No, they did something almost as problematic. They cited a legal precedent saying that there was no expectation to privacy. Yes, Google is still bound by their TOS and will keep stuff private. But governments are not and can, under that exact logic, request data without a warrant since "there is no expectation to privacy".
That's correct. Under the current law, cloud-based storage is an implicit acceptance of giving up various privacy protections, under the principle of third-party disclosure.
The principle summary is that if you share private information with a third party (disclosure), you are voluntarily making that information non-private, if not public. That opens the door for the government to request the information under ECPA, the Electronic Communications Privacy Act of 1986. For more on that, check EPIC, which is a lead plaintiff in suing the government over the mass surveillance without a warrant programs, broadly collected under the PRISM moniker in public discussion: http://epic.org/privacy/ecpa/
Wikipedia adds: "For instance, email that is stored on a third party's server for more than 180 days is considered by the law to be abandoned, and all that is required to obtain the content of the emails by a law enforcement agency, is a written statement certifying that the information is relevant to an investigation, with absolutely no judicial review required whatsoever.
When the law was initially passed, emails were stored on a third party's server for only a short period of time, just long enough to facilitate transfer of email to the consumer's email client, which was generally located on their personal or work computer. Now, with online email services prevalent such as Gmail and Hotmail, users are more likely to store emails online indefinitely, rather than to only keep them for less than 180 days. If the same emails were stored on the user's personal computer, it would require the police to obtain a warrant first for seizure of their contents, regardless of their age. When they are stored on an internet server however, no warrant is needed, starting 180 days after receipt of the message, under the law. In 2013 members of the US Congress proposed to reform this procedure." http://en.wikipedia.org/wiki/Electronic_Communications_Priva...
Written in a time when POP was king and emails were pulled from the (expensive) server to be read and stored locally, it assumes that anything on what we now call the cloud is abandoned after six months, again giving up various privacy protections.
Google—Gmail—and Dropbox both operate within this legal regime, as cloud-storage companies. As the parent states, citing that argument lends credence in a court that gives deference to the federal government that created and relies on the argument to request data.
> Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient's ECS provider in the course of delivery. Indeed, "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties." Smith v. Maryland, 442 U.S. 735, 743-44 (1979). In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the Court explained that in using the telephone, a person "voluntarily convey[s] numerical information to the telephone company and ‘expose[s]’ that information to its equipment in the ordinary course of business." Id. at 744.
Is it not a worthwhile discussion to have, which is, if I as a non-gmail user send an email to a gmail user, do I as a non gmail user have any expectation to privacy? After all i as a non gmail user never accepted (or even read) any terms of service for gmail. Or does a gmail user hand over privacy rights on behalf of all who may send them an email? If so, ought we not discuss this so that the general public understands this? Send an email to a gmail address and you are essentially agreeing to ... Who knows what? I don't.
Send a snail mail to me and my wife will probably read it. Send an email to me and my secretary will probably read it.
Are surprised if email you send me is scanned for spam? Or scanned for automatic filtering? Or for full-text search? I don't see why scanning it to serve me ads is any worse.
True enough... but I wonder (has anyone actually done this?) if you polled 1,000 "average americans" how many would be surprised and/or upset to find out that email is 100% not private, and it's not supposed to be. I bet a high, high proportion.
I guess the problem with an aggressive public campaign to educate consumers, is that there is no obvious alternative.
Why are people always talking about Americans? They seem to be pretty dumb...
Anyways, I strongly believe that as long as you living in a Western society it is your job to take care of your business.
If I am taking part in any System which I did not check up to see if it is secure, I am voluntarily taking the Risk of using the System.
I could for example set up an own E-Mail server, if I was coming to the Point that E-Mails are not secure enough on an external hoster. (If I searched for enough security related information about the "E-Mail" System.)
Your argument here is fallacious. In a perfect world, of course every service user would thoroughly research their providers before agreeing to their Terms of Service. The reason why that doesn't happen in real life is because not everyone is a sysadmin/developer/privacy lawyer. If each and every Gmail user spent the time necessary to thoroughly understand and interpret the legal nuances of email privacy, most of them wouldn't have any time left to go to work or take care of their families.
If we expected consumers to completely fend for themselves at all times, there'd be no need for the FDA, the CPA or, for that matter, the government. Why do you think these institutions were created in the first place? They came into being because the average consumer doesn't have time to become a food quality expert and tour the factories that make the products s/he buys. Similarly, the average Gmail user doesn't have time to learn and weigh the merits of Gmail's intricate privacy policy, nor does s/he have time to learn how to set up and secure his/her own email server.
To say that Americans are "dumb" because they're not all experts in the field that you do happen to understand professionally is stereotyping and offensive. Do you have a thorough understanding of pharmacology or refrigerator design or any of the other numerous fields' whose products you use on a daily basis? I didn't think so.
By sending email to gmail.com you have implicitly accepted that the email will need to travel through Gmail's systems, whatever that might mean - advertising analysis, data retention, etc.
Well before Gmail or indeed Google, it was already known that email is not, by its design, a secure medium of communication (unless, perhaps, both parties use an adequate encryption scheme).
Here's the rub: Google wants to have it both ways (legal defence, slim "actual" privacy protections). But, what the "sensation and disingenuous" responses really are is a political critique. It's a surprisingly common tactic, similar to the reduction ad absurdum, where you pin your opponent to their position, to see them wriggle and squirm. It's not a friendly way to critique something, but Google doesn't need our protection. So I say, amp up with "sensational and disingenuous" critique and carry on!
Using that argument in court lends it credence.