Content moderation at scale is impossible. This time, it’s email content moderation. This week a new publication called The Markup launched. It’s a super smart group of folks who are doing deep data-driven investigative reporting of companies in and around the tech space — and I’m very excited to see what they do. I was going to write about the project overall and its goals, but instead I’m going to write about one of its first stories, done in partnership with the Guardian, entitled Swinging the Vote?, and which looks at Gmail’s filtering system, specifically as it regards political emails from Presidential candidates.
A few years back, Google added the “Promotions” tab to Gmail, as a way of hopefully, automagically sorting not-quite-spam emails, but general promotional emails that you probably don’t want cluttering up your inbox. Personally, I don’t use it, as I use a different filtering setup entirely that overrides Gmail’s defaults. However, for many people it’s proven to be quite useful. The reporters at The Markup conducted a worthwhile experiment:
The Markup set up a new Gmail account to find out how the company filters political email from candidates, think tanks, advocacy groups, and nonprofits.
We found that few of the emails we?d signed up to receive ?11 percent?made it to the primary inbox, the first one a user sees when opening Gmail and the one the company says is ?for the mail you really, really want.?
Half of all emails landed in a tab called ?promotions,? which Gmail says is for ?deals, offers, and other marketing emails.? Gmail sent another 40 percent to spam.
Very interesting! What was perhaps even more interesting was the chart — which quickly rocketed around social media — showing that some candidates had their emails go into the Primary Inbox at a much, much higher rate than others:
You’ll notice a few standouts. 63% of Pete Buttigieg’s emails made it to the Inbox, as did 47% of Andrew Yang’s. Everyone else was much closer to 0% with quite a few — including both Elizabeth Warren and Joe Biden — at 0%.
The reporters at The Markup also published a companion piece that gives the details of how they went about doing this research and (yes!) they even provide the data and the code on Github. This is a fantastic and transparent way of doing such journalism — and I applaud them for that.
However, the very framing of the original story itself… is problematic. It’s one thing to be open about how you conducted the research. But starting with a title like “Swinging the vote” and highlighting the chart above almost immediately resulted in lots of people on Twitter assuming (or suggesting) that Google was doing this deliberately, and that they were purposely making the decision to tilt the playing field towards Buttigieg. This includes vocal big tech critic Roger McNamee, who declared this was evidence that “Gmail has its thumb in the scale.” Another Google critic, who is fond of misleading conspiracy theories about the company, called it “election meddling” and claims that Google was giving certain candidates “special treatment.”
Except… that’s almost certainly not the case. No one at Google on the Gmail spam team is thinking about promoting one Presidential candidate over another. Instead, this is just yet another example of Masnick’s Impossibility Theorem, but applied to email moderation, rather than social media. Content moderation at scale is impossible to do well and will always piss off some people.
Indeed, looking over the data, the most obvious and most likely solution is simply this: Buttigieg and Yang hired competent email marketers who know how to craft emails that are (1) less likely to trigger the algorithm, and (2) less likely to be clicked on as spam by users (an important signal that feeds back into the algorithm). The rest of the candidates… did not. And thus, their emails went to the promotions and spam folder because they had characteristics that are more closely associated with promotions and spam. And, yet, The Markup story doesn’t bother to get into any of that — and thus leaves the speculation wide open, allowing plenty of folks to leap in.
Again, I’m super excited about The Markup as a project and believe it will put out plenty of important and impactful journalism in the days, weeks, months and years to come. I recommend people read over The President’s Letter from the site’s President Nabiha Syed (a past podcast guest) and Editor’s Letter from Julia Angwin — both of which present a compelling vision of what The Markup will be.
But this story shows how important context is in presenting a story. This is a data driven story — which is great. But if the necessary context is not provided, especially on a topic so fraught with speculation, people are going to rush in and jump to conclusions. The Markup itself did not directly say that Google was doing this deliberately, but its total failure to suggest why this might be happening, along with a cringe-worthy headline, opened the door for others to jump in and assume as much — and that’s a shame.
