Google: Gmail users shouldn't expect email privacy

[wraith808]

That would be a bit more applicable if security is what we were talking about.  Security =/= Privacy, though they have many of the same concerns.

-wraith808 (August 16, 2013, 09:44 AM)

Would you expect any sort of security or privacy with a hand written letter, placed in an unsealed envelope, handed off to a chain of strangers to be finally delivered to its intended recipient (and I am not talking about any government run postal service here)? Any one of the strangers anywhere between you and the recipient could easily snoop on its contents and do whatever they wanted with any info gained from that snooping.

Email is like sending a postcard. There isn't even an envelope.

The only way an email can remain private and secure between point of origin and final destination is if it is encrypted with PGP or something similar.

-app103 (August 16, 2013, 10:15 AM)

Why yes, I would.  And that's the purpose that violating that is a felony. 

My point is, yes... security can make privacy a non-issue.  But privacy is separate.

I put a lock on my door to secure the house.  But even if my door is not locked, someone breaking in is still in violation of the law.  Even if the door is wide open and you walk into my house without invitation, you can be considered in violation of the law.

That's why I say that they are different.  We shouldn't *have* to secure our communications for people to know that if you aren't on end A or end B, it is not for you to look at.

Now, I know reality is different.  But that still doesn't mean we should conflate the two.

[app103]

Why yes, I would.  And that's the purpose that violating that is a felony.

-wraith808 (August 16, 2013, 01:21 PM)

(and I am not talking about any government run postal service here)

-app103 (August 16, 2013, 10:15 AM)

I specifically stated that to indicate that I was not referring to government supplied postal service. If you handed the envelope to your next door neighbor who then handed it to his, and so on, till it got to the other side of town, if anyone snooped into it on the way, it would not be a felony, just as it isn't a felony for you to snoop the traffic that flows through your own server.

And besides, even if you mailed a postcard through government supplied postal service, it's not a felony for every postal worker between the mailbox you dropped it into and the recipient to read it. It's only a felony for someone else (like a neighbor) to break into a mailbox and read the contents, to open a sealed envelope and read its contents, or to steal the mail and prevent it from reaching its intended recipient. And like I said...email is just like sending a postcard.

[wraith808]

Perhaps the analogy breaks down.  But I think that the points that I'm making are pretty relevant and obvious... or do you disagree with that?

[40hz]

it's not a felony for every postal worker between the mailbox you dropped it into and the recipient to read it.

-app103 (August 16, 2013, 01:55 PM)

Actually, I'm pretty sure it is. They've arrested postal workers in the past for reading and rummaging through other people's mail without a warrant to do so.

If you handed the envelope to your next door neighbor who then handed it to his, and so on, till it got to the other side of town, if anyone snooped into it on the way, it would not be a felony, just as it isn't a felony for you to snoop the traffic that flows through your own server.

That's also debatable and a gray area in law last I heard. Rules seem to vary from state to state on that. With online communications, at the very least you'd need to let the users know that it could happen - hence Google's dwelling on the phrase "reasonable expectation" which came from earlier court cases.

The interesting point here is that Americans have always assumed - and the laws previously defaulted - to a presumption of privacy in lieu of notice or explicit laws stating otherwise. That's one of the things that was supposed to be so different about this country.

Our current government is now working overtime to stand that concept on its head and disabuse us of the notion we, as US citizens, are morally and legally entitled to personal privacy.

[Stoic Joker]

Last I heard if you leave something for your neighbor in their mailbox, that ain't got a stamp on it ... It's a felony. Pretty much anything that involves a mailbox (including kicking one) is considered a felony, because the mailbox itself is considered federal property.

[wraith808]

The interesting point here is that Americans have always assumed - and the laws previously defaulted - to a presumption of privacy in lieu of notice or explicit laws stating otherwise. That's one of the things that was supposed to be so different about this country.

Our current government is now working overtime to stand that concept on its head and disabuse us of the notion we, as US citizens, are morally and legally entitled to personal privacy.

-40hz (August 16, 2013, 03:37 PM)

And *this* is my point.  By conflating the two, we're reducing our rights.  If we don't secure it, then it's OK to look.. and that's not the America that I grew up in.

