Google IS sharing your data with someone else.




Not a lawyer, but in a technical sense, I think you may be incorrect.  

Item #1 depends upon unique identifiers.  That's something rather specific in computer parlance, and rather easy for Google to *not* do, so I suspect they are not stupid enough to do it.

#2 depends upon them obtaining uniquely identifiable health information relating to an individual.  Google *doesn't* do that.  Google does not determine you have a bladder control issue, and then say you need to see ads for catheters.  They merely note that the word "catheter" has shown up in your e-mails, so they guess you might be interested in them, and show you ads for them.  Maybe you have a bladder control issue, maybe your grandpa does.  Maybe your cat does.  Maybe you're a medical student asking about draining abdominal abscesses.  Google does not know and does not care.  Google doesn't take your health information.  They may take guesses at your interest in health products, which isn't the same thing.

#3 is about disclosing personally identifiable health information to others.  Google doesn't tell advertisers who it showed ads to, specifically.  If I recall correctly, Google doesn't tell *itself* who it showed them to.  That sounds counter-intuitive, but it is actually not at all difficult in a technical sense.  After showing you the ad, Google can't tell if it did so or not.  The fact that the ad was shown to *someone* is kept, but not to whom it was shown.

And, for those who are curious, you can opt out of the targeted ads in your Google privacy settings.   

So, I don't think Google has a legal issue here.  What they have is a potentially massive PR issue - public opinion and the law are not strongly correlated.


----------



## tomBitonti (Aug 22, 2013)

Janx said:


> Speaking technically, rather than legally, it's a yes and no problem.
> 
> I am, at this moment (well, a few moments ago), writing code to parse emails to extract a link to login to a portal to download a patient file and then parse that file into my system for my client to use.




(Lots of additional text omitted.)

All to my limited understanding:

That seems to be a necessary processing of the email to perform a requested function.

As an analogue, when an email is sent, the "To" information must be processed to deliver the email to the intended recipient.  (Assuming the intended recipient is encoded in the "To" field.  If the information were in a different field, the state would apply to accesses to that field.)

If an email encodes a request to perform a file download, with the file information being embedded in the content of the email, then retrieving the file identifier is a necessary part of processing the email -- as intended by the email sender.

While examples could be crafted to put the necessary processing right in the middle of the fuzzy boundary between necessary and unnecessary accesses, this particular access seems clearly necessary.

A similar example would be retrieving a web page and having an intermediary scrape a listing of HREFs from the page to enable the intermediary to more quickly process those links.  That is a functional use of the page information necessary for processing the page.

Scanning an email to determine what medical condition I might have so to provide that information to a pharmaceutical company seems to be rather on the other side of the fuzzy grey line (of what are acceptable accesses).

Thx!

TomB


----------



## Janx (Aug 22, 2013)

tomBitonti said:


> Scanning an email to determine what medical condition I might have so to provide that information to a pharmaceutical company seems to be rather on the other side of the fuzzy grey line (of what are acceptable accesses).




In this narrow scenario, if my program is parsing emails to get your name/identifier and prescription so as to place an order on your behalf so it shows up at your house on me, then my program "knowing" that data is inherently authorized by virtue of you doing business with my client.

So in the EDI world (electronic data interchange), programs pass data from company A to B via Company C all the time.  But there's agreements and implied inherent necessity.  While all 3 parties are sitting with copies of your data that they are required to retain per HIPPA, nobody is authorized to use it for anything but the express business of serving the patient's work order.

We enter a grey area on what kind of statistics we can computer like co-morbidities and how many treatments to cure the patient.

Some of that stuff is legitimate, because I can compute it without the PHI.  Looking at how many anti-depressant meds were ordered in July isn't looking at your PHI data.  But there is some verbiage in HIPPA on how far that analysis can go, to which I'd need to consult my lawyer before I enabled such a report.


----------



## tomBitonti (Aug 22, 2013)

Umbran said:


> #2 depends upon them obtaining uniquely identifiable health information relating to an individual.  Google *doesn't* do that.  Google does not determine you have a bladder control issue, and then say you need to see ads for catheters.  They merely note that the word "catheter" has shown up in your e-mails, so they guess you might be interested in them, and show you ads for them.  Maybe you have a bladder control issue, maybe your grandpa does.  Maybe your cat does.  Maybe you're a medical student asking about draining abdominal abscesses.  Google does not know and does not care.  Google doesn't take your health information.  They may take guesses at your interest in health products, which isn't the same thing.




Extra text omitted.

This is a careful dicing of the issue, and (I think) not a valid one.

