The gigabyte storage capacity and long memory of Google Inc.'s planned Web-based e-mail service are making it a big target for privacy campaigners -- and the name, Gmail, could soon be the subject of a trademark dispute, too.
A coalition of 28 privacy and civil liberties groups wrote Google founders Sergey Brin and Larry Page a letter Tuesday urging them to think again about the service, which they said sets potentially dangerous precedents for the automated scanning of private communications. The service may conflict with European privacy laws, and should be suspended until privacy issues are addressed, they wrote.
The letter's signatories include the World Privacy Forum, the Privacy Rights Clearinghouse, Bits of Freedom, the Consumer Federation of America, the Electronic Privacy Information Center, the Foundation for Information Policy Research and Privacy International.
When Google announced the Gmail service on March 31, the Mountain View, California, company said it will scan the text of all incoming e-mail in order to place appropriate advertisements. This is a bad idea, according to the privacy campaigners, because "The scanning of confidential email violates the implicit trust of an email service provider."
Many e-mail systems already scan message content in an effort to block spam, but inserting ads in incoming e-mail is fundamentally different than removing harmful viruses and unwanted spam, the campaigners said. Inserting ads on the fly requires a chain of directories, databases and logs, and a long memory. Those auditing trails could be correlated with data collected from Google's search site, or social networking site Orkut, they said.
Google Vice President of Engineering Wayne Rosing sought to reassure the campaigners: The Gmail user's name is not sent to the ad server, and when the system scans the email, it does not look at the To or From fields, only the subject and body of the mail, he said in an interview.
Whatever the details of Gmail's scanning process, it sets dangerous precedents and reduces users' expectations of the privacy of e-mail, the civil liberties groups said.
"These precedents may be adopted by other companies and governments and may persist long after Google is gone," they said.
One of the letter's signatories emphasized this danger in a phone interview.
"The mail is not just being scanned, it's also being indexed, and governments might want to know if a word is in the index, and if so, who used it," said Maurice Wessling of Bits of Freedom, a civil liberties organization in Amsterdam.
"The unlimited period for data retention poses unnecessary risks of misuse," they wrote, adding that Google's policies on retaining data and correlating it between business units are problematic, lacking clarity and being too broad in scope. The company should set clear limits on how long it will retain user account, email and transactional data, and provide clear written policies about data sharing, they wrote.