Christopher Clay alerts us to the latest Google Derangement Syndrome from an EU Bureaucrat. Last year, we noted that various EU politicians kept insisting that all of the complaints about their awful plan were due to Google lobbying and astroturfing — when the reality showed that nearly all of the lobbying came from legacy copyright players.
However, German MEP Sven Schulze must have thought he was really on to something in claiming he had real proof of Google astroturfing. In a tweet (in German) he claimed that because all of the complaints he’s getting seem to come from people with Gmail addresses, it’s proof of fakery. No, really. Here’s a translation (courtesy of Google, of course) of his tweet:
Now coming back every second of messages about # upload filter & # Article 13 pure. Apart from the fact that these contents are not correct, ALL come from # Gmail accounts. ?Man # google , I know that you are angry, but ye have this # fake really necessary action?
Really now? Perhaps Schultze is unaware that (as of the most recent public stats), Gmail is used by 1.5 billion people. These days, it’s pretty typical for lots and lots of people to use Gmail as their personal (and often professional) email address. To claim that seeing Gmail emails proves Google is astroturfing is… nutty. And, it would appear that Schulze’s followers recognize just how idiotic this looks.
As several subscribers to our Techdirt Daily Newsletter have pointed out to us, Thursday morning’s edition was flagged by Gmail with the following warning:
“Be careful with this message. It contains links to websites hosting malware.”
Of course, being a collection of the previous day’s Techdirt posts, the Techdirt Daily email contains many, many links. Also, as it is something of a Techdirt policy to not spread malware to our readers, our writers are generally careful about the sites they link to in their posts. So, trying to track down which link might be to a site Google deems suspicious seemed daunting. But it turns out we didn’t have to look any further than the third post to figure out what happened, the title of which conveniently contains the word “malware.” Within that post, Tim Cushing included the domain name of a site that has been known in the past to distribute malware (in addition to squatting on a domain using the Electronic Frontier Foundation’s name). It appears Google took that unlinked mention of the domain name as Techdirt carelessly endangering the digital lives of our newsletter subscribers, and stepped in to protect those subscribed via Gmail by throwing up the scary red warning banner and squashing every link in the email (even the unsubscribe link!).
While it’s nice that Google tries to look out for its users by preventing them from inadvertently downloading malware, their approach is a bit over the top. First, if Google can detect which links in an email may be hazardous, why not just unlink or censor those particular links? And, in this case, the “link” in question didn’t even exist. Google should be able to detect that and realize that no, we’re not sending our readers to their doom. It seems obvious that Google should be able to handle this type of thing in a much more sophisticated way — and you’d think that it would want to do so. People trust Google and many people use its products, and when it makes mistakes like this, it can cause real reputational harm.
The sometimes blisteringly-inane hype surrounding the “Internet of Things” appears to be on a collision course with the sophomoric security standards being employed in the field. As we’ve seen time and time again, companies were so bedazzled by the idea of connecting everything and anything to the Internet (your hat! your pants! your toilet!) they left device and network security as an afterthought — if they could be bothered to think about it at all. The result has been smart TVs that share your personal conversations, vehicles that can easily be used to kill you, and a home full of devices leaking your daily habits.
The latest example comes again via Samsung, whose “smart” refrigerators aren’t so smart. While Samsung’s shiny new refrigerators connect to the Internet, can display your Google Calendar and implement SSL, hackers during a challenge at the recent DEFCON found the refrigerators fail to validate those SSL certificates. That opens the door to all kinds of man-in-the-middle attacks, potentially allowing your neighbor to steal your Gmail login information while sitting on his couch next door:
“The internet-connected fridge is designed to display Gmail Calendar information on its display,” explained Ken Munro, a security researcher at Pen Test Partners. “It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”
On the plus side, this vulnerability was found after Samsung invited hackers to try and find vulnerabilities in the system, showing some proactive thinking. On the flip side, this is the same company whose “smart” TVs were found to be happily sending living room conversation snippets unencrypted over the Internet — so it’s not always clear Samsung listens to feedback, or how many bugs and vulnerabilities go unnoticed. Regardless, the researchers’ blog post has a little more detail, noting they may have also found some vulnerabilities in the app’s encrypted communication stream with the refrigerator.