Google could run a number of sophisticated queries based on keywords and supply the results separately to a company, which then did a number of trial mailings to determine the quality of the individuals selected by each query, finding the best query, then periodically retesting the query to increase its accuracy.  This could be done with a lot of blinds, so that the keywords and individuals were only known to google, and the company supplied their advertising data back through google, completing the blind.

Whether this constitutes "obtaining uniquely identifiable health information" becomes a messy semantic issue.

I imagine whether this works as a way to enable access to content will depend a lot on how the laws are written, but I would hope this type of maneuver doesn't / wouldn't work.  If it did, much of privacy control could be rather easily sidestepped.  That is, I would hope that the laws are written to broadly prevent access to personal information, regardless of the quantity of detail which was extracted from the information.

Thx!

TomB


----------



## Dannyalcatraz (Aug 22, 2013)

Umbran said:


> Not a lawyer, but in a technical sense, I think you may be incorrect.
> 
> Item #1 depends upon unique identifiers.  That's something rather specific in computer parlance, and rather easy for Google to *not* do, so I suspect they are not stupid enough to do it.
> 
> ...



This is pretty speculative at this point, clearly, and- as stated, I'm not a litigator- so I freely admit that I could be way off base.

Some thoughts:

1) "unique identifier" may have different but overlapping meanings to progmammers and the law.  We won't know which is the key until this all snakes its way through the system.

2) the fact that they target you with ads based on the content of your email may be legally sufficient to be held liable.  All that you have to do to violate HIPPA is obtain the data and use it in a way not intended by the person whose privacy is in question.  That the process is automated and impenetrable to human eyes will probably not sway a judge- Courts generally don't let corporations do via automation what they can't do by human agency.

3) Google's software is operating in some way in concert with advertisers' software for commercial purposes.  The advertisers may no be aware of any of the data.  Their software may not even know anything beyond their ad got sent to someone.  All that means is that the advertiser may be shielded from liability.  Google still used private patient data in a way violative of the patient's privacy rights.

That the data isn't retained- and whether it is or not has not been revealed*- is probably immaterial.  The violation- however ephemeral- has still occurred.







* and my gut says it is retained and or shared & retransmitted in some form for some non-trivial time.  Otherwise, why would I keep getting ads based on one-time communications?


----------



## Janx (Aug 22, 2013)

Hopefully my info-dump on the nature of data handling and privacy in the medical/insurance industry is enlightening to the topic.  Here's some other "did you know" info:

The dairy industry has a wierd mix of very primitive tech and high tech businesses.  One such major client has higher security standards than HIPPA requires.  Meaning, it's harder to hack a milk ordering system/data than a medical one in some instances.

The credit card industy has some of the most robust security and practices for protecting your data.  To which, folks who object to the whole NSA thing or license plate camera trail recording should take a few lessons.

If an agent accesses your records, it is recorded.  If the agent is not actively working on a call/ticket regarding you while accessing your record, notification is sent to the InfoSec officer and you are fired.  Do not pass Go.  Do not get to plead with your vice president who you slept with at the last x-mas party to get some leverage on.

As some one who works with data, it is VERY valuable to record everything in the event of future need (breach, CYA, evidence).  It's amazing even to me that it may be possible to do real time analysis to detect a crime as it happens or terrorists working on a plot.  There's too much data.

But if we do record it and retain it, it is very easy after the fact, to take one data element (terrorist's cell phone # we got off his body) to then query the data to find who that phone called, and then back track who those people are, then where they went in the DMV licence plate DB and so on.

We can't do that if we don't record and retain data.  But that's not the same as spying on you while you snuggle your spouse while watching pirated porn via the Kinect on your xbox.

The credit card company practices give a clue how to handle it.  Go ahead, record everything.  But nobody gets to look at it without a warrant. Lock the data down so who and what is queried is audited, and you can pretty much make sure that Officer Cuckold isn't snooping on his ex-wife's boyfriend when he has no business doing so.


----------



## Umbran (Aug 22, 2013)

Dannyalcatraz said:


> 2) the fact that they target you with ads based on the content of your email may be legally sufficient to be held liable. All that you have to do to violate HIPPA is obtain the data and use it in a way not intended by the person whose privacy is in question. That the process is automated and impenetrable to human eyes will probably not sway a judge- Courts generally don't let corporations do via automation what they can't do by human agency.




I'm going based on the wording presented.  "(2) obtains individually identifiable health information relating to an individual;"  Without context, a lone word (like "catheter") does not comprise health information.  Without metadata about who used the word, it is not individually identifiable.  So, for example, if Google treats your sent and received e-mail equally, there's no way to tell if the interest is yours or someone else's.  All they know is that the keyword appeared.



> 3) Google's software is operating in some way in concert with advertisers' software for commercial purposes.




I believe this is incorrect.  If someone knows better about Google's operations than I, please correct me.

