The cloud isn’t always an easy concept for people to grasp, even before we add in complexities like public cloud versus private cloud versus hybrid cloud. For a non-technical audience, I usually use webmail to help them understand the cloud. I can login to Yahoo! Mail, or Outlook.com1, or Gmail, from any computer in the world, and I’ll see everything the same on that webmail service. Since there are lots of webmail users, starting off with a known concept and explaining how it’s one type of cloud helps them grasp the idea.
The problem is that webmail in general, and Gmail in particular, is a public cloud. It’s a public cloud that you’re not paying for. Servers, storage, and bandwidth are not free. To pay for the resources that Gmail needs, Google shows you ads that it thinks are relevant to you. But now, Google has explicitly said that its users should have no expectation of privacy:
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.
Users can have a legitimate expectation of privacy of information that they voluntarily turn over to third parties. There’s plenty of data that I voluntarily turn over to a third party. Every conversation that I have with my doctor or my lawyer contains data that I’ve voluntarily turned over to them, and I have the expectation that they’re going to keep that information private unless I authorize them to do something else with it (say, use it anonymously as part of a medical research study). As a researcher myself, I get lots of sensitive data from the participants of my research, and I’m very careful to ensure that my participants’ sensitive data is not revealed to anyone. When I’m reporting results to my own team, I would never say “Eddie Dinel, Director of Program Management at VMware, said …”. Instead, I always say “Eddie, a senior manager at a technology company, said …”2. I make sure that the information that participants share with me is kept private.
If you’re using a cloud for sensitive data, you should be careful to understand what the privacy policy is of that cloud. Gmail has told you that you can’t expect privacy from them. This might or might not change your usage of Gmail, but don’t assume that their stance on privacy applies to every other cloud out there.
there’s so much wrong with Google’s reply. To a certain extent, they have a point. They have to look at the contents of the email, at least the envelope data so they can transmit it correctly, file it correctly, etc. For anti-spam to work, there has to be some level of content analysis done as well.
But dear god, is there anyone at Google who has ever talked to another human being who wasn’t an engineer?
If Google’s reply had been “we look at your mail in the same way that the post office does: we use algorithms to figure out how to handle it, including trashing it if it’s spam”, it would’ve been a much better response. But they drew a comparison to an my assistant, who is an actual person, opening and reading my mail. An algorithm looking at my mail to determine how to deliver it to me is one thing, but a person reading my email is a very different thing.
I’m not a fan of GMail or the “free public cloud” in general, but it is not really fair to smear them as the authors of the quoted text. The critical part is a direct cited quote from a 1979 case that is absolutely valid in this context. We’ve had decades to make the law otherwise in the US, but for a mix of evil and noble reasons we have not done so.
On the “noble” (ish) side, I can personally testify to the fact that for at least 20 years sysadmins have been telling users that Internet email is intrinsically non-private and that adding on privacy carries costs in UX, interop, and cold hard cash for skilled tenders. Oh, and also: no amount of money and/or inconvenience can provide perfect privacy for email.