Google Halts Gmail Scanning for Education Apps Users

itwbennett (1594911) writes "Google will no longer scan the email messages of students and other school staff who use its Google Apps for Education suite, exempting about 30 million users from the chronically controversial practice for Gmail advertising. In addition, Google is removing the option for Apps for Education administrators to allow ads to be shown to their users. Until now, ads were turned off by default, but admins could turn on this feature at their discretion. A Google spokesperson called the move part of a 'continued evolution of our efforts to provide the best experience for our users, including students' and not a response to a recent lawsuit alleging that by scanning Gmail messages Google violated wiretapping laws and breached users' privacy."

Re:Scanning

[bmo]

>It feels like an invasion of privacy.

Then use someone else.^1 It's not difficult.

If you don't know that there are other email providers or that you can set up your own mail server, then the problem lies with /you/, not Google.

But that's only the beginning. If you don't want people looking at your stuff, encrypt it. Email is a postcard without any ability to put an "envelope" around it except full-on encryption. Otherwise /anyone/ in the RECEIVED: chain and Tinfoil Agencies can read it.^2

Sorry, but your argument is invalid.

--
BMO

Footnotes:

1. My oldest active email address is literally in someone's basement on their LAN. For 18 years, roughly.

2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.

Re:Scanning

[BasilBrush]

2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.

It's neither idiotic, nor dumb. The way email works might be part of your specialist knowledge (and mine and most people who read slashdot). But that doesn't mean that perfectly intelligent people in other domains know how email is implemented. If you took a survey of doctors or architects or humanities professors, then probably a minority would know about the plaintext transport of email, They are not stupid people, they just know about different things. And many things that they know about you don't. But they are not calling you an idiot.

When we criticise the bad behaviour of tech companies, we do it for EVERYONE, not just for computer geeks. People without this specific field of interest don't deserve to have their lack of specialist knowledge taken advantage of any more than they deserve to be called idiots by the likes of you.

Re:

[CronoCloud]

So, how would you prevent them from using email?

You don't.

That'd be an easier solution than getting every email provider and every server in the transportation chain (including local area networks) to never look at the messages.

Let them. http://www.gnupg.org/ [gnupg.org]

-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQEMAyC/fm5RhHydAQgAiDnkR3bTq3oU+7y/7WMcvH1/5yfgRdYWC+xu23RXTZvu gbDcg5TA7JNhM8ePB78mmayn0TxWNKJX0vao5qMmi7sZuRI2ILIbFIsvUOLx5ORo gIcLxlLiEKeyjAXwBEc2FASiOGsI83h7HBFWep0MjJSjumXXHWPipQj4WcAhZRlS Y6cPPn8z5Hc+eQVlfMpkpTWbtyOGc41UzBe8U5xt7MzNFjGK/ISAhaqSkwZ+UxOV HmjIUo+Ud1/5PPmLHipaOz2AC4CCecz8/HL6ZHBMKM4ejrKqquL6ZWv5rrGJTKc/ 5plI36As/BQ3qjDG4J462QLJGIp4DLkMlGzB+NnwMdKSAceQglrywpqXm/IL/k28 WTWjGyYiEeGhbhNdWsF0GdXplbA5v

Re:

[bmo]

The way email works might be part of your specialist knowledge

Every internet guide for "Dummies" since the dawn of time/the Internet says that email is no more than a postcard.

It's not "specialist knowledge.

Encryption for email is the rough equivalent of using https to access a web page, or WPA encryption at the router, which many "neophytes" know about already. If your mind flies away from your skull and disappears when encryption is mentioned in conjunction with email, the problem lies with your inabilit

Re:

[BasilBrush]

I think you just continued to demonstrate that you don't understand the world of ordinary people. (i.e. non-geeks).

After two decades of people simply refusing to listen, my conclusion is that the problem lies with them, and not me.

Actually of course the problem lies with the geeks of the internet failing to implement a more secure email standard, when they recognised that was needed.

Re:Scanning

[nblender]

Then use someone else.^1 It's not difficult.

Many schools now use Google apps for students. That includes Gmail, Drive, and productivity apps. My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students... So "use someone else" is a nice generalization but not always an option... That's why I'm happy to see this.

fwiw, personally, I have always run my own mailserver/webserver/dns.

Re:

[K. S. Kyosuke]

My son is required to hand his assignments in via Google Drive

What happened to paper?

Re:Scanning

[nblender]

The dog ate it.

Re:

[immaterial]

Teachers don't want your essays on paper, that would make it impossible (ok, very difficult) for them to use automated grading [slashdot.org] or at the very least automated plagiarism detection. Everything must be submitted digitally nowadays.

Re:

[K. S. Kyosuke]

Teachers can go fuck themselves, then. Or simply use a scanner. I'm not going to be treated like a criminal by some lazy fat-ass. This simply won't fly around here anyway. Hooray for conservative Europe.