Google advertisers do not use their own infrastructure.  The advertiser submits an image and link to Google, along with information about when the ad should be shown.  This is stored by Google, and the ad is served up from Google's servers.  At the end of the month, the advertiser receives a report about impressions.  Google does not send a query to the advertiser's computers.  That would be slow, and would fail if that company's servers were down.  If Google did do this, it would be anonymized ("I want an image for case #3"), which Google would then insert into the page for them.  The advertiser does *not* get a direct link to you.



> * and my gut says it is retained and or shared & retransmitted in some form for some non-trivial time.  Otherwise, why would I keep getting ads based on one-time communications?




Well, for one thing, if you haven't deleted the e-mail, the word is still there!  If you deleted it less than 30 days ago, it may still be sitting in your trash, still not completely deleted.

Beyond that, for search criteria and page visits, I think the standard way is through browser cookies.  I don't know if Google sets browser cookies based on e-mail content.  So, there's a file on your own machine that says, in essence, "Keyword X got mentioned".  When it needs to, Google asks your machine what keywords got mentioned in this browser, and your browser tells Google.  The transaction is still between you and Google.  In the basic case, it doesn't connect that keyword to you, personally, only to the browser. 

If you're using a Google account (which can be construed as attaching it to a PID), you can opt out of this.  Beyond that, Google's privacy policy states they won't share sensitive information without permission (and I expect their lawyers have been over that with a fine-toothed comb).  If you're not using a Google account, there's no PID to attach the cookie to anyway.  You can use the "private mode" of your browser (all the major ones have them) to not keep information beyond the one session for either case.


----------



## Umbran (Aug 22, 2013)

tomBitonti said:


> Google could run a number of sophisticated queries based on keywords and supply the results separately to a company, which then did a number of trial mailings to determine the quality of the individuals selected by each query, finding the best query, then periodically retesting the query to increase its accuracy.  This could be done with a lot of blinds, so that the keywords and individuals were only known to google, and the company supplied their advertising data back through google, completing the blind.




What Google *could* do is not material.  We do not convict people for crimes they could commit - only the ones they do commit.


----------



## Dannyalcatraz (Aug 22, 2013)

Umbran said:


> I'm going based on the wording presented.  "(2) obtains individually identifiable health information relating to an individual;"  Without context, a lone word (like "catheter") does not comprise health information.  Without metadata about who used the word, it is not individually identifiable.



It is individually identifiable for the milliseconds it takes the software to link your email address (and thus, your identity) and that word to a product and authorize the sending of the targeted ad.  That may be legally sufficient to trigger HIPPA (and other statutory) penalties, but we won't know for sure until after all the legal proceeding shave ended.

And "individually" has been broadly construed in the past.

If you were in a doctor's office asking for a catheter for an ailing relative, and a 3rd party catheter salesman overhears that and sends you info on his company's catheters, the violation is still there.  You're acting as an agent for this relative, so you are under that person's umbrella of privacy.  Even though the commercial speech was misdirected to you- the agent- and he actual patient was not actually identified, the breach of the patient's privacy has occurred, and the catheter salesman could be slapped with a HIPPA penalty.

(Note- if you were acting as a oateint's agent and directly queried the salesman, there would be no violation.)



> Google advertisers do not use their own infrastructure.  The advertiser submits an image and link to Google, along with information about when the ad should be shown.  This is stored by Google, and the ad is served up from Google's servers.  At the end of the month, the advertiser receives a report about impressions.  Google does not send a query to the advertiser's computers.  That would be slow, and would fail if that company's servers were down.  If Google did do this, it would be anonymized ("I want an image for case #3"), which Google would then insert into the page for them.  The advertiser does *not* get a direct link to you.




Sorry I was a bit unclear- I don't think the advertisers themselves will be found liable, precisely for the reasons you state.  When I said "in concert" I didn't mean that the advertisers' software or employees had any access to the triggering data, just that this is a commercial exercise by Google & the advertisers that falls well outside of the permissible use of private data.




> I expect their lawyers have been over that with a fine-toothed comb




True, but until there is a lawsuit before a judge (and possibly, a jury*) and/or actual case law on point, its just considered opinions.

Many a legal scholar has been surprised by the final outcome of a case.




> Well, for one thing, if you haven't deleted the e-mail, the word is still there!  If you deleted it less than 30 days ago, it may still be sitting in your trash, still not completely deleted.
> 
> Beyond that, for search criteria and page visits, I think the standard way is through browser cookies.  I don't know if Google sets browser cookies based on e-mail content.  So, there's a file on your own machine that says, in essence, "Keyword X got mentioned".  When it needs to, Google asks your machine what keywords got mentioned in this browser, and your browser tells Google.  The transaction is still between you and Google.  In the basic case, it doesn't connect that keyword to you, personally, only to the browser.




