Recently, reports surfaced that Gmail users allegedly didn’t have a legitimate expectation to privacy. Provoking an outrage, it turned out to be far from the truth.
A scathing alarm raised by Consumer Watchdog blasted Google last week, quoting a filing from Google in which the company apparently stated that users of Gmail, its email service, shouldn’t expect any right to privacy.
If true, the statement would have been hair-raising and set off some major alarm bells. But there was something that didn’t ring right with this particular alarm.
I personally know a lot of people that work at Google, and they are practically net libertarians. They care deeply for privacy. Quite a few of them are also active in the Pirate Party, which has privacy as one of its fundamental pillars. I have personally presented at Google HQ in Mountain View. So my initial reaction was that there was something else at play.
If I said something that was obviously counter to my own values, I thought, then I would be hoping that people would understand I would be trying to warn them about something else entirely. So for a while, I thought this was Google’s way of warning people that they had received one of the infamous US National Security Letters requiring them to hand over the private mail of everyone. After all, Google has been defending net liberty even to the point of preferring to close a Chinese office over accepting Chinese censorship, for which they even received flowers from local people despite closing offices.
The motto ‘Don’t Be Evil’ has been questioned and challenged over the years, and rightly so. A corporate empire does, over time, corrupt itself just like any other empire. As any organization gets money, power, and influence, it starts attracting people who desires money, power, and influence, rather than the initial entrepreneurs or activists who were in it for changing the world for the better.
So had Google gone evil overnight, laughing with echo effects at Gmail users? No. This change doesn’t happen overnight – it takes a full generation, some 20-30 years, before an initial core of world-changers are replaced by people who trade their values for ambition. What had happened was that Consumer Watchdog had way over-interpreted legal language.
The filing in question said that mails forwarded by Google could not be a secret to the internet giant, as by definition of the service provided it has to process and display the mails sent and received to the users of Gmail. Thus, the alarm sounded was more one of Consumer Watchdog not understanding technology at all, and understanding that a mail server needs to process a message to display it to a human being.
I have two deeper issues with this misunderstanding. The first is that Consumer Watchdog’s alarm unfortunately and ironically took attention from the real killers of net liberty and privacy when the most focus is needed on them.
The NSA revelations are horrific – it’s every bit as bad as we said it could be, and much worse still. But the second consideration may be even more cause for alarm: people (in this case Consumer Watchdog) don’t understand that a mail server sees the mail, and that this is the case by necessary design. They don’t understand the most basic information security.
By extension, they don’t understand things like that when they enter their PIN code to their VISA card, they give that PIN code to the ATM manufacturer’s programmer. They don’t understand that when they communicate with a machine or gadget or terminal, everything they transmit is processed by computer program code, can be read by that program code, and can be exploited by the person or people who wrote that program code, and every piece of program code between them and the intended recipient.
Again by extension, if the people supposed to understand these principles actually don’t, then those people do not understand the ramifications of the NSA wiretapping, or of the British GCHQ wiretapping every single byte transmitted over London on the internet.
If they don’t understand how and when people are reading their secrets, they can’t take countermeasures, they don’t know how to protect their privacy. And perhaps most alarming of all, there is a tendency to belittle those who do protect their privacy by means of strong encryption that even the NSA can’t break, mostly because the people who should understand privacy and consumer rights actually don’t.
We need to bridge this gap and we need to take encryption to the masses. For what it’s worth to Consumer Watchdog, Google’s mail servers can’t read an encrypted mail message. Nor can anybody else but the recipient. That’s worth a lot to me, and that’s why I regularly encrypt all of my communications.