Re:

[nblender]

My son uses my mail server for personal mail.

Re:

[BitterOak]

My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students...

I can certainly understand a university requiring gmail to communicate with teachers, but I've never heard of a university requiring students to use gmail to communicate with fellow students. Does that mean that if I become friends with someone in one of my classes I cannot use any e-mail system other than gmail if I want to make plans with them? That sounds like a huge invasion of privacy, and frankly, I'm not even sure how this rule would be enforced.

Re:Scanning

[beezly]

I've been involved in negotiations with a couple of contracts relating to Google Apps for Enterprise/Education.

In each one, the "scanning" has been explicitly mentioned in the contract. In each one, scanning for the purposes of advertising has only happened if the domain administrator allows it to happen. If it is turned off, Google will not scan mail for the purposes of advertising content.

There are of course other reasons why google will scan your email. Spam/Antivirus filtering and indexing to enable search functionality are two that come to mind.

Basically, all Google have done is remove the domain administrators ability to allow ads, and I'm not aware of anyone I know who used Google Apps for Education/Enterprise with it turned on anyway.

Re:

[gnupun]

Whether it's the message or the subject, they shouldn't do this.

If you leave it open, someone (email provider) will read it. Why was the email protocol designed as an open postcard service (no privacy) instead of a sealed envelope (some privacy) service?

Re:

[Immerman]

Perhaps the fact that the internet was initially conceived of as a method for educational institutions to quickly exchange communications and research data? A situation in which privacy had very limited application, and the demands of delivering it were prohibitively costly - remember, at the time individuals didn't own computers, the entire processing capacity of the MIT, Harvard, etc. computer department was considerably smaller than your smart phone possess today, and encryption is computationally expen

Re:

[bill_mcgonigle]

They've been talking about doing end-to-end encryption in the browser. That's incompatible with ad scanning, so this is one foot forward in that direction.

Googlers are still really ripped about PRISM. They were naive, but no longer.

Re:

[gstoddart]

They've been talking about doing end-to-end encryption in the browser. That's incompatible with ad scanning, so this is one foot forward in that direction.

Is it really incompatible with ad-scanning?

If I'm end-to-end encrypted in my connection between my browser and Google, in the back end, Google still has everything in the clear don't they?

If I send to another Gmail user, they may also have end-to-end encryption between themselves and Google, but again, Google has everything in the clear.

Unless you're talk

Also business and gov't accounts

[QuasiSteve]

Google will also soon stop scanning the accounts of Google Apps customers with Business, Government and legacy accounts for the free version.

- http://techcrunch.com/2014/04/... [techcrunch.com]

Re:

[Barryke]

Indeed, so it seems. Media says so, but i did not see this news outed officially by Google yet.

I read this at http://tweakers.net/nieuws/957... [tweakers.net]
which cited http://techcrunch.com/2014/04/... [techcrunch.com]
but that lacks source, i for one did not find the original Google statement regarding business anywhere.

If true, i guess the gmail PGP they considered made it impossible to scan the emails anyway, so they might as well make a big deal out of it. First education ofcourse, it'll simplify that lawsuit and all. http://www.edwe [edweek.org]

New Google Mission Statement

[BasilBrush]

New Google Mission Statement: "Don't continue to be evil after we've been called out on it in the tech press."

Re:

[93 Escort Wagon]

New Google Mission Statement: "Don't continue to be evil after we've been called out on it in the tech press."

More like "don't continue to be evil after being called out on it in court [wsj.com]".

Seriously - how does the fact Google got sued over the practice not get mentioned here?

Missing an important information...

[fph il quozientatore]

The summary should read

Google will no longer scan the email messages of students [...] for advertising purposes

. The Google blog post does not mention other types of scanning (neither to confirm or deny their existence, nor to announce that they will cease).

Re:

[Archangel Michael]

As an email administrator, all good administrators scan email. This is done for Spam filtering as well as things like Virus protection, archiving/indexing (Freedom of Information Act). Most of it is automated and humans are almost never involved in reading email. At this Macro level, I have but only one reservation, at any point humans can become involved. This includes Gmail's scanning for advertisements.

The issue isn't the scanning, it is the abuse (potential) of humans inserting themselves into the proce

Re:

[Charliemopps]

Yes, but what google is likely doing is scanning email for aggregate data. For example, I'm fairly certain Google and Facebook know before all of us who's going to win elections.

Re:

[Archangel Michael]

So does Nate Silver. But while he was the darling of the left a couple years ago, his current predictions have them steaming mad. ;)

Re:

[Spamalope]

The issue isn't the scanning, it is the abuse (potential) of humans inserting themselves into the process to data mine on SPECIFIC users, without any other controls in place. I don't care about my data being aggregated, I care about my data being mined to be used against me. Given enough data, all of us are vulnerable.

Technology isn't the problem. It never was. The problem is humans, and always will be.