I'm thinking specifically of politically themed adverising I receive almost daily, and the only political emails I had were sent to me (not by me) and were quickly deleted...some without reading them.  (I know the sender.)

This has been going on the better part of 2 years.


----------



## Jhaelen (Aug 23, 2013)

Mustrum_Ridcully said:


> On the plus side, maybe things like this could actually lead to a new message interchange protocol with build in encprytion and security, something to replace e-mail?



Don't we already have that (at least in Germany) with De-Mail?


----------



## billd91 (Aug 23, 2013)

By the way, it's *HIPAA* not HIPPA.

And with the new Omnibus Privacy rule (well, new as of early 2013), business associates of covered entities (the health care organizations) who handle any of a patient's protected health information and their subcontractors are automatically covered by HIPAA and can be held accountable for breaching the privacy rule. So Google might want to reconsider giving anybody the impression they are misusing or improperly handling PHI lest they become targets of an investigation by the Office of Civil Rights and HHS. The penalties, very mild before, are a lot more expensive now. HIPAA violations have already been handed out for storing PHI in "the cloud" so the Feds are getting more serious about where and how PHI is stored and where it may be vulnerable.


----------



## Janx (Aug 23, 2013)

billd91 said:


> By the way, it's *HIPAA* not HIPPA.
> 
> And with the new Omnibus Privacy rule (well, new as of early 2013), business associates of covered entities (the health care organizations) who handle any of a patient's protected health information and their subcontractors are automatically covered by HIPAA and can be held accountable for breaching the privacy rule. So Google might want to reconsider giving anybody the impression they are misusing or improperly handling PHI lest they become targets of an investigation by the Office of Civil Rights and HHS. The penalties, very mild before, are a lot more expensive now. HIPAA violations have already been handed out for storing PHI in "the cloud" so the Feds are getting more serious about where and how PHI is stored and where it may be vulnerable.




Yeah, I spelled it wrong.

I'll have to learn more about the Omnibus rule, as that wasn't in my last briefing.

Previously, as I understood it, a business associate isn't on the hook for a HIPAA violation if they don't KNOW that a covered entity is using them for stuff that touches PHI.

However, the covered entity is required to disclose that and make the proper arrangements.

So, there's always supposed to be proper agreements and audits between parties, but it is the fault of the source of the covered entity for not initiating that process.

This means, Google for example is oblivious to what you do with their Drive or email products.  if you start stuffing patient files in there, scheduling patient appointments in the calendar for your clinic with it, you put Google at risk (not the other way around).  Google was an unwitting participant as they don't know that's what you're using them for and you haven't approached them with a proposal to do business together (and thus start the contract and auditing process).


----------



## Dannyalcatraz (Aug 23, 2013)

Janx said:


> Yeah, I spelled it wrong.
> 
> I'll have to learn more about the Omnibus rule, as that wasn't in my last briefing.



Ditto and ditto.  

The other thing that keeps me concerned about Google is that they used the phrase "expectation of privacy".

Law, like magic, is dependent on words and the way they are used.  And that's a phrase that runs through all kinds of cases that deal with privileged information, as well as cases involving the Fourth and Sixth Ammendment.  Its almost as if they're begging the question of "Who wants to sue us and for what?"

OTOH, perhaps they're just trying to get things rolling so they don't get blindsided down the road...kind of a "Come and get it!" maneuver.

And I woke up this morning considering yet another business where this could get ugly fast if a Google is right- communications with your accountant.


----------



## Janx (Aug 23, 2013)

Dannyalcatraz said:


> The other thing that keeps me concerned about Google is that they used the phrase "expectation of privacy".
> 
> Law, like magic, is dependent on words and the way they are used.  And that's a phrase that runs through all kinds of cases that deal with privileged information, as well as cases involving the Fourth and Sixth Amendment.  Its almost as if they're begging the question of "Who wants to sue us and for what?"




From the OP article, the lawyer's first very short paragraph was fine and reasonable.  The server is going to parse your mail for keywords to show you ads.  That seems reasonable for a free email service and isn't the same as "reading" my private mail.

Then the lawyer gets into jerky speech where it feels like he's saying "and then we're gonna bugger yer mum, because you know what, we can do that too!"


I think one of the more annoying things about corporations, even though they're people, they can commit crimes and be bad until somebody is strong enough to sue them.

Whereas real people are generally in trouble by virtue of calling the cops on them.


----------



## Mustrum_Ridcully (Aug 26, 2013)

Jhaelen said:


> Don't we already have that (at least in Germany) with De-Mail?



It is an attempt, but is it a trustworthy one?