These endless IOT security issues may have the opposite effect of that intended: actively marketing the need for many devices to be dumber. And those dumb devices are getting harder to find. Many of the latest and greatest 4K television sets, for example, simply can’t be purchased without intelligent internals that integrate functionality the user may not want. So while Wired magazine’s endless 1990’s obsession with intelligent refrigerators may have finally come to fruition, they may be unwitting pitchmen for how sometimes it’s better for things to simply remain utterly analog — and beautifully, simply stupid.
Five years ago, we wrote a story about how Rockey Mountain Bank in Wyoming accidentally sent a bunch of confidential information to the wrong Gmail account, then took Google to court to try to find out who received the email. Google demanded a court order first, leading a judge to (ridiculously) order the company to shut down the entire email account. It appears that something somewhat similar may have just happened with a more recognizable bank name: Wall Street giant Goldman Sachs went to court recently to order Google to delete an errant email containing confidential client information. According to the filing (which most news sites haven’t posted, for reasons unknown):
On June 23, 2014, an employee of the consulting firm was testing changes to
Goldman Sachs?s internal reporting and validation process. The employee intended to send a
copy of the internal report to the email address provided to her by Goldman Sachs, which is in
the form ?[first name].[last name]@gs.com,? but instead mistakenly sent a copy of the internal
report to an address in the form ?[first name].[last name]@gmail.com.? She is not the owner of
the gmail address.
The mistakenly sent email contains certain account and client related information
(the ?Confidential Client Information?). Goldman Sachs?s clients have a right to maintain the
confidentiality of the Confidential Client Information. Furthermore, Goldman Sachs has an
obligation to protect the privacy of its customers? confidential information.
Goldman Sachs has made efforts to retrieve, have deleted or otherwise protect the
mistakenly sent Confidential Client Information. As part of those efforts, on June 26, 2014,
Goldman Sachs sent an email to the gmail address to which the information was mistakenly sent
requesting that it be promptly deleted and that the recipient confirm in writing that s/he had done
so. There has been no response.
Goldman also contacted Google directly, and as in the Rocky Mountain case, Google told Goldman to go to court first. Late yesterday, Goldman Sachs noted that Google has told the company that it has blocked access to that particular email and that the email in question had not yet been accessed by anyone. It appears that Google did this despite the lack of a court order, which may seem a bit questionable. Given the nature of the situation, and the fact that Goldman has actually gone to court and requested this, it does seem a bit more reasonable that Google agreed to at least temporarily block access to that particular email until a court decides if it needs to continue blocking it permanently.
Back in December of 2012, we wrote about (and agreed with) Julian Sanchez’s suggestion that Google should do end-to-end encryption of emails, even if it (only slightly) mucked with its advertising business model. The impact on overall security would be great (and this was before the Snowden revelations had even come out). As Sanchez pointed out, not only would this (finally) drive more widespread adoption for email encryption, it would create enormous goodwill among privacy advocates. About six weeks ago, we mentioned this again, when it was rumored that Google was trying to make encrypted email easier, though it was said that it wouldn’t go “site-wide” on end-to-end encryption.
A new blog post on the Google blog* has now detailed at least some of Google’s plans, including offering a new End-to-End Chrome extension that will make it much easier for anyone to send and receive encrypted email messages. This is a big step forward, and hopefully shows how serious Google is about actually encrypting messages, rather than leaving them open for snooping.
This announcement came along with adding a new section to Google’s famed transparency report, entirely focused on email encryption in transit, which will hopefully increase the use of Transport Layer Security (TLS) from other email providers out there. In the initial report, Google notes that 65% of outbound messages on Gmail to other providers use TLS, while 50% of inbound messages use TLS (over the last 30 days). And, more importantly, it highlights who supports TLS… and who doesn’t (Comcast seems to be a shameful leader on that front). With some transparency, hopefully it will lead more email providers to adopting TLS.
* For the sake of full disclosure, the author of the blog post on Google’s site is an old friend of mine, whom I’ve known for nearly 20 years (I feel old), since long before he worked at Google. I had no idea he was working on this and actually haven’t spoken to him in probably a year or two (because life happens). I didn’t find out about it from him, but from people talking about it on Twitter.
