Gmail and Privacy
Recently there has been a fair amount of discussion, including in the media and in legislative corridors, about Gmail and privacy. Google takes privacy very seriously. We are very upfront about our policies and we welcome a discussion of user experience and public policy as it relates to the Internet, email, and our services.
Some of the present dialogue, however, has been inaccurate, especially with regard to privacy concerns surrounding Gmail. Gmail does not represent a compromise or invasion of anyone's privacy.
We built Gmail to be the best and most useful webmail service in the world. A free service for anyone who wants it. And we built it with users' privacy in mind.
Below, we've provided a lot of detail to clear up some of the misinformation. But don't just take our word for it. Read what respected journalists and users have to say once they've tried Gmail.
Topics in detail
* Privacy in email
* Targeted ads in Gmail
* Scanning email content
* Rights of senders and recipients
* Commercialism and user choice
* Data retention
* Protecting your privacy
* Gmail and the law
* Public reaction versus privacy reality
Privacy in email
In personal email communications, there has always been, and always should be, an expectation of privacy between the sender and the intended recipients of a message, enabling open communication with friends, colleagues, family, and others.
Privacy is compromised, however, if personal information or private email content is shared with parties other than the sender and intended recipients without their consent. This is not the case when people use Gmail. Google does not share or reveal email content or personal information with third parties. Email messages remain strictly between the sender and intended recipients, even when only one of the parties is a Gmail user.
Of course, the law and common sense dictate some exceptions. These exceptions include requests by users that Google's support staff access their email messages in order to diagnose problems; when Google is required by law to do so; and when we are compelled to disclose personal information because we reasonably believe it's necessary in order to protect the rights, property or safety of Google, its users and the public. For full details, please refer to the 'When we may disclose your personal information' section of our privacy policy. These exceptions are standard across the industry and are necessary for email providers to assist their users and to meet legal requirements.
Targeted ads in Gmail
All major free webmail services carry advertising, and most of it is irrelevant to the people who see it. Google believes that showing relevant advertising offers more value to users than displaying random pop-ups or untargeted banner ads. In Gmail, users will see text ads and links to related pages that are relevant to the content of their messages. The links to related pages are similar to Google search results, and are culled from Google's extensive index of web pages. They are selected solely for their helpfulness and are not paid advertisements.
In Gmail, ads appear alongside messages, in the same way that ads appear next to search results on Google. As this screenshot shows, the ads are clearly identified as 'Sponsored Links.' They are displayed in a way that doesn't interrupt users as they read their messages and ads are never inserted into the body text of either incoming or outgoing Gmail messages.
Ads and links to related pages only appear alongside the message that they are targeted to, and are only shown when the Gmail user, whether sender or recipient, is viewing that particular message. No email content or other personally identifiable information is ever shared with advertisers. In fact, advertisers do not even know how often their ads are shown in Gmail, as this data is aggregated across thousands of sites in the Google Network.
By offering Gmail users relevant ads and information related to the content of their messages, we aim to offer users a better webmail experience. For example, if you and your friends are planning a vacation, you may want to see news items or travel ads about the destination you're considering.
To ensure a quality user experience for all Gmail users, we avoid showing ads reflecting sensitive or inappropriate content by only showing ads that have been classified as "Family-Safe." Gmail's filters also block ads from running next to messages about catastrophic events or tragedies, erring on the side of not displaying an ad if the content is questionable.
Many people have found that the search-related ads on Google.com can be valuable--not merely a necessarily evil, but a welcome feature. We believe that users will also find Gmail's ads and related pages to be helpful, because the information reflects their interests. In fact, we have already received positive feedback from Gmail users about the quality and usefulness of our ads and related pages.
Scanning email content
All email services scan your email. They do this routinely to provide such popular features as spam filtering, virus detection, search, spellchecking, forwarding, auto-responding, flagging urgent messages, converting incoming email into cell phone text messages, automatic saving and sorting into folders, converting text URLs to clickable links, and reading messages to the blind. These features are widely accepted, trusted, and used by hundreds of millions of people every day.
Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.
When a user opens an email message, computers scan the text and then instantaneously display relevant information that is matched to the text of the message. Once the message is closed, ads are no longer displayed. It is important to note that the ads generated by this matching process are dynamically generated each time a message is opened by the user--in other words, Google does not attach particular ads to individual messages or to users' accounts.