I think the solution will need to come from an organization like the WWW and be open source, so no one can hide any vulnerabilities in it, and no one has direct control over it.


----------



## Dannyalcatraz (Aug 26, 2013)

Let me see if I can boil this down a bit, to show why I'm concerned:

If Google asserted that their programs didn't need a whole bunch of data to rout your emails & send you ads*, that would be one thing.

But they used that phrase, "expectation of privacy"...that's the phrase that gets tossed around when lawyers are trying to exclude or admit communications into evidence.  If you have no "expectation of privacy" when and where something was said, it is going to be admitted into evidence unless it can be omitted on other grounds- privilege will be no protection.

Google's lawyers know this.  And they used that phrase:



> Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.




They are saying that:

1) they are acting like an assistant, not the Postal Service. (A big stretch, since an assistant would probably not be considered a "third party" under the law and their business model most closely resembles a Postal Service.)

2) emails are inherently not privileged...and thus, admissible in court unless you can find another way to keep them out.










* and I'm not really buying that, either.  Correct me if I'm wrong, but the email addresses alone should be sufficient to deliver them properly, and if Google were not _targeting_ the ads, there would be ZERO reason to scan the data within the email at all.  Simply sending random ads or using an advertising schedule would allow them to provide the service without violating the privacy of the people using it.


----------



## Janx (Aug 26, 2013)

Dannyalcatraz said:


> Let me see if I can boil this down a bit, to show why I'm concerned:
> 
> If Google asserted that their programs didn't need a whole bunch of data to rout your emails & send you ads*, that would be one thing.
> 
> ...




true enough.  Technically, somebody at Google should have pounded the table shouting "That's evil!" and the whole idea would have been shut down when the lawyers were talking about taking this tack.

Because as Eric Schmidt was surprised when he got there, that's how Google's "Don't be evil" policy works.


----------



## MarkB (Aug 26, 2013)

Janx said:


> there's different kinds of privacy.
> 
> Nobody needs to know your social security number
> Nobody needs to know who you dated last night
> ...




So, just for example, let's say you're using a shared computer (the family PC at home, or a work PC) to send private e-mails, relying for your privacy upon the password-resctricted access to your webmail account, and some of those e-mails discuss private and personal subjects.

And then somebody else is browsing the web using the same computer, and starts seeing ads pop up for specialised medical sites, or dating sites, or recruitment sites.

Google may not have explicitly revealed the fact that you have a specific medical condition, or sexual preference, or that you're planning on firing a particular person, but it's certainly doing a lot to help someone join the dots.


----------



## Vyvyan Basterd (Aug 26, 2013)

While I don't agree with Google's email policy (and thus don't have an email account with them), it seems some perspective is being lost.

Why would you use a non-secure email address to send sensitive information? You've breached your own security by doing so. That's why most corporations block webmail as a potential security breach, requiring any work-related emails to be sent via secure email.

Why would you share a computer with anyone, at home or especially at work, that you couldn't trust with your confidential information? You've breached your own security by doing so. And most likely violated your company's security policy by sharing at work.


----------



## Janx (Aug 26, 2013)

MarkB said:


> So, just for example, let's say you're using a shared computer (the family PC at home, or a work PC) to send private e-mails, relying for your privacy upon the password-resctricted access to your webmail account, and some of those e-mails discuss private and personal subjects.
> 
> And then somebody else is browsing the web using the same computer, and starts seeing ads pop up for specialised medical sites, or dating sites, or recruitment sites.
> 
> Google may not have explicitly revealed the fact that you have a specific medical condition, or sexual preference, or that you're planning on firing a particular person, but it's certainly doing a lot to help someone join the dots.




Part of the problem with this example is profile management on shared devices.

In the Windows 95 era, normal people didn't have logins to their computer.  You turned it on, surfed porn, turned it off.  then your mom turned it on, surfed for recipes, looked at porn ads, and that was it.  You had no real privacy (technically you could, but normal people didn't know that) because it wasn't in your face.

Sometime around Windows XP, that model changed, and EVERYBODY got a login prompt.  Instead of being off by default, it was now enforced by default.  This meant you login as you, surf porn, cookie gets written to YOUR profile's cookie directory, then you log off.  When your mom logs in, she's loading cookies from HER profile directory.

Problem solved.

Except that now we get to mobile devices which don't account for different users when you pick up the device. So we're back to the old model that this highly personal device isn't all that personally protected.

Now in the last few years, I'd heard some Androids were getting a front-facing profile selector when you swipe open the device.  Basically setting the stage for Mommy's profile, and the kids, so the stuff is separate again.

And the alleged fingerprint scanner in the Home button on the next iPhone would presumably be for the same purpose.  Identify WHO is using the device, before showing apps, content and data.