About six months before Ed Snowden leaked his documents, we had written a post about why Google should encrypt our email, based on a bit of back-and-forth between Julian Sanchez, arguing why Google should encrypt all email, and Ed Felten, who noted it’s not as easy as it sounds (though Julian highlighted how none of the problems Felten raises are insurmountable). There are, of course, already ways that you can add PGP encryption to Gmail, with tools like Mailvelope, but it can be a little kludgy, and not exactly foolproof. Still, many have insisted that Google would never go this route, since it would limit the company’s ability to target ads based on the contents of email.
However, VentureBeat is reporting that, partly inspired by all of the Snowden revelations, researchers at Google are looking at ways to make encryption much easier within Gmail. While the report suggests that Gmail won’t go site-wide end-to-end encryption, anything it does to bring real encryption more into the mainstream would be a good thing — though it might make the NSA and DOJ freak out. But, as we’ve seen, well-done crypto does work. The problem is that so much crypto is not particularly well implemented, leading to all sorts of leaks. Still, it’s encouraging to hear that Google is working on something, and hopefully it releases something that is both user-friendly and open to some sort of audit to ensure that it’s safe.
A few weeks ago, we wrote about a troubling ruling by Judge Lucy Koh, in which she accepted the argument pushed by a group called Consumer Watchdog (which is basically an anti-Google organization focused on misrepresenting Google at every opportunity) that Google’s Gmail conducted some sort of illegal wiretap when its computers scanned incoming emails to put relevant ads next to it. As we noted, if having a computer scan your email is illegal wiretapping, then pretty much any anti-spam software is also an illegal wiretap. The whole concept is really ridiculous. If you send me a mail, you are granting permission for me to view that mail however I wish to view it — and if that includes reading it via Gmail and having its automated computers put ads next to it, then that’s the price you pay.
Unfortunately, with Judge Koh unwilling to recognize this basic concept, it’s now open season on email providers. A very similar lawsuit has now been filed against Yahoo, and I’m sure it won’t be the last one.
The whole situation is screwed up beyond belief. Eric Goldman’s comments on the original lawsuit against Google are completely on point here. Not only does this ruling show how totally screwed up ECPA (the Electronic Communications Privacy Act) is, but the whole thing may lead to making just about everyone a hell of a lot worse off. Goldman notes why Judge Koh’s ruling is almost certainly incorrect under the law: algorithmic processing of content isn’t considered interception under the law; the ruling could certainly apply to anti-spam/anti-virus/spell-checking services and more; email providers have been doing this for ages, so where’s the statute of limitations; and what actual harm was caused to people who had their email scanned?
But he concludes it with this plea for sanity to the likes of Consumer Watchdog:
PLEASE PLEASE PLEASE don’t take away my Gmail account. It has materially improved my life, and I hope and pray that I’m not downgraded into some second-rate email account due to this litigation.
Indeed. It leaves me wondering what “consumers” Consumer Watchdog is looking out for, because it’s not me, and it doesn’t appear to be the many many millions of people who use a variety of different webmail services quite happily — because it improves their lives. I don’t want a group (especially one prone to blatantly misrepresenting reality) to break email for me. That’s not being a watchdog, it’s being an authoritarian dipshit, arguing that millions of people around the world should be worse off because this one group thinks it knows best.
My goodness. Yesterday we posted about Rep. Louis Gohmert’s incredible, head-shakingly ignorant exchange with lawyer Orin Kerr during a Congressional hearing concerning “hacking” and the CFAA. In that discussion, Gohmert spoke out in favor of being able to “hack back” and destroy the computers of hackers — and grew indignant at the mere suggestion that this might have unintended consequences or lead people to attack the wrong targets. Gohmert thought that such talk was just Kerr trying to protect hackers.
I thought perhaps Rep. Gohmert was just having a bad day. Maybe he’s having a bad month. In a different hearing, held yesterday concerning ECPA reform, Gohmert opened his mouth again, and it was even worse. Much, much worse. Cringe-inducingly clueless. Yell at your screen clueless. Watch for yourself, but be prepared to want to yell.