We recognize that seeing ads based on the content of an email message can be unsettling at first. Our experience has been that this feeling recedes as users become more familiar with Gmail. However, some people, many of whom have not used Gmail, have reacted by condemning all automatic scanning of email content, on the grounds that it amounts to a violation of privacy. We think this criticism is misplaced. All major email services, including Hotmail and Yahoo! Mail, automatically scan email content for the benefit of users. When email messages are fully protected from unwanted disclosure, the automatic scanning of email does not amount to a violation of privacy.
On the other hand, delivering information gathered through email scanning to a third party would be a violation of privacy. Google does not do this. Neither email content nor any personal information is ever shared with other parties as a result of our ad-targeting process.
Rights of senders and recipients
Some people have expressed the concern that Gmail may compromise the privacy of those who send email messages to Gmail accounts, since the senders have not necessarily agreed to Gmail's privacy policies or Terms of Use. Though it may seem plausible at first, this worry is based on a misunderstanding of how Gmail actually works, and ignores the fact that for senders and recipients alike, there is no privacy violation to begin with. Using Gmail does not violate the privacy of senders since no one other than the recipient is allowed to read their email messages, and no one but the recipient sees targeted ads and related information.
In an email exchange, both senders and recipients should have certain rights. Senders should have the right to decide whom to send messages to, and to choose an email provider that they trust to deliver those messages. Recipients should also have certain rights, including the right to choose the method by which to view their messages. Recipients should have the right to read their email any way they choose, whether through a web interface (like Gmail, Yahoo! Mail, or Hotmail), a handheld device (like a BlackBerry or cellphone), a software program (such as Outlook), or even via a personal secretary.
On the Internet, senders are not required to consent to routine automatic processing of email content, such as for spam filtering or virus detection, or the automatic flagging or filing of messages into folders based on content. Requiring senders' consent would make no sense: otherwise, no spammer would ever agree to automatic processing, and spam filtering would be impossible. Email providers essentially act as personal assistants for subscribers, holding and delivering their email messages and carrying out various tasks (such as deleting spam, removing viruses, enabling search, or displaying related information). And of course, recipients have the right to forward, delete, print or distribute any message they receive.
By choosing to use Gmail, users are seeing ads and related information that they could easily find by doing a web search using some of the keywords in their email. Google is simply presenting this information to them in a relevant and unobtrusive manner, while saving users the extra step of having to type keywords into a search engine.
There are also many scenarios in which a recipient will benefit from seeing ads and information related to an email message, without the sender's explicit consent. For example, if you receive an email offer from one local gym, there's value in seeing offers from other gyms nearby. The ability to see comparative advertising from different competitors is an important consumer right, even if the sender may not desire it.
We believe users have the right to choose a free, ad-supported webmail interface to read and send email. We believe that many users will choose the Gmail option, with full knowledge that this free service is supported by targeted advertising, and with confidence that Google is protecting the privacy of all of their email messages.
Commercialism and user choice
Some of the reaction to Gmail's targeted ads stems from a desire to restrain the encroachment of commercial activity on the Internet. Like other free webmail services, Gmail is supported by advertising. We believe that Google's ads are more useful than random pop-ups or untargeted banners, and that they offer the best possible experience for the majority of our users.
We understand that not everyone supports our position on advertising. It's harder to see why you shouldn't be allowed to make your own decisions about it. You should be able to choose for yourself how you read your email. You should have the right to decide whether or not to become a Gmail user.
Gmail is still in a limited test period. To date, most Gmail users have given us positive feedback on their experiences with the service, its features, and its ads and related links. We have seen no groundswell of privacy concerns from those actually using the product. Read just a small collection of users' feedback here.
Data retention
Some news stories have suggested that Google intends to keep copies of users' email messages even after they've deleted them, or closed their accounts. This is simply not true. Google keeps multiple backup copies of users' emails so that we can recover messages and restore accounts in case of errors or system failure. Even if a message has been deleted or an account is no longer active, messages may remain on our backup systems for some period of time. This is standard practice in the email industry, which Gmail and other major webmail services follow in order to provide a reliable service for users. We will make reasonable efforts to remove deleted information from our systems as quickly as is practical.