Once every device is secured by user profile and users are not foolishly sharing their profile, then you've got protection over this simple part of the privacy problem.

Which is sharing your machine with other people without isolating your data, cookies, profile from them.

this problem isn't the password to my gmail account or the cookies I'm collecting when I surf.  The problem is letting somebody else use my profile on the PC/mobile device.

do not F'ing do that.  That's actually a HIPAA violation in the workplace.  Any IT shop or InfoSec office at a company should ban profile sharing or password sharing.  I login, I do stuff, I logout or lock the console before I step away.

the same applies at the house.  My wife logs in on her account, I log in as mine.  We don't share smart phones, except in the most utilitarian ways (can you look up XYZ that only exists on my device, my hands are full).


----------



## Dannyalcatraz (Aug 26, 2013)

> Why would you use a non-secure email address to send sensitive information?




1) Simple economics: small businesses- about 50%+- of most economies- may not be able to afford secure email addresses, and use what everyone else does.  This is especially true of start ups.  And once you've established an email address, changing it is _ridiculously_ expensive.

2) Publicity: not everyone is aware that such things as secure email services exist as a commercial option.  They go with whatever their initial hookup is.

3) Simple ignorance: most people probably assume their email service operates like a postal service or package delivery service and does not look at message content...myself inluded, in all honesty.  And I just looked at a random sampling of fellow professionals' (lawyers, mediators, accountants, MDs, etc.) email addresses in my inbox & address book: I saw Verizons, Gmails, Hotmails, etc.  IOW, unless you're very tech savvy, this is probably news to you.


----------



## Janx (Aug 26, 2013)

Vyvyan Basterd said:


> While I don't agree with Google's email policy (and thus don't have an email account with them), it seems some perspective is being lost.
> 
> Why would you use a non-secure email address to send sensitive information? You've breached your own security by doing so. That's why most corporations block webmail as a potential security breach, requiring any work-related emails to be sent via secure email.
> 
> Why would you share a computer with anyone, at home or especially at work, that you couldn't trust with your confidential information? You've breached your own security by doing so. And most likely violated your company's security policy by sharing at work.




Yup.  This is one of the reason's it's a HIPAA violation to send patient info via email unless it is "secure" which means encryption, contracts, etc.


For work, it's a completely dumb idea.

For home, it's probably a little more complicated.  I tell everybody I know to NEVER use the free email address from your internet provider.  At the simplest because one day you will fire them, and now you've got drama with your friends to get them to switch to the new address.  Plus, there's the technical hassles that they invariably don't connect to smartphones well, or have crappy web interfaces (or none at all), so now we have to port your email over when you change computers.

From that position, using Hotmail or Gmail are the top leading free- email providers.  Never use yahoo, they're a hacker-fest, and AOL is for Clydes.  Gmail has the best support for mobile devices and other email clients (it supports IMAP, hotmail only does POP and POP sucks compared to IMAP for features).

That pretty much means, everybody gets recommended to use Gmail.  It works, until now, it was reasonably private and mostly secure.

For normal people, I am pretty much guaranteed to be able to get them going with Gmail, get it working in an intelligent way with their smart phone (the mail stays on the server with IMAP) and even get it working with Outlook if they insist on using that.

Everybody who insists on using something else runs into problems, so Gmail wins because it is stable, not obscure, and it just works.


So the question is, what do "normal" people who aren't cheating on their spouse or plotting to overthrow the government have to fear from Google?

And don't give us the "slippery slope to erode our freedoms" argument, as society tends to backlash on that before the "horrible consequences" ever get here.

While I agree Google's statement is horribly stated and logically leads to "Being Evil", let's look at where the rubber actually meets the road for a second.

What could normal people be doing that this policy ACTUALLY causes a problem for?


----------



## Vyvyan Basterd (Aug 26, 2013)

I do have hotmail (as I don't do mobile) and use that for emails between friends, etc. But I use a secure email address when dealing in anything I would rather be kept private. So even if I do "fire" my service provider (haven't for over a decade) I have very few people that would have to be updated.


----------



## Janx (Aug 26, 2013)

Vyvyan Basterd said:


> I do have hotmail (as I don't do mobile) and use that for emails between friends, etc. But I use a secure email address when dealing in anything I would rather be kept private. So even if I do "fire" my service provider (haven't for over a decade) I have very few people that would have to be updated.




I'd bet you pay money for that secure service, and that it does NOT operate like normal email.

One of the factoids I forgot to mention, as it may form some of the basis for Google's position is that basic email is NOT secure per its specification.

SMTP is the protocol used and it does not guarrantee delivery or secrecy.

