Google Pushing Back On Law Enforcement Requests For Access To Gmail Accounts 75
Virtucon writes "Ars technica has an interesting article on how Google is handling requests from law enforcement for access to Gmail accounts. With the recent Petraeus scandal where no criminal conduct was found, it seems that they're re-enforcing their policies and standing up for their users. 'In order to compel us to produce content in Gmail we require an ECPA search warrant,' said Chris Gaither, Google spokesperson. 'If they come for registration information, that's one thing, but if they ask for content of email that's another thing.'"
service centralization = bad idea (Score:3, Insightful)
Email and other services are way more robust when there are many providers, because there is not one central point for a government to apply pressure. In the 1990s everyone got email through their ISP, and there were a million little ISPs all around.
Now, there are fewer ISPs, and even though they all still provide email via the standardized protocols, everyone ignores that and uses webmail... and most of them use Google. Having the whole world's email in one place is a bad idea. It means there's one place to, say, block encryption if the powers-that-be decide they really should be able to read *every* email. It means there's just one place to censor. Just one place to move away from standard protocols to achieve lock-in.
The entire concept of the internet was about decentralization to achieve robustness. Once, robustness in the face of nuclear war, but it also provides other kinds of robustness, like robustness against censorship, against control, and against monitoring. Now, for some bewildering reason, we want to discard the robustness of decentralization and put all our eggs in one basket. I do not understand why everyone prefers that.
What about contacts graph? (Score:5, Insightful)
Contents are private, post office does not read it, and you need a warrant from a court to intercept and read mail, so google demands a warrant for contents of email. OK fine.
Now, in each letter, the from address and the to address are open in the public. Technically the post office could build a graph of who communicates with who and how frequently using just the public information. But it is expensive, painful and so USPS does not do it. Or I think it does not do it. But it is trivial for gmail to build all people who correspond with me, and rank them by the frequency of communication. In fact it already does, it suggests a CC list based on the addresses in the To list. Is it considered public information? Would google share it with the government without warrant? Or would it require a warrant?
Unless, of course, they get a Patirot Act request (Score:3, Insightful)
Patriot Act federal requests do not require a warrant and cannot be reported when served against a company like Google when serviced. Even A fast Google search reveals dozens of specific instances of Patriot Act abuse, and the law itself at http://www.fincen.gov/statutes_regs/patriot/ shows that it wildly exceeds any sane Constitutional interpretation.
Similar abusive laws in other countries mean that Google, forced to follow local law enforcement in numerous countries, is wide open to abusive but legal requests for private content. There seems to be no sign that they do more than provide more than the slightest lip service to genuine privacy concerns, and many of their business modes are based on *selling* information about their customers.
Re:service centralization = bad idea (Score:5, Insightful)
I do not understand why everyone prefers that.
I wanted to run my own email server. However, I do not do IT for a living. That's not a problem, most people say, email servers are simple. I agree, opening up the port and running a server would be simple, but what would crush me is trying to keep that server secure, and my email mostly free from spam.
I just don't have the time to setup the server properly, with subscriptions to spammer blacklists, maintaining security patches, and the whole slew of work required to make that simple email server something that would work for me.
I found that my old gmail account generally worked well with regard to keeping spam away from my account, and I never had to worry about making the server secure. So I signed up for google apps (back when it was free for small users), and setup my domain to use google to host my email.
Now I have all the email addresses I want, associated with my domain, and google handles ALL the annoying work of maintaining the server, handling security, general administration and so on. I can be reasonably assured that whenever I want to access my email, I will be able to via a simple web browser. I don't need to worry that my ISP is crappy, or blocking me, or that I had a power outage at my home.
For me, that amount of time savings and convenience is well worth the tradeoff that someone in the government could gain access to that specific email address' contents.
And most importantly, nothing prevents me from creating or using a throw-away email address on another site if I wanted more obscurity. Privacy, unfortunately, requires a proactive effort, but the benefits I receive from a centralized, managed, and to date uncensored email service currently far outweighs the current drawbacks. If that ever shifts in the other direction, as I mentioned, nothing is really preventing me from just dropping google.