Google reads your emails

Let me start with this news item from two days ago, Google admits it’s reading your emails:

GOOGLE HAS UPDATED its privacy terms and conditions, eroding a little more of its users’ privacy.

Google is so far unapologetic about its changes, despite having created some controversy. The bulk of the responses worry that Google is now able to read users’ emails and scan them for its various purposes.

In its terms and conditions the firm said that its users agree that information that they submit and share with its systems is all fair game. Its update, the first since last November, makes the changes very clear.

This I have known myself since last October. This is the report I sent to IT within the University:

I am doing a presentation on Tuesday next week and wrote the following note to the coordinator of the seminar:

This is the paper I will speak to which is an update on my previously published paper. I cannot believe how much things have evolved from then. I will also do a set of overheads which will help me keep track of where I am and might even be of use to those who come to listen.

Attached to it was my paper named nowhere other than in the paper itself:

The Use of Multiple Choice Questions with Explanations for Economic Assessment

This was the same title for a paper I had written in 2008 and put up on an academic website along with an abstract. But for the past five years the paper had simply been a paper that could be accessed but no one had. And then, a few hours after sending my note off to the coordinator of the seminar I received the following email:

Hi Professor Kates,

Hope you are doing well.

I would like to introduce myself as [redacted], one of the fastest growing research acceleration firm. We have been working with academicians from 35 of the top 100 universities across the globe including researchers from Harvard, Wharton, Stanford, MIT, NUS, and INSEAD.

We help researchers with Data Harvesting, Analytics, Visualization and Technology Implementation. As an organization, our primary focus is to increase research productivity, reduce research costs, and enable researchers focus on the most important facets of their research. You can read more about us here .

As we read through the abstract of research paper on The Use of Multiple Choice Questions with Explanations for Economic Assessment, we thought it would be a good idea to set up some time for a short call and explore how we can help you accelerate your research. Let me know a good time and we can schedule a call accordingly. I look foward to hearing from you.

Regards

I do not believe in coincidences, specially not one in a million shots like this would have been. This was, moreover, not just someone who had read my email but had been able to open my attachment, read its title and presumably anything else they chose to read within the contents, and then send me a follow-up email, all on the same day.

It’s not just the NSA and it’s not just our foreign enemies. My google account information is not just being shared but my attachments can be opened by total strangers. And the more I think about it, the more it burns me up.

I then had very helpful assistance from someone in our IT department who was as interested as I was in whether Google really was reading my emails and allowing others to read them as well. After quite a number of emails back and forth to each other, this was the final email sent to me.

Hi Steve,

Apologies for the delay in getting back to you.

I’ve had some ongoing discussions with Google Support and here is the summary. They say that a message that travels only within Google servers can’t be accessed in transit, so could only be seen by a third party if the sending or receiving account is compromised by eg. phishing.

However, they also say that their mailflow algorithms mean that an email sent from one Google account to another, even sent from a Google user to themselves, may leave Google’s mail servers and come back in again. In that case, messages travelling on the internet would be subject to the inherent insecurity of email.

I’ve done a quick search to find a good explanation of why/how email is insecure, and I think this one sums it up pretty well:

http://www.digitaltrends.com/mobile/can-email-ever-be-secure/

As I understand it, hacking of email in transit, by eg. packet sniffing etc, is thought to be pretty rare. But it’s possible. However, there’s no way we or Google can establish whether or not this has happened since it would have occurred out in the wild, on servers or connections to which we have no access.

Not only is it not “out in the wild” or “pretty rare”, it even turns out to be integral to the google mail (gmail) system and no doubt common. The fact of the matter is that you do not know who your emails are being diverted to or who is reading them or the attachments. And now that Google has said so in public, it burns me up even more.

This entry was posted in Cultural Issues. Bookmark the permalink.

49 Responses to Google reads your emails

  1. ar

    Well, they say “don’t do evil” so it’s probably all above board.

  2. cynical1

    A machine may do something.

    A human would hardly sit there poring over billions of emails send daily.

    They do say never send anything via email you would not say in person.

    Storm, meet teacup.

  3. Tel

    One week it’s a crazy conspiracy theory… next week everyone knows that, what’s the big deal?

  4. Rabz

    Why anyone other than the intended recipients would want to read my emails is beyond me.

    But hey, knock yourself out.

  5. Walter Plinge

    “Storm, meet teacup.”

    Nailed it.

    Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection,” it added. “This analysis occurs as the content is sent, received, and when it is stored.”

    Customised search results and malware detection are actually useful. Tailored advertising not so much; like many people I use ad blockers, GIF filters, Flash stoppers and so on. I rarely see advertising on line. Ghostery stops ad tracking and the like.

  6. Senile Old Guy

    One week it’s a crazy conspiracy theory… next week everyone knows that, what’s the big deal?

    Exactly.

  7. Aristogeiton

    Not only is it not “out in the wild” or “pretty rare”, it even turns out to be integral to the google mail (gmail) system and no doubt common. The fact of the matter is that you do not know who your emails are being diverted to or who is reading them or the attachments.

    It is rare to the point of being almost non-existent. What has probably happened here is that one of your recipient’s accounts has been compromised.

  8. Riverina Matt

    If someone provides you with an IT service for free – then you are not the customer, you are the product!

  9. Leo G

    Does that mean any unencrypted matter transferred to another party via Gmail should be considered “published”?

  10. Sometimes I have fun by inserting meaningless stuff into my the bomb will be planted in the central railway station emails or text and even into online I’d like to see Barrack Obama shot dead chat or blog forums.
    Gives them something to read.

  11. Bruce of Newcastle

    And now that Google has said so in public, it burns me up even more.

    When email first became available I have always assumed it is available to be read by someone other than me and the recipient. I’ve therefore always been careful with what I write in an email, most especially a work email. This personal policy has served me well for more than 20 years.

    It amazes me that people do not make this assumption.

  12. cuckoo

    The first form of electronic personal communication – the telegram – involved a human operator reading your message, counting the words to know what you had to pay, and then encoding the message. And of course there was another human operator at the other end, also reading the message as they decoded it. So people who wanted privacy had to rely on codes and private references. That’s my attitude to email. (And if you love literature but have never read Henry James’ great story about a telegraph clerk – ‘In the cage’ – I urge you to do so.)

  13. Senile Old Guy

    I’ve therefore always been careful with what I write in an email, most especially a work email. This personal policy has served me well for more than 20 years.

    It amazes me that people do not make this assumption.

    Of course, especially if you use a “free” service. Unless, you are encrypting it.

  14. Craig Mc

    You should try a controlled experiment, sending a concocted email and attachment with a shibboleth title to a single trusted recipient and see then if it leaks.

    Of course WordPress here has just told Google about my idea, so they’re already onto me.

  15. Aussieute

    When we are working with clients with IP related issues we specifically prohibit the use of ANY email and provide a secure online system, hosted within a banking network.

    Also why I don’t use any USA owned/hosted frameworks as well.
    We encrypt other confidential email as well

    Paranoid? Yes because they are out to get me ;-)

  16. dan

    Steve you are very muddled on this one.
    No-one is ‘reading’ your emails. They are being automatically scanned. There are legalistic reasons why this statement came out. They are nothing to do with strangers reading your emails. Most if not all major email or internet providers scan your emails (obviously) because they employ spam filters. The fact that Google also use the info for ads doesn’t change privacy implications.

    In fact Google mail and Drive are now both encrypted, if email is sent Gmail->Gmail it is encrypted all the way (but not if it comes or goes to say Hotmail). Your recipient presumably had been hacked or more likely this is entirely coincidental.

    If you send email Gmail-Gmail and both use 2 factor authentication your chance of anyone seeing your emails without NSA authorisation is effectively zero. And if you are worried about that sort of thing, be aware that high powered microphones 100m from your study can listen to your keystrokes and reconstruct what you are typing.

  17. Leo G

    So Google gives the Go to ogle?

  18. Baldrick

    If they want to packet sniff my emails, well what can I say. Go your hardest. Why stop there … why not try my hard token or latent redundancy while you’re at it.

  19. Zatara

    Also why I don’t use any USA owned/hosted frameworks as well

    Naturally, as only the evil Americans would think of doing such things….

  20. David

    So Google gives the Go to ogle

    LOL :-)

  21. Sir Fred Lenin

    Dont mention,bin laden,bombs , mosque,iman or jihad ,you will be pretty right then.OH slush fund,backhander nd gift are taboo too!

  22. Sir Fred Lenin

    Another cure to prevent snoopers is Alfoil in your ears,it prevents “Them” reading your thoughts.met a Russian guy who told me this trick to prevent KGB from reading his thoughts,it must have frustrated them ,they let him leave Russia during their alp type regime.in 1987.