When I send an email from my server to yours, it is transmitted in clear text.  Anybody with a packet sniffer that is sitting between our servers on the network could intercept those bytes and read the message.

thus, there is no expectation of privacy in the sense that your email is safe from criminals or even someone doing a network test for an unrealted and legitimate reason.

Truly secure email requires more technical aspects to be aligned.

If you and I work in the same company running Exchange for instance, mailing something to you is secure because Exchange talks to itself with its own protocol.

If you work at a different company, IT can setup TLS (forget what it stands for) between our 2 servers and that can be secure.

If both parties are on the same server, the data never leaves the server.  For example If I email Vyvyan from my hotmail to his, then it is secure by virtue of it never traveled outside of Microsoft.

In the case of services offering Secure Email, they invariably have a few different forms.  The one snowden used could accept email from outside services that were thus 
"unsecure" but they could guarantee that NOBODY but you could log into your account to read it once it got to their server.

Other services require all parties to be have accounts with them (a form of "all in the same server" solution).  At best, your insecure email will get an email saying you have new email on the secure service and contain a link to the web site so you can log in and see it.

Google's argument may be relying on this foundation that plain email was never secure in the first place.


----------



## Dannyalcatraz (Aug 26, 2013)

Janx said:


> So the question is, what do "normal" people who aren't cheating on their spouse or plotting to overthrow the government have to fear from Google?
> 
> And don't give us the "slippery slope to erode our freedoms" argument, as society tends to backlash on that before the "horrible consequences" ever get here.
> 
> ...




If Google's lawyers were being precise when they used the "expectations of privacy" language, then everything sent via their system is essentially discoverable and admissible in court since it was handled by a third party excluded from all incarnations of privacy rules.  Law enforcement might not even need a warrant to search the stuff.  Because if there is no expectation of privacy, it is as if you were conversing with someone on a busy street corner in public.

So, email communications with your MD, lawyer, accountant, etc. is all fair game.  Email between MDs, lawyers and accountants, etc. discussing your information would be fair game.

Communications between the "home office" and your mobile device would be fair game.  Even if its a company phone, you have no "expectation of privacy" according to G.

All because they want to *target* some ads.

And lets not discount discussions of things like adultery.  That's still a criminal offense in some states, as well as an offense under the UCMJ punishable by dishonorable discharge, forfeiture of all pay and allowances, and confinement for 1 year.

Again, all because they want to *target* some ads.

So, Google (and others), either charge me for the service and do away with the ads or keep emai free and put the ad software on "randomize"so you don't need to scan the contents.


----------



## Vyvyan Basterd (Aug 26, 2013)

Janx said:


> SMTP is the protocol used and it does not guarrantee delivery or secrecy.
> 
> When I send an email from my server to yours, it is transmitted in clear text.  Anybody with a packet sniffer that is sitting between our servers on the network could intercept those bytes and read the message.




True. I didn't mean secure as in what my company uses. I mean "not scanned by the host." I don't send critically vital information via email and only expect a modicum of privacy, not guaranteed privacy.


----------



## Janx (Aug 26, 2013)

Dannyalcatraz said:


> If Google's lawyers were being precise when they used the "expectations of privacy" language, then everything sent via their system is essentially discoverable and admissible in court since it was handled by a third party excluded from all incarnations of privacy rules.  Law enforcement might not even need a warrant to search the stuff.
> 
> So, email communications with your MD, lawyer, accountant, etc. is all fair game.  Email between MDs, lawyers and accountants, etc. discussing your information would be fair game.
> 
> ...




Note: I'm just playing Phil the Prince of Insufficient Light's advocate here.  I'm hoping the discussion reveals some specific examples of "harm" that Google's policy can make.

On privacy with your MD, he shouldn't be emailing you about anything.  One of mine uses a secure web portal for all such communications about tests and appointments.

For lawyer, the clients I have use a Secure Email service.  We talk in voice or they send stuff over that.  I've never had a lawyer for more traditional things, but I would hope we stick to voice or direct meeting.

For accountants, assuming they are an employee, they will have a company account (even if it's just a small part time accountant).  I wouldn't want email from them explaining how offshore accounts work outside of my server....

For company emails to smart phones, your smart phone should be tying into the corporate mail server (Exchange usually).  Employees should not be forwarding work email to a gmail account in order to receive it on their smart phone.  Most smart phones can bind to multiple email services/mailboxes for this reason.

I'm not as caring to folks breaking laws as I am to people who don't have anything to hide.  Are the latter being harmed?

The generic situation I envision in most privacy is violated is where someone with access and authority goes snooping for data on somebody they know (or gets paid by a "friend" to snoop) and the lack of access controls gives them info they shouldn't have.