[Jibz]

Much like app103's picture implies, I think it should have been

Email users shouldn't expect email privacy

instead .

[app103]

it's not a felony for every postal worker between the mailbox you dropped it into and the recipient to read it.

-app103 (August 16, 2013, 01:55 PM)

Actually, I'm pretty sure it is. They've arrested postal workers in the past for reading and rummaging through other people's mail without a warrant to do so.

-40hz (August 16, 2013, 03:37 PM)

I have not heard of a single case of a postal worker being fired or brought up on charges for reading a postcard, which is a lot different than opening an envelope or package. We are talking about something where the message sits out in the open, usually right next to the destination address. How would one even know the postal worker did or did not look at the message, even if they had a video tape of the incident? How would one know if they only looked at the address or not?

Last I heard if you leave something for your neighbor in their mailbox, that ain't got a stamp on it ... It's a felony. Pretty much anything that involves a mailbox (including kicking one) is considered a felony, because the mailbox itself is considered federal property.

-Stoic Joker (August 16, 2013, 03:47 PM)

Fine! Let's change my example to hand to hand delivery and keep the post office, postal workers, mailboxes, all federal property and anything related to such, out of it.

And let's change it from an unsealed envelope to a postcard or an unfolded post-it note while we are at it.

Does anyone still expect any privacy or security? Are you about to write down the pin code for your credit cards, the passwords for your web server, or the location and combo for a lock on a box containing $10,000 in cash? Would you even write how much you missed the person at the destination and what sexual acts you plan on performing on them the next time you see them, in full detail?

And if not, then why not?

[40hz]

I have not heard of a single case of a postal worker being fired or brought up on charges for reading a postcard, which is a lot different than opening an envelope or package.

-app103 (August 16, 2013, 04:04 PM)

Apologies. I was talking about a letter.

Does anyone still expect any privacy or security?

-app103 (August 16, 2013, 04:04 PM)

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

A lot of the arguments I hear about privacy and security always beg the question that we're somehow "asking for it" for doing the electronic equivalent of walking into a bar with a dress that's a little too short or a blouse that's a little too tight.

I don't buy that, nor do I concede the point that I should have to do anything much other than say "this is not intended for sharing or pubic perusal" and "mind your own business please."

I refuse to accept the argument that a certain level of craven behavior is the norm and absolutely must be expected. Because if I go down that road, then I'd be justifying much of what our government is currently doing and saying. Because their attitude is that we can't be trusted and must always be regulated and monitored and dealt with by those who are "the real Americans" and the "True Patriots."

And cynical as I may be under most circumstances, I still do not accept that attitude, either as a given, or as an unassailable truth.

I make contingency arrangements in the event of the worst. But I still keep hoping for the best. And I'm happy to say people surprise me (in good ways) at least half the time.


         "We can't 'get it together' Piglet. It is together..."

 

[app103]

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

[Stoic Joker]

Last I heard if you leave something for your neighbor in their mailbox, that ain't got a stamp on it ... It's a felony. Pretty much anything that involves a mailbox (including kicking one) is considered a felony, because the mailbox itself is considered federal property.

-Stoic Joker (August 16, 2013, 03:47 PM)

Fine! Let's change my example to hand to hand delivery and keep the post office, postal workers, mailboxes, all federal property and anything related to such, out of it.

-app103 (August 16, 2013, 04:04 PM)

  (hehe) Actually I understood and agree with you initial analogy ... I was just commenting on the tangent. 


You see despite the popular quest for deeper meaning, I'm actually quite happy with simple straightforward examples. It's basically the difference between short stories and entire novels. While both can make an excellent point, only one of them makes your head hurt in the process.

[wraith808]

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

I don't think the point is what you would expect, in terms of reality today.  It's what you should be able to expect.  And I don't think that, all things being equal, you should have to lock the virtual door in order to get privacy.  Privacy shouldn't have to be based on security.  Because if it is, then we have no privacy.  There are always people that with the appropriate amount of effort and desire, that can crack any security.

[40hz]

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

Expectation may be one thing. But using expectation as a justification or an argument for the inevitability and necessity of a certain behavior is another.

To my mind, part of your argument strays dangerously close to the tendency of some to blame the victim.

Just because something bad happens is not the same thing as establishing that it must happen...
 