The short version of this is that he seems to think that when Google has advertisements on Gmail, that’s the same thing as selling all of the information in your email to advertisers. And no matter how many times Google’s lawyer politely tries to explain the difference, Gohmert doesn’t get it. He thinks he’s making a point — smirking the whole time — that what Google does is somehow the equivalent of government snooping, in that he keeps asking if Google can just “sell” access to everyone’s email to the government. I’m going to post a transcript below, and because I simply cannot not interject how ridiculously uninformed Gohmert’s line of questioning is, I’m going to interject in the transcript as appropriate.
Rep. Gohmert: I was curious. Doesn’t Google sell information acquired from emails to different vendors so that they can target certain individuals with their promotions?
Google lawyer whose name I didn’t catch: Uh, no, we don’t sell email content. We do have a system — similar to the system we have for scanning for spam and malware — that can identify what type of ads are most relevant to serve on email messages. It’s an automated process. There’s no human interaction. Certainly, the email is not sold to anybody or disclosed.
Gohmert: So how do these other vendors get our emails and think that we may be interested in the products they’re selling.
Okay, already we’re off to a great start in monumental ignorance. The initial question was based on a complete falsehood — that Google sells such information — and after the lawyer told him that this is not true, Gohmert completely ignores that and still asks how they get the emails. It never seems to occur to him that they don’t get the emails.
Google lawyer: They don’t actually get your email. What they’re able to do is through our advertising business be able to identify keywords that they would like to trigger the display of one of their ads, but they don’t get information about who the user is or any…
Gohmert: Well that brings me back. So they get information about keywords in our emails that they use to decide who to send promotions to, albeit automatically done. Correct?
NO. Not correct. In fact, that’s the exact opposite of what the lawyer just said. Gohmert can’t seem to comprehend that Google placing targeted ads next to emails has NOTHING to do with sending any information back to the advertiser. I wonder, when Rep. Gohmert turns on his television to watch the evening news, does he think that the TV station is sending his name, address, channel watching info, etc. back to advertisers? That’s not how it works. At all. The advertisers state where they want their ads to appear, and Google’s system figures out where to place the ads. At no point does any information from email accounts go back to anyone. And yet Gohmert keeps asking.
And not understanding the rather basic answers. Unfortunately, the lawyer tries to actually explain reality to Gohmert in a professional and detailed manner, when it seems clear that the proper way to answer his questions is in shorter, simpler sentences such as: “No, that’s 100% incorrect.”
Lawyer: The email context is used to identify what ads are most relevant to the user…
Gohmert: And do they pay for the right or the contractual ability to target those individuals who use those keywords?
Lawyer: I might phrase that slightly differently, but the gist is correct, that advertisers are able to bid for the placement of advertisements to users, where our system has detected might be interested in the advertisement.
Gohmert: Okay, so what would prevent the federal government from making a deal with Google, so they could also “Scroogle” people, and say “I want to know everyone who has ever used the term ‘Benghazi'” or “I want everyone who’s ever used… a certain term.” Would you discriminate against the government, or would you allow the government to know about all emails that included those words?
Okay, try not to hit your head on your desk after that exchange. First, he (perhaps accidentally) gets a statement more or less correct, that advertisers pay to have their ads show up, but immediately follows that up with something completely unrelated to that. First, he tosses in “Scroogled” — a term that Microsoft uses in its advertising against Gmail and in favor of Outlook.com — suggesting exactly where this “line” of questioning may have originated. Tip to Microsoft lobbyists, by the way: if you want to put Google on the hot seat, it might help to try a line of questioning that actually makes sense.
Then, the second part, you just have to say huh? The lawyer already explained, repeatedly, that Google doesn’t send any information back to the advertiser, and yet he’s trying to suggest that the government snooping through your email is the same thing… and Google somehow not giving the government that info is Google “discriminating” against the government? What? Really?
Lawyer [confounded look] Uh… sir, I think those are apples and oranges. I think the disclosure of the identity…
Gohmert: I’m not asking for a fruit comparison. I’m just asking would you be willing to make that deal with the government? The same one you do with private advertisers, so that the government would know which emails are using which words.