To me, this is an abuse of power (technically, that's what Snowden did) due to opportunity (having access without safety checks) and motive (wanting the info for non-work related reasons).

I think all email should require a warrant/subpoena thing.  Something from a court, documented and authorized.

Email might not be perfectly secure, but there is the expectation that only bad guys are violating that privacy/security barrier.


----------



## Dannyalcatraz (Aug 27, 2013)

Janx said:


> Note: I'm just playing Phil the Prince of Insufficient Light's advocate here.  I'm hoping the discussion reveals some specific examples of "harm" that Google's policy can make.
> 
> On privacy with your MD, he shouldn't be emailing you about anything.  One of mine uses a secure web portal for all such communications about tests and appointments.




Just sticking with the MDs, there are all kinds of communication that can occur via mail or phone that- by Google's logic- would be outside of MD/patient privilege.



> _(edit)_
> Q: Does the HIPAA Privacy Rule require hospitals and doctors’ offices to be retrofitted, to provide private rooms, and soundproof walls to avoid any possibility that a conversation is overheard?
> 
> A: _(edit)_
> ...




Because if you request the email and get it, it doesn't matter if the MD's, lawyer's or accountant's service was secure or not if _yours_ wasn't.

And the thing is, if communications using the US Mail and the phone companies aren't required to be encrypted to have an expectation of privacy, why should Google be treated any differently?  Because they want to sell targeted ads?  I don't think any court will buy that, especially since they could just as easily send users non-targeted ads.



> I'm not as caring to folks breaking laws as I am to people who don't have anything to hide.  Are the latter being harmed?



If the communication is otherwise privileged, then yes.  The law says that the protection granted by privilege is content-neutral. If we start making exceptions for violating the privilege because it is about illegal or immoral acts, then we undermine the function of many of the privileges.

For example, it makes no sense for priest/penitent privilege to be nullifiable if the penitent is discussing bad things- that's the point of the relationship.

It would also impede the Constitutional right of a defendant to fully communicate with his attorney to mount a defense.

It may be essential to your treatment for an ailment or injury to disclose to the medical staff that you did something illegal.  (For public health reasons alone, it is preferable that criminals undergo successful treatment of infectious agents instead of fearing arrest and therefore becoming Patient Zero.)

Etc.



> I think all email should require a warrant/subpoena thing.  Something from a court, documented and authorized.



I agree.  And AFAIK, it currently does.

But if Google is right and you don't have an expectation of privacy, that may not be required. It would no more require a subpoena or warrant than asking for the testimony of the guy who sat at the next table from you when you discussed taking out a hit on Carrot Top.



> Email might not be perfectly secure, but there is the expectation that only bad guys are violating that privacy/security barrier.



Or the police...or the Media...or a business rival...

If you have no expectation of privacy, whatever you say is as fair game as an overheard conversation.

Which is why- if you go to jail- you don't openly discuss your case via the provided phones.  You have no expectation of privacy- they listen to those, and anything and everything you say can be used against you...and even leaked to the media.  Instead, you make an appointment and get a private room.

Which is why- if you are seated in the back of a police car, unrestrained with the door open and the officers standing 50 yards away, you don't openly discuss the situation.  It's the same as the prison phones- the radio may be on, and there may even be a camera on you.  IOW, they'll be listening.


----------



## brenson164 (Aug 30, 2013)

This is merely my personal opinion. From the time that I create account in the internet whether in email or in social media the word privacy is merely a word. Email providers would scan every messages that send out and it for the purpose that you didn't abuse your agreement with them.


----------



## Morrus (Aug 30, 2013)

Janx said:


> I'm not as caring to folks breaking laws as I am to people who don't have anything to hide.  Are the latter being harmed?




The concept of privacy far exceeds the bounds of lawbreaking.  It encompasses the concept of dignity.

Using the toilet isn't illegal.  You don't want to do it in public, though.  Privacy is about lots of things; "nothing to hide" is a misnomer.  I do plenty of perfectly normal, legal things which I wish to remain private.  I also have plenty of perfectly normal, legal conversations (both offline and online) which I wish to remain private.


----------



## Janx (Aug 30, 2013)

Morrus said:


> The concept of privacy far exceeds the bounds of lawbreaking.  It encompasses the concept of dignity.
> 
> Using the toilet isn't illegal.  You don't want to do it in public, though.  Privacy is about lots of things; "nothing to hide" is a misnomer.  I do plenty of perfectly normal, legal things which I wish to remain private.  I also have plenty of perfectly normal, legal conversations (both offline and online) which I wish to remain private.




These are the excellent examples I was asking for.  Thanks.

I think having specific examples like these helps get past the "if you haven't got anything to hide" argument about unreasonable search or lack of probable cause.


----------