How much are the emails of your competitor's best salesmen worth to you? What if they were scanned to forward only those between him and his customers? What if you got alerts when a new prospect emailed? There is so much profitable data in email if only you fully monetize it! (and resell it through a Business Intelligence '3rd party' so you can claim to be the victim when caught!)

Re:

[mysidia]

How much are the emails of your competitor's best salesmen worth to you?

How do you know who your competitor's best salesman is? Why don't you just hire them with an offer they can't refuse?

Re:

[Archangel Michael]

If you actually tried to comprehend my point, I covered your case. I care about data being mined being used against me (best salesman's email) aggregating data will not poach your salesman, that would take human intervention. Google isn't selling the Salesman's Email (yet) .

Re:

[Spamalope]

The summary should read

Google will no longer scan the email messages of students [...] for advertising purposes

. The Google blog post does not mention other types of scanning (neither to confirm or deny their existence, nor to announce that they will cease).

Facilitating scanning for any purpose by '3rd parties' is still on the table too.

Stupid Lawsuit. It's not wiretapping

[Anonymous Coward]

It's not wiretapping because you give consent to the scanning when you sign up for their FREE email account.

If you want privacy, get an email service that features it. Don't expect privacy when you willfully opt-in.

Re:

[jeffb (2.718)]

Kindergarten through high school students typically aren't old enough to give legal consent.

I'm quite sure that this decision came not out of Google's corporate heart, but out of its legal immune system.

Re:

[immaterial]

No, but their parents are. The parental authorization for Google Apps for Education comes home with all the rest of the paperwork at the beginning of the school year here.

Re:

[L4t3r4lu5]

In loco parentis. The school picks the provider based upon whatever guidelines they are required to adhere to. Attending the school requires using the school's services, whomever provides them. It's likely that the parents don't even know the kids have a school email account, never mind who hosts the service.

Re:

[Virtucon]

Of course we all know there's incentives provided to school districts and Google of course gets more subscribers, more accounts and more hooks into the kids. I doubt 90% of the parents even know what apps or access their kids have while at school. I do because my kids have been hacking the firewalls for years so I routinely get a "your son/daughter has been violating school policy.... blah blah blah" I retort "fix your insecure shit, they're providing vulnerability testing services to you for free!"

Re:

[immaterial]

It's likely that the parents don't even know the kids have a school email account, never mind who hosts the service.

You say that in response to me pointing out my local schools send and authorization form to parents...? I doubt there's a school anywhere that's stupid enough to give kids an email address without parental permission and signing of a waiver. All it takes is one precious snowflake unexpectedly getting porn spam and the school is in hot water. In loco parentis doesn't mean schools can do whatever they want.

Re:

[BradMajors]

Persons who don't have a gmail account, but send an email to a gmail account never consented to have their email scanned. The wiretapping laws in some states require the consent of both parties.

Re:

[tlhIngan]

It's not wiretapping because you give consent to the scanning when you sign up for their FREE email account.

Works for one-party consent, but two-party, not so much.

Which was the basis of several lawsuits - basically if you're a sender, who doesn't agree to Google's ToS, are still bound by them by sending an email to a Google Mail user.

We used to joke about "Reading this comment means you pay me $10", but it's basically the same thing - suddenly doing something "normal" (like sending an email) can bind you l

Re:

[hendrips]

Not just that, but Gmail educational accounts usually end in @Name_Of_Institution. So, even if you could make the dubious argument that the sender is responsible for knowing Gmail's terms if they want to send email to a Gmail recipient, there's no way to know that the recipient uses Gmail.

Good start, but.....

[Jason Heiken]

How about allowing schools to use the old HTTP for searches instead of enforcing the HTTPS. All it does is bring an added expense into the district for me to filter the SSL searches to keep kids from accessing images that they shouldn't. By forcing all searches through SSL, filters can no longer be applied to the encrypted data without using some form of DPI-SSL. We don't host our own DNS, so adding nossl to the DNS CNAME won't work. Thanks Google for making it more expensive to be CIPA compliant.

Big whoop

[Ultra64]

Oh noes! A computer program is going to scan my email for keywords and show me relevant ads??

The horror.

Continued Evolution

[Virtucon]

Bullshit, it's called getting the legal screws applied to your nuts [thinkprogress.org], not some change of heart concerning privacy by Google. They're facing multiple lawsuits and they're making concessions that they know they'll have to implement anyway. I'm hoping Judge Koh throws the book at these hypocrites.

F*ck Google Apps

[Swampash]

Moved three domains already over to Outlook.com.

Nobody complains about spam filters!

[wealthychef]

When you enable spam filtering in Google, the spam filter "reads all your email" in exactly the same way the "invasive" practice from this lawsuit does. It just does it to serve Google and not the user. You have no privacy on the Internet unless you encrypt your traffic, and not even then if the NSA has their way. Until people get that, they should assume that people are "reading" their messages.