The controversy surrounding Googleâ€™s new G-mail system is truly astounding. Just in case youâ€™ve been living under a rock for the last couple of months, hereâ€™s the deal. Google has developed a free web-based email service which allows each user to store up to 1 gigabyte of email. But as we know, nothing is truly free, so in exchange, Google would like to display targeted banner advertisements when the email is viewed on their system – similar to whatâ€™s done right now when users use the Google search engine.
However, thereâ€™s been a privacy backlash because Googleâ€™s system would scan the contents of each message for the purpose of generating context-sensitive ads to display. Reading about your cousinâ€™s trip to Miami, well then Google might want to display a banner ad promoting a travel package to the sun spot.
Google describes the process as follows: â€œGoogle will display targeted ads and other relevant information based on the content of the email displayed. In a completely automated process, computers process the text in a message and match it to ads or related information in Google’s extensive database. No human reads your mail to target ads or other information without your consent.â€ This sounds similar to the process used by AOL, Yahoo, MSN and others to scan incoming email for viruses and spam. So whatâ€™s the fuss all about?
If youâ€™re concerned about confidentiality, donâ€™t use Google mail as your primary email service. But then, you probably wouldnâ€™t want to use AOL, Yahoo!, MSN, Sympatico or other external email services either. However, Google mail could still be a great place to archive useful information such as articles youâ€™ve read in online newspapers and magazines.
Hopefully all this attention on Google mail will cause the industry to re-evaulate what confidentiality obligations service providers should be assuming. In any event, there are more important privacy issues to worry about. For instance, how many professionals, including lawyers, have signed up for Blackberry or similar services based on contracts which lack a contractual obligation of confidentiality? We caution clients to sign confidentiality agreements and we spend time arguing over the contents of confidentiality obligations contained in contracts we review for them. But how many of us take steps to ensure that appropriate confidentiality obligations cover the private emails that are replicated from our law firm servers onto the externally located systems? I wonâ€™t even mention the uncapped indemnities that many service providers insert in their contracts.
Also consider how many professionals continue to exchange confidential emails without using commonly available and inexpensive public key certificates to encrypt the contents? Almost all popular email programs support a feature called S/MIME which allows the sender to digitally â€œsignâ€ the messages they send using a â€œpublic keyâ€ they attach to their messages. The public key can also be used by recipients of their messages to authenticate the sender and can also be used to send them back encrypted messages which can only be decrypted using a â€œprivate keyâ€. Private/public key combinations can be obtained from Verisign for as little as $10 per year.
And since we started with a focus on Google mail, one of Googleâ€™s other services might be a good place to end this piece. How many of us routinely use Googleâ€™s search engine to look for personal and work related information? These searches are saved by Google along with the IP address from where they originated and any associated Google cookie identifier stored on the userâ€™s computer. This information may not necessarily be considered â€œpersonal informationâ€ because Google does not have sufficient information to tie it back to a particular person â€“ that would require asking your ISP to match up the dynamic IP address assigned to your computer. But how dynamic is an IP address in the world of always-on DSL and cable modem broadband connections? The same IP address may be assigned to a particular home for weeks or months at a time (and most business users often have a fixed/static IP address assigned to them). Then thereâ€™s the Google cookie on your computer. Prudence dictates taking out the trash periodically – if youâ€™re using Internet Explorer, select Tools, Internet Options and then Delete Cookies.
Note: The above appeared as a Bits & Bytes article published by Law Times on May 17, 2004.