BAILEY T. STEEN | MONDAY, JULY 9, 2018
“We’ve always tried to accurately define what it meant to be a good force, always doing what’s right, what’s ethical. In the end, [our company motto] ‘Don’t Be Evil’ seemed to be the easiest way to sum it up.”
— Larry Page, former Google CEO
It was May 2018 since Google, the most powerful information gatekeeper in the world, made their intentions clear when this tongue-in-cheek motto, “Don’t Be Evil”, was removed from the company’s corporate code of conduct. Both the left and the right saw this as symbolism for the worrying direction of big tech, citing Google’s involvement in US drone programs, potential search engine manipulation, their links to corporate media and the endless scandals surround cyber-insecurity in Silicon Valley. Now, according to a new report from The Wall Street Journal, email surveillance over customers can officially be added to the list of offences.
In a recently published article titled “Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail”, journalist Douglas MacMillan highlights the methods Google has used to allow third-party app developers, not just computers or artificial intelligence, to read the emails of millions of Gmail users. These intercepted data includes recipient addresses, time stamps, and entire message threads, all used for ad optimisation — despite the company’s 2017 pledge to discontinue this practice.
“Consumer Gmail content will not be used or scanned for any ads personalisation,” wrote Diane Greene, Google Cloud senior vice president, in her announcement blog post. “G Suite customers and free consumer Gmail users can remain confident that Google will keep privacy and security paramount as we continue to innovate."
This, of course, was just an evil lie.
Google, forced to save face and respond to the WSJ, issued their public statement to The Verge earlier this week, stating they “only give data to ‘vetted’ third-party developers”, citing a vetting process which requires developers to verify their identity and hold privacy policies Google finds adequate, going on to say they have “users’ explicit consent”. This is news to Gmail customers given the way they obtain this consent is unclear.
It’s usually through a “permissions screen" similar to this:
Google states the company’s name, a link to their privacy policies, a few pointers on how they’ll manage the account, without information on what users’ data will be used for and how to withdraw consent from upon clicking the ‘allow’ button.
Unlike Google, TrigTent will provide this information here, straight-up, no catches, without the bullshit legal talk. Google users should go to the site’s security checkup section, click on the third-party access menu and click “remove access” with the press of a button. Simple.
What’s not so simple, however, is whether third-party developers actually use the data the ways they claim. The WSJ cite the privacy policies of two firms, Return Path and Edison Software, who allege they’ve allowed their engineers to read thousands of emails, without users consent, while their policies only state computers and artificial intelligence would have access to this sensitive information for data management.
The WSJ writes:
“One of those companies is Return Path Inc., which collects data for marketers by scanning the inboxes of more than two million people who have signed up for one of the free apps in Return Path’s partner network using a Gmail, Microsoft Corp. or Yahoo email address. Computers normally do the scanning, analyzing about 100 million emails a day. At one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s software, people familiar with the episode say.”
“In another case, employees of Edison Software, another Gmail developer that makes a mobile app for reading and organizing email, personally reviewed the emails of hundreds of users to build a new feature, says Mikael Berner, the company’s CEO.”
Edison Software responded to the article with a statement to The Verge saying: “We have since stopped this practice and expunged all such data in order to stay consistent with our company’s commitment to achieving the highest standards possible for ensuring privacy.”
Neither firm has faced legal action for breaching contract.
Suzanne Frey, director of security, trust, and privacy at Google Cloud, was among the first to respond from the company stating in her blog:
“To be absolutely clear: no-one at Google reads your Gmail.”
While the situation may seem reminiscent of Facebook’s Cambridge Analytica data scandal, where a Trump campaign-linked advertising firm used a personality quiz to collect the data of more than 87 million users without their consent or knowledge, the concerns rests around whether Google has the infrastructure, in morality and practice, to properly vet third-party developers before trusting them to use customers data.
The Verge cite the 2017 Google phishing scam, an organised cyberattack which “disguised itself as a permissions request from Google Docs to gain access to user contacts using the same authorization system”. Given Google’s record of fighting the California Consumer Privacy Act (CCPA) and the European Union’s GDPR provisions, requiring true explicit consent from users regarding data management, it’s time for them to decide: Are they the benevolent techno-libertarians we can trust to protect us, known for their impeccable commitment to reigning in hostile actors, or do their continued mistakes, time and time again, prove they need reigning in themselves?
Thanks for reading!
Bailey T. Steen is a journalist, editor, artist and film critic based in Victoria, Australia, but is also Putin’s Puppet™ on occasion.
Business or personal contact: firstname.lastname@example.org | Comment below
Cheers, darlings!! 💋