Protecting your privacy
Google takes privacy very seriously, and your trust is important to us. Gmail users should know:
1. Google does not share any email content or other personally identifiable information with advertisers.
2. No humans read any email messages to target advertising or related information that users may see on Gmail.
3. Users only see unobtrusive, targeted ads alongside their Gmail messages.
Google also takes several steps to guard the confidentiality of users' information by offering a number of industry-leading protections. Among other things, Gmail users benefit from:
* Encrypted access (HTTPS) available via https://gmail.google.com.
* An SSL-encrypted login by default. Your password is always encrypted when it is sent over the Internet.
* Blocked transmission of executable files, which often contain viruses or spyware that scanners may miss.
* No loading of external images by default. Many marketing or spam messages include hidden "web bugs" embedded in external images. Typically, when these images are loaded, the web bugs signal that the email address is active, thereby helping companies further perfect their recipient list for marketing or spam messages. Not loading external images helps to prevent this.
* Minimized "referrer" header information. When you click on links in messages, the web browser that loads contains a referrer header. When you click on links in Gmail, Google takes steps to eliminate this referrer header, preventing others from knowing that you clicked on a link from an email.
Gmail and the law
Many of the concerns around Gmail have centered on the use of automatic scanning technology to deliver relevant ads and related information, instead of untargeted commercial messages. These concerns are misdirected. Automatic scanning technology alone does not make it any easier for a government to obtain or access your email messages or other private information. Furthermore, email scanning is already being used by all email services to provide a host of popular features including spam filtering and virus detection.
Google does, however, comply with valid legal process, such as search warrants, court orders, or subpoenas seeking account information. These same processes apply to all law-abiding companies. As has always been the case, the primary protections you have against intrusions by the government are the laws that apply to where you live.
For more information about the laws applying to government surveillance or other requests for personal information in the United States, you may want to read the following:
* The Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq.
http://www4.law.cornell.edu/uscode/18/pIch121.html
* The ACLU's web page about the USA PATRIOT Act
http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12126&c=207
* The Center for Democracy and Technology's web page about government surveillance
http://www.cdt.org/wiretap/
* The Subpoena Defense Alliance
http://www.subpoenadefense.org/
Public reaction versus privacy reality
When we began the limited test of Gmail, we expected our service would be the subject of intense interest. What we did not anticipate was the reaction from some privacy activists, editorial writers and legislators, many of whom condemned Gmail without first seeing it for themselves. We were surprised to find that some of these activists and organizations refused to even talk to us, or to try first-hand the very service they were criticizing. As we read news stories about Gmail, we have regularly noticed factual errors and out-of-context quotations. Misinformation about Gmail has spread across the web.
That's unfortunate for Google, but why should you care? Because it may affect your right to make your own decisions about how you read your mail. This misinformation threatens to eliminate legitimate and useful consumer choices by means of legislation aimed at innocuous and privacy-aware aspects of our service, while simultaneously deflecting attention from the real privacy issues inherent to all email systems.
Let's be clear: there are issues with email privacy, and these issues are common to all email providers. The main issue is that the contents of your messages are stored on mailservers for some period of time; there is always a danger that these messages can be obtained and used for purposes that may harm you. There exists a real opportunity for misuse of your information by governments, as well as by your email provider. Careful consideration of the relevant issues, close scrutiny of email providers' practices and policies, and suitable vigilance and enforcement of appropriate legislation are the best defenses against misuse of your information. The only alternative is to avoid new technology altogether, and forego the benefits it provides.
Various people and organizations, including the Electronic Frontier Foundation (EFF) and Center for Democracy and Technology (CDT), have been helping to focus the debate on the real issues surrounding privacy and email. We've welcomed their input on Gmail and are engaging in a productive dialogue with them, and others.
When we began the limited test of Gmail, we had policies that were substantively no different from those of all other major webmail services. However, we understand that as a leader in our industry, we are held to a higher standard. We don't believe that the questions around email and privacy are resolved, and we are working to better understand what the issues currently are, and what they will be in the future. We are keenly interested in addressing these issues head-on, and in helping to fashion guidelines and public policies that protect the privacy of not only Gmail users, but everyone. We'd like your help in that process.