Google Responds to Gmail Privacy Concerns

Google’s newly announced free email offering has strengthened its position against Yahoo and MSN. Before it can continue to battle its competition in earnest, however, it’s working to quell privacy concerns.

The company’s plans to include contextually targeted ads in its Web email client are the cause for the concern, because Google intends to have its technology scan the content of email messages, and target ads accordingly. Now that it’s clear the initiative isn’t an April Fool’s joke, analysts, industry figures and individuals are debating the decision across the Net. Meanwhile a group of privacy advocates are drafting a letter asking Google to clarify its policies.

“The fact that it’s machines is irrelevant,” said Pam Dixon, executive director of the World Privacy Forum. “Machines are more efficient than humans and far more able to be privacy invasive than humans because they can read so much more.

“We’re concerned that users of Gmail, who must give Google their names to sign up, may have their names correlated with the search terms they type in when searching. This can be done through cookies and IP addresses,” Dixon said.

“Google needs to make a commitment to its users to never correlate that information,” Dixon said.

Dixon’s group is drafting a letter to be sent to Google calling on the Internet giant to clarify its policies with regard to Gmail. Her group has approached other privacy organizations to sign on to the letter and at least one has indicated likely approval.

“It would be an important improvement if Google stated it won’t correlate the information,” said Chris Hoofnagle, associate director of the Electronic Privacy Information Center. “Google has become a bread-and-butter tool to many people. The erosion of user privacy may lead to harm in the brand name and to individuals discontinuing use.”

In response, Google says what’s drawing concern is what computers are capable of doing, not what the company does in reality. “We pride ourselves in protecting users’ data and holding ourselves to he highest standard,” said Wayne Rosing, VP of engineering for Google.

“We do not keep that data in correlated form, it’s separated in various ways and we have policies inside the company that do not allow that kind of correlation to happen. We consider any program or programming that correlates user data with user identity to be a violation of trust and we do not do that,” said Rosing.

But Rosing stopped short of saying that the company will never correlate the data.

“Then it gets to be an issue of what happens if we have to do something to comply with a legal situation,” he said, apparently speaking of criminal cases in which the company might be subpoenaed by law enforcement.

It’s worth mentioning that Google already has the power to correlate IP addresses and search queries and clicks — something Rosing says has never occurred.

“I have been here a long time and I have no knowledge of that kind of situation [correlation] ever happening. It does not happen and every employee of Google knows they cannot do this. We have extensive monitoring of our people,” Rosing said.

“We have very strict policies. We do not associate search clicks with a user’s name or anything like that. And in certain cases we age data and it disappears from the system to provide enhanced privacy protection,” Rosing said.

Rosing also pointed out that when computers filter spam, “they have to look at the email in detail or they can’t find the spam. It’s nothing extraordinary or new going on here.”

Dispelling the worries may largely be a matter of Google’s clearly communicating its intentions, and making sure people understand what it’s doing, and what it isn’t.

“There’s a couple of analysts on the Jupiter Research staff who think this is overstepping a line no company should cross,” said Joe Laszlo, a senior analyst with the company, which is owned by the parent of this publication. “Others, and I’m in this group, feel that as long as they make it clear what they’re doing and the user gets free email and a lot of storage, the cost you pay is the ads adjacent to the emails you receive.”

Jordana Beebe of the Privacy Rights Clearinghouse, agrees with Laszlo that disclosure is key. “Larger storage capacity and ability to send and receive bigger files may be worth less privacy to some consumers. But they need to know that tradeoff is occurring,” she said. Like Dixon and Hoofnagle, Beebe said Google should clarify whether it will combine information on IP addresses and cookies with user names.

Related reading