Seriously? I recognize that there are no requirements on intelligence to get elected to Congress, but is there anyone who honestly could not comprehend what he meant by saying it’s “apples and oranges”? But, clearly he does not understand that because not only does he mock the analogy, he then repeats the same question in which he insists — despite the multiple explanations that state the exact opposite — that advertisers get access to emails and information about email users, and that the government should be able to do the same thing.
Lawyer: Thank you, sir. I meant by that, that it isn’t the same deal that’s being suggested there.
Gohmert: But I’m asking specifically if the same type of deal could be made by the federal government? [some pointless rant about US government videos aired overseas that is completely irrelevant and which it wasn’t worth transcribing] But if that same government will spend tens of thousands to do a commercial, they might, under some hare-brained idea like to do a deal to get all the email addresses that use certain words. Couldn’t they make that same kind of deal that private advertisers do?
Holy crap. Gohmert, for the fourth time already, nobody gets email addresses. No private business gets the email addresses. No private business gets to see inside of anyone’s email. Seeing inside someone’s email has nothing to do with buying ads in email. If the government wants to “do the same deal as private advertisers” then yes it can advertise on Gmail… and it still won’t get the email addresses or any other information about emailers, because at no point does Google advertising work that way.
Lawyer: We would not honor a request from the government for such a…
Gohmert: So you would discriminate against the government if they tried to do what your private advertisers do?
No. No. No. No. No. The lawyer already told you half a dozen times, no. The government can do exactly what private advertisers do, which is buy ads. And, just like private advertisers, they would get back no email addresses or any such information.
Lawyer: I don’t think that describes what private advertisers…
Gohmert: Okay, does anybody here have any — obviously, you’re doing a good job protecting your employer — but does anybody have any proposed legislation that would assist us in what we’re doing?
What are we doing, here? Because it certainly seems like you’re making one of the most ignorant arguments ever to come out of an elected officials’ mouth, and that’s saying quite a bit. You keep saying “private advertisers get A” when the reality is that private advertisers get nothing of the sort — and then you ignore that (over and over and over and over again) and then say “well if private advertisers get A, why can’t the government get A.” The answer is because neither of them get A and never have.
Gohmert: I would be very interested in any phrase, any clauses, any items that we might add to legislation, or take from existing legislation, to help us deal with this problem. Because I am very interested and very concerned about our privacy and our email.
If you were either interested or concerned then you would know that no such information goes back to advertisers before you stepped into the room (hell, before you got elected, really). But, even if you were ignorant of that fact before the hearing, the fact that the lawyer tried half a dozen times, in a half a dozen different ways to tell you that the information is not shared should have educated you on that fact. So I’m “very interested” in what sort of “language” Gohmert is going to try to add to legislation that deals with a non-existent problem that he insists is real.
Gohmert: And just so the simpletons that sometimes write for the Huffington Post understand, I don’t want the government to have all that information.
Rep. Sensenbrenner: For the point of personal privilege, my son writes for the Huffington Post.
Gohmert: Well then maybe he’s not one of the simpletons I was referring to.
Sensenbrenner: He does have a Phd.
Gohmert: Well, you can still be a PHUL.
Har, har, har… wait, what? So much insanity to unpack. First of all, Gohmert seems to think that people will be making fun of him for suggesting that the government should “buy” access to your email on Google. And, yes, we will make fun of that, but not for the reasons that he thinks they will. No one thinks that Gohmert seriously wants the government to buy access to information on Google. What everyone’s laughing (or cringing) at is the idea that anyone could buy that info, because you can’t. No private advertiser. No government. It’s just not possible.
But, I guess we’re all just “simpletons.”
Seriously, however, we as citizens deserve better politicians. No one expects politicians to necessarily understand every aspect of technology, but there are some simple concepts that you should at least be able to grasp when explained to you repeatedly by experts. When a politician repeatedly demonstrates no ability to comprehend a rather basic concept — and to then granstand on their own ignorance — it’s time to find better politicians. Quickly.
Julian Sanchez has put forth an interesting and compelling proposal: if Google really wanted to take a stand in favor of user privacy, it should encrypt all our emails.