[app103]

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

I don't think the point is what you would expect, in terms of reality today.  It's what you should be able to expect.  And I don't think that, all things being equal, you should have to lock the virtual door in order to get privacy.  Privacy shouldn't have to be based on security.  Because if it is, then we have no privacy.  There are always people that with the appropriate amount of effort and desire, that can crack any security.

-wraith808 (August 16, 2013, 06:58 PM)

It doesn't matter what you expect. In a broken system, if you know it is broken but aren't willing to admit it, how can you ever expect to come up with a solution to the problem? Pointing fingers of blame at those that point out that there is a problem, isn't a solution. In other words, pointing fingers of blame at Google for stating that there shouldn't be an expectation of privacy, doesn't fix the root problem that caused them to be able to state that.

And even if you can still reasonably expect privacy, that nobody will enter when you leave your front door unlocked, don't expect your neighbors to look the other way if you refuse to put up shades or curtains and stand nude in front of the big picture window.  

Expectation may be one thing. But using expectation as a justification or an argument for the inevitability and necessity of a certain behavior is another.

To my mind, part of your argument strays dangerously close to the tendency of some to blame the victim.

Just because something bad happens is not the same thing as establishing that it must happen...
 

-40hz (August 16, 2013, 08:15 PM)

Admitting and pointing out that the system is broken is not blaming the victim that is forced to use the broken system. Not at all. And if it seemed as if that was what I was trying to do, then you misunderstood, and I apologize, because that was not my intention at all.

I would very much like to see the system fixed, or completely thrown out in favor of something better. But that is never going to happen if people are too busy running around blaming others instead of coming up with a solution that is easy enough for everyone to use. Whether that means adding easy to use, idiot proof PGP (or alternative) support to all email clients and webmail services, or throwing the whole thing out in favor of something like bitmessage (or something similar) then so be it. Just hurry up and fix it already because I have a business to launch that is going to depend on idiots being able to send me sensitive information, securely, for which I currently have no free easy idiot-proof cross-platform solution. There is nothing out there that I can say "use this" or "install this" and not have to worry about providing many hours of troubleshooting and support to get them set up and using it. If I have to do that, I'll have to raise my prices, which I don't want to do. And if I say "screw the idiots" then I'll lose a lot of business, because my target clients are the idiots, the lazy, and the insanely busy, and I expect many of my clients to be a combination of 2 or more.

[Renegade]

More of my drivel about email being broken

I would very much like to see the system fixed, or completely thrown out in favor of something better.

-app103 (August 16, 2013, 08:41 PM)

Email is fundamentally broken. There is no salvation for it. It cannot be fixed. Something entirely new is needed. PGP could help, but has anyone ever actually tried to get it working? Messy at best. Then there's the spam problem...

[wraith808]

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

I don't think the point is what you would expect, in terms of reality today.  It's what you should be able to expect.  And I don't think that, all things being equal, you should have to lock the virtual door in order to get privacy.  Privacy shouldn't have to be based on security.  Because if it is, then we have no privacy.  There are always people that with the appropriate amount of effort and desire, that can crack any security.

-wraith808 (August 16, 2013, 06:58 PM)

It doesn't matter what you expect. In a broken system, if you know it is broken but aren't willing to admit it, how can you ever expect to come up with a solution to the problem? Pointing fingers of blame at those that point out that there is a problem, isn't a solution. In other words, pointing fingers of blame at Google for stating that there shouldn't be an expectation of privacy, doesn't fix the root problem that caused them to be able to state that.

-app103 (August 16, 2013, 08:41 PM)

In fact it *does* matter what I expect.  Like I said, reality is different from my expectations.  But should I change my expectations just because of that?  I mean, I can change my actions without changing my expectations.  People do it every day.  I expect that I shouldn't have to use security to get privacy.  The reality is, that isn't true. I can expect whatever I want, but know that the system is broken.  People do that everyday also.  But conflating the two isn't doing anything but doing the other side's work for them.

Let's put it another way.  Are you saying that just because your e-mail isn't secure, it's OK for anyone to spy on it?  Is the act of looking at your e-mail addressed to a person an invasion of privacy in and of itself?  Or is only an invasion of privacy if you encrypt/secure it?