Confessions of a Mad Librarian

I think the proposed legislation is over the top, even as I think Gmail poses serious potential problems. I'm no libertarian, but this really is a case of a private business offering free goods in exchange for some probable invasion of privacy, and the only place for government intrusion is if it's clear that naive consumers are being misled as to the possible invasion. Given that email requires computer use, and that you'd have to actively sign up for Gmail, that's a tough case to make.

OTOH, I like Seth Finkelstein's take on this: If Microsoft was proposing this (or changing Hotmail to work in this manner), there would surely be a lot of brouhaha, if perhaps not legitimate legislation...

(And on the gripping hand, I just posted a grump on LISNews at MDoneil's "Californians are all crazy" comment based on the actions of one out of 32 million Californians...)

I certainly won't sign up for Gmail, but I'm not sure I can see the legislature stepping in at this point.

I haven't read the legislation, but I do think the that the focus on the *advertising* issue with GMail is a non-starter. There's just too much precedent that it's okay for companies to ask people to trade off the inconvenience/service/invasion of targeted advertising for one or another benefit. By raising the advertising issue, people worried about GMail allow their concerns to be too easily dismissed.

I find the privacy implications very serious, though. Consider this: in scanning email, GMail will be looking not just at text sent by its subscribers (who agree to the process) but at text sent by others (who did not sign) to the GMail account (if only when it is copied in a reply). Furthermore, the so-called argument that the mail will "only be read by a machine" is fatuous. The data will be scanned and analyzed (whether by human or not).

Ok, that's enough from me. Did not mean to go all Proust (or insert the name of your favorite, terribly wordy writer here) in your comments section. Hmmm ... I'm sure Proust isn't right here. I will have to think of what writer describes me at my wordy-worst.

Someone on LISNews also brought up the possibility of identity theft, but I don't know Google's standards for security -- I presume that it's a pretty stable set-up, since Google is already a major target for cybervandals and script kiddies.

One thing that has been brought up is the possibility of law enforcement access to the vast archives generated by Gmail. These accounts would definitely fall under Section 215 of the USA PATRIOT Act. Theoretically, they may also be accessed by subpeona for copyright holders looking to identify alleged infringers. But the CA legislature can do squat about the former and little to nothing about the latter.

Plenty of things to raise concern, but Figueroa seems to be looking in the wrong direction (I think).

And I don't think your response was in any way terribly wordy, Rick, and besides, I like some wordy writers (Bradbury, Austen, T. C. Boyle ...). Since I like madeleine cookies, however, I'll accept your self-appellation of Proust.

Furthermore, the so-called argument that the mail will "only be read by a machine" is fatuous. The data will be scanned and analyzed (whether by human or not).

No meaningful difference between a human being and a computer program, Fred?

Of course there is a meaningful difference between a human being and a computer program, Jack. And that quite clearly is not what I wrote. With particular reference to this discussion, computer programs are much more efficient at scanning and accumulating data than are human beings. That data then can be used (and perhaps misused) in any number of ways.

It is silly to presume that constructing a program to analyze data somehow insulates those whose words are analyzed from abuse. If anything, it increases the opportunity for abuse.

It is silly to presume that constructing a program to analyze data somehow insulates those whose words are analyzed from abuse. If anything, it increases the opportunity for abuse.

The question was whether there is any difference between having a machine or a human being scan messages and place emails--a distinction you rejected as "fatuous." You said, "The data will be scanned and analyzed (whether by human or not)."

My own sense is that this distinction would not be at all "fatuous" to most people, analogous to the distinction between being "wanded" and being frisked.

UCLA law professor Eugene Volokh comments, "Presumably Ms. Figueroa really doesn't want anyone other than the recipients looking at her e-mail, even if that's a computer program that doesn't report the contents to anyone but just tailors advertising to her." "Even if" means not fatuous.

The question was whether there is any difference between having a machine or a human being scan messages and place emails

No, the question was:

No meaningful difference between a human being and a computer program, Fred?

And the answer was that there is a difference, of course. The difference just isn't that there is no possible harm that could come from having software do the scanning instead of having people do the scanning.

In fact the ability of computers to scan, compile and process huge amounts of data is what makes such scanning more problematic (and no less invasive) than having human beings do the process directly. What is fatuous is the idea that automated data collection is a process that can be secured against abuse, whether that abuse is designed into the system or comes from human intervention in the system.

Your analogy is incorrect. The difference is not between being frisked or wanded at an airport, it's between having your letters and books examined by a customs official, or having them scanned, searched for key terms, and the results compiled in a database for immediate analysis and future use. Either one is abusive (something we'd expect to see from the Stasis, no?). But potential for abuse is exponentially greater with the second method.

First, I meant to say "place advertisements," as I hope was clear from the context.

I am puzzled as to why you would grant my first point--that there is a difference between scanning by a human and by a computer program, which is what Volokh's comment got to--and then differ with me on an issue that I never raised, the question of "no possible harm," etc. Why would you state that it is "fatuous" to argue that there is a difference, and then take issue with me as to what that difference is?

Your alternative analogy is a dystopian nightmare that I believe (sincerely hope!) bears no resemblance to the case at hand. Cuban officials examine letters and books; if you have seen American officials doing this, then this is an absolute outrage.