Google is in an ideal position to overcome these difficulties, and finally make strong e-mail encryption a mass phenomenon. Their Gmail service—the one David Petraeus was using to exchange steamy messages with his biographer and lover, Paula Broadwell—has some 425 million active users by last count. Many of those users access the service through a Web interface, which Google can change and update for all users simultaneously. That means we could all wake up tomorrow to find a handy new “Encrypt Message” button included in the familiar Gmail interface we’re already using. Meanwhile, Google (along with Facebook) has rapidly become a kind of universal Internet identity provider, with the Google Account used as a key not only to access Google’s own myriad offerings, but many other independent online services as well.
Because truly strong encryption is “end to end”—meaning the end-users generate, store, and have sole access to their own private encryption keys—a robust content encryption system may require users to have appropriate client software installed on their own machines. Here, too, Google is well positioned to provide a solution: They already make a widely-used browser, Chrome, and a popular operating system for mobile devices, Android, which could be updated with the necessary functionality built-in, eliminating the need for a separate browser plug-in.
Of course, as Julian notes, one reason why Google is resisting this is that it would make it more difficult to scan your emails and offer contextual advertising based on what’s in those emails. He notes that Vint Cerf more or less admitted this last year, in noting that it would be a challenge to their business model. But Julian notes that there are other ways to target advertisements (some of which might be more effective) than keying them directly off each email — for example, it can still use your search history, social profiles, Youtube videos, etc. For what it’s worth, in all the years I’ve used Gmail, I don’t recall ever looking at the ads they display — though, obviously, some people out there must click. Also, a point worth noting: Microsoft’s new Outlook.com email system does not scan each email for contextual advertising purposes. If they can do it, it seems silly to argue that Google needs to scan each email. More importantly, Julian isn’t saying that every email should be encrypted — so plenty of messages will still be sent in the clear, and those can be used for contextual ads. And the benefits may outweigh the negatives:
Meanwhile, Google would garner enormous goodwill from privacy advocates, reams of free press coverage, and an attractive new selling point, not only for Gmail but for Chrome and Android as well. Encryption would likely be a particularly appealing feature for Google’s paying enterprise customers, whose messages may contain information that is not only private but highly valuable. At the very least, it’s worth running the numbers again to see whether offering strong encryption might now be a net boon to the company’s bottom line.
Furthermore, he notes that Google can use this to take a real stand against efforts by law enforcement to build wiretapping into email. Those efforts have been going on for a long time, and Google has fought against them in the past. But, he notes, getting people up in arms about the feds taking away something that people already have is a much more powerful motivator than getting them worked up about the feds making it impossible for Google to offer that feature in the future.
Because people are loss-averse, taking away something people already have and value can be all but impossible—while preventing them from getting it in the first place is far easier. By rolling out e-mail encryption now, Google can ensure that ordinary users see myopic efforts to regulate secure communications infrastructure as something that affects all of our privacy and security—not just that of faceless crooks or terrorists.
For what it’s worth, Ed Felten responded to Julian’s proposal by noting a few potential issues with it: (1) managing the crypto keys and cyrpto code would be an issue (would Google also store your key? if so, many of the benefits go away) and (2) there are features that rely on Google being able to see your email. For that latter issue, he notes that beyond just the question of contextual advertising, it could make things like filtering messages more difficult — and that includes for more important filters like spam.
Julian responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or they could offer up third party options (whether local, or some other “cloud” provider, such as Dropbox).
…lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user’s keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it’s accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor
As for the filtering option, he notes that you can still filter based on other metadata, and that most of the encrypted notes are less likely to be spam, since they’re more likely to be used between people who know each other. To avoid the problem of spammers suddenly jumping on the encryption bandwagon, he suggests an option where you might only accept encrypted mail from white-listed addresses.
Some Google haters will insist that Google will never do this because it might diminish the contextual ad business, but as Julian explains (in both links!) that’s not necessarily the case. Furthermore, Google has, in the past, shown that it recognizes that making a goodwill gesture in terms of increasing privacy or better protecting its users can often pay off in much more usage and public goodwill in the long run. As Julian notes: it seems that it’s at least worth running some numbers to see how it might make financial sense to better protect user emails.