Comments on: Does Gmail breach wiretap laws?

Three nonprofit groups say Google's forthcoming service is an "invasion" into private communications. Privacy law experts are skeptical of the claim.

Guess who Stewart Baker is?

Stewart A. Baker was the National Security Agency's top lawyer from 1992-1994, where he promoted the key escrow system for the Clipper chip. EPIC, on the other hand, was a key opponent of the Clipper chip. It's curious that Declan McCullagh quotes Baker as his preferred expert on privacy issues, and notes that Baker said that "EPIC's analysis was flawed" on the issue of machine scanning of email. (What does McCullagh feel about Baker's advocacy of key escrow? After all, it's even smaller than a machine -- it's a tiny, little chip! How harmless!)

The point that McCullagh misses in all of his pieces on Gmail, is that those without Gmail accounts who end up sending mail to someone at gmail.com haven't consented to anything. Nothing in the Gmail privacy policy applies to those without accounts, and Google has yet to state that they won't be saving the incoming email addresses, and associating them in their database along with the keywords they'll be extracting from those incoming emails.

It's time for CNET News.com to take McCullagh off of the "Gmail is wonderful" beat. He's not very competent at hiding his pro-Google colors.

[heslingaj]

Do you understand e-mail?

E-mail is not private. It hasn't ever been, and as long as it is not sent encrypted, it won't ever be. Gmail is no different than any other e-mail system based on server message storage (and there are many others).

When you send an e-mail message, you are consenting for it to travel, in plain text, between any number of servers on its way to its destination. It's like sending a postcard through the mail. Any number of people could intercept and read it along the way.

You want privacy; you don't use e-mail or you use secure e-mail. The anti-Gmail crusaders need to take a deep breath and focus on actual technological threats to privacy, of which there are many. It's technologically ignorant to focus privacy attacks on Gmail, and it's bad public policy to start hysterically crying for government to investigate and ban new technological services that will offer significant benefits to consumers. If the "privacy" zealots and demagogues succeed, the only real losers will be the rest of us.

[Remo_Williams]

One point struck me.

I have no problem with GMail use, if you consent as a user to have your email scanned in exchange for 1 Gb of space. However, the previous comment has the missing piece to the equation: do I imply consent if I email a GMail user? I would say "no".

The idea of cleartext email not having an expectation of privacy is well-established. However, SMTP relays are authorized to "read" the email, much the same way a postman is protected if he accidentally scans your postcard while dropping it in your mail slot. He's authorized to deliver the mail.

The same is not true for some indicting normal and expected email flow. I have a right to expect my email is not scanned by SMTP admins for their amusement, but I would be remiss in not encrypting sensitive email. No one has the right to take a $20 bill from your car's dashboard, but you're negligent to some degree if you leave it out in the open with the windows rolled down.

The first person to successfully integrate Winzip or WinRAR encryption into the top five mailers wins the prize. Transparent encryption will make all of this a moot point (I'll leave key exchange to someone else)

Remo

[JSanguancheu]

Do these people have nothing better to do???

If people know how the service works and agree to it through the authorization when registering, what's the problem here??

If people don't read and just click YES then it's their own fault.

Where else do you get 1Gb of storage space for free?!

There's a cost to everything.

Stop wasting taxpayer money and find something more useful to campaign for.

JS

[smkatz]

no consent issues/spam filters

Every single spam filter in existence on AT&T Worldnet, AOL, Yahoo, and Hotmail all access and parse your e-mail.

They have to..

Furthermore, how could the SMTP process work without Google recieving the messages?

The problem with regulating this is two-fold:
1. There is nothing intrinsically wrong with Google's idea. (Most messages on Gmail don't display ads.)
2. This could have disastorous effects should it be allowed to set a precedent.

3. To rebuff the consent argument, I have the right to record my telephone conversations and you need not know about it. (This may not be true in California..) *however* the Internet is a completely different animal.. you have no expectation of privacy when sending someone an e-mail. It goes *unencrypted* across many computers. I have the right (as Steve Jobs demonstrated with his handling of RealNetworks) to forward this letter to the New York Times.