It may very well be that I have not followed this matter as closely as you have, but I haven't seen anything resembling a statement from Google that they intend to compile a database "for immediate analysis and future use." What I've seen is that some messages will remain on servers for a period of up to several months after the customer cancels, as is also true of other free e-mail services. My sense is that the "analysis" will be ad hoc, and than no analyzed data will be saved, let alone given to third parties, as Yahoo does do. Have I missed something, or are you objecting to the "precedents" rather than the actual practices? Your mention of "potential" for abuse leads me to believe that that is your point....

Thanks to Eli for hosting this discussion!

The question of advertising is irrelevant, as I stated in my original comment.

As for granting your point, no, I can't say I was doing that either. Nor was I arguing you in the first place. You came into this discussion later on. I was making my own points. And I never argued that there is no difference between a third-party (human) reading emails and a computer scanning emails. I argued that the differences do not amount to a case for seeing machine reading as less invasive than human reading.

As for the analogy, I was simply offering a corrective to the analogy that you presented, which does not clarify the issues at hand. Of course the analogy I presented seems dystopian -- it was meant to seem that way. Because the kinds of surveillance involved in reading other people's mail (by human or machine) absent demonstrated probable cause should be reprehensible to anyone who believes in democracy.

Oh, and I have seen U.S. customs and immigration officials reading peoples' private letters and such as they attempt to cross borders.

Poor, poor Eli. Anytime you feel like the cowboys are bustin' up your saloon, don't hesitate to tell us to take it outside.

Because the kinds of surveillance involved in reading other people's mail (by human or machine) absent demonstrated probable cause should be reprehensible to anyone who believes in democracy.

It is not "surveillance" for a computer program to place advertisements and record nothing of what was scanned. You are objecting to a state of affairs that does not exist.

As far as "taking it outside," I thought we were having a discussion...

The question of whether there is advertising involved or not is irrelevant. Third-party monitoring of email for any purpose is surveillance.

As far as "taking it outside," that was a joke that returned to a theme from my original comment in this thread -- that it can be rude to take up too much space on someone else's weblog with excessive comments. It was an invitation to Eli, should she choose to do so, to call a halt to the thread. Not that it's necessary, but I don't want to overstay my welcome here. I'm sure she understood what I meant. Again, not wanting to get all Proustian all over her weblog ...

Third-party monitoring of email for any purpose is surveillance.

Says who, you? The American Heritage Dictionary of the English Language (2000) defines "surveillance" as:

1. Close observation of a person or group, especially one under suspicion. 2. The act of observing or the condition of being observed.

So, do computers "observe"? I don't think so.

How can advertising be "irrelevant" to consideration of a program whose entire object is to place advertising?

You reject consideration of the true purpose of the program, and insist wish to argue that computers can, in and of themselves, "observe" people. You are painting a fantastic, dystopian world.

I think this has been an interesting discussion, and I thank you both for participating.

However, I think the argument is starting to become circular, and I'm not sure my comments section is expansive enough venue for an in-depth discussion this has become.

Plus, you're both starting to intimidate the poor grad students reading this. Well, at least one grad student. And I'm not completely opposed to being speechless on my own blog, but it's not the best precedent.

Would you mind terribly posting closing comments for this topic?

Okay, make that my closing comment.
Thanks, Eli, and thanks, Frederick.

I've been asked by Jack to give a wrap-up with my feelings on the issues discussed. This has the potential of getting Proustian (to continue the joke), but I will try to be succinct.

1) Many people tend to give up bits of their privacy for the sake of convenience all the time. Some never consider the short or long term consequences beyond the convenience they are granted. A few are extremely vigilant, declining a lot (but not all) conveniences in order to control what the world knows about them. I'm somewhere in the middle: there are times when I accept the convenience over privacy with foreknowledge, there are times when the privacy concerns don't hit me until after I've signed up for a service, and there are times when I'll decline a convenience for the sake of my privacy.

2) It's increasingly easy to lose more control over one's "data". And honestly, this might not be a completely bad thing. There is, for instance, a number of web content publishers that do not like the Google cache or the Internet Archive because if they removed their content from their sites, they don't want it to stay around on someone else's server. However, I've used both tools for my job and my research and even for play. I'm a strong proponent of digital preservation, especially Internet archiving, and the idea of shifting information holes in the short and long term disturbs me. But those tools mean that we aren't in control (or that we have to work quite a bit harder to maintain control) of what was once thought of as our personal information. Which leads to my last major point ...

3) Data is sticky. As easy as it is to lose data (or have it stolen/manipulated), or have it become obsolete, it can be strangely persistant ... showing up in the oddest places. And when data gets aggregated, there is always the temptation (often justifiable, but sometimes not) to do something with the data.

To get back to Gmail, what will Google do with keywords that are scanned and analyzed to pull 'appropriate' advertising for the recepient? Are they getting tossed? Are they getting logged? If the latter, will personal identifiers get stripped out or left in? Do we have the assurances of Google as to what they'll do with any log files? Under what circumstances would such files be available to a) Google partners, b) private 3rd parties, c) state actors (law enforcement, the IRS, Dept. of Health, whoever).

I don't know. I don't know that Google even knows at this point. And even if they do know, and develop a standard of practice that I and others agree with, would that change in 5, 10, 25 years?

I admit that I am a hopeful pessimist: I want the best but tend to assume the worst until I can get talked out of it. Right now, only machines are scanning the mail. And it is for one primary application right now. But I don't think it's too far fetched to consider that such data would be considered too valueable to throw away, and secondary applications can be found for it ... applications that the Gmail user did not anticipate and may not have consented to if it was known at the time they agreed to this service.

Just my $0.02. Thank you again.