  23. Walter Plinge

    Of course WordPress here has just told Google about my idea, so they’re already onto me.

    Along with Facebook Social Graph, Google Analytics, Gravatar, and Twitter Badge: all trackers running off this site.

  24. be aware that high powered microphones 100m from your study can listen to your keystrokes and reconstruct what you are typing.

    Different keys make different sounds? What are you typing with, a piano?

  25. Mitchell Porter

    For those who are curious, the company that wrote to Steve Kates can be found by searching for “research acceleration firm”.

    The letter is a form letter and portions of it have been quoted by at least two other recipients elsewhere online. I suspect that the reason Prof Kates was targeted is more humdrum than anything involving hacking or illicit access to emails, e.g. perhaps his seminar organizer posted his seminar’s title on a mailing list monitored by someone from the company.

  26. Dan

    If someone touch types rapidly they will strike each key in a characteristic fashion. After a long enough sample size has been reached (I don’t know how they initially calibrated) software can use probabilities to guess at the keystrokes. Proof of concept occurred in 2005 (80% accuracy)

  27. Tel

    If someone provides you with an IT service for free – then you are not the customer, you are the product!

    That theory would apply to government facilities as well I presume.

  28. Leo G

    Another cure to prevent snoopers is Alfoil in your ears,it prevents “Them” reading your thoughts.met a Russian guy who told me this trick to prevent KGB from reading his thoughts.

    Can’t be the same chap who used to chain himself to the gates of the NSW Parliament. He claimed that alfoil was ineffective as it only shielded the electrostatic signals. Proper security for emr signals involved a ferromagnetic material. Try ball bearings in the ears.

  29. Tel

    Different keys make different sounds? What are you typing with, a piano?

    The cable on the back of your keyboard radiates at some harmonic of the embedded CPU in the keyboard (usually 2MHz, 4MHz, etc) and the matrix under the keys also radiates. To get the distance, the receiver antenna needs to be very directional, but since the keyboard radiates all the time, there’s plenty of opportunity for the snooper to line it up (unless you are sitting with a laptop on a train or something like that).

  30. Leo G

    If someone touch types rapidly they will strike each key in a characteristic fashion… software can use probabilities to guess at the keystrokes.

    Helps explain the iPad keyboard design.

  31. Another cure to prevent snoopers is Alfoil in your ears,it prevents “Them” reading your thoughts.met a Russian guy who told me this trick to prevent KGB from reading his thoughts.

    Nup – but this works every time.

  32. kae

    iPhone keypad

    Why is the M right next to the backspace key?

    Why, when you think you’ve hit a key does a nearby letter show up in your typing? Soooo annoying! And my fingers aren’t that huge!

  33. stackja

    kae
    #1271122, posted on April 19, 2014 at 6:08 pm
    iPhone keypad
    Why is the M right next to the backspace key?
    Why, when you think you’ve hit a key does a nearby letter show up in your typing? Soooo annoying! And my fingers aren’t that huge!

    Steve Jobs!

  34. entropy

    If someone provides you with an IT service for free – then you are not the customer, you are the product!

    The reason I don’t use gmail, avoid google search as much a possible, and don’t use an android device.

    That said, I think Steve was victim of a hack into the uni servers.

  35. RCon

    Reasonably sure the whole automated scanning of emails for purpose of targeting ads has been a part of gmail since inception back in the early 00′s

    A lot of my more “security conscious” mates were very reluctant to sing up for that reason.

  36. Dan

    Reasonably sure the whole automated scanning of emails for purpose of targeting ads has been a part of gmail since inception back in the early 00′s

    A lot of my more “security conscious” mates were very reluctant to sing up for that reason.

    That scanning is not a security issue.

    Do they also avoid any email service that has a spam filter? I guess I can respect people who are so paranoid they make dinner plans over tor but it’s a stretch to imply its necessary.

  37. Tel

    I can respect people who are so paranoid they make dinner plans over tor…

    Really depends on the sort of things you talk about over diner, and who’s smartphone has been hacked to provide a live mic.

  38. Tel

    That said, I think Steve was victim of a hack into the uni servers.

    Hackers can zap your pancreas? Oh crap, I’ve been wearing the tinfoil in the wrong place.

    Be back shortly…

  39. JohnA

    The Beer Whisperer #1271046, posted on April 19, 2014 at 4:16 pm

    be aware that high powered microphones 100m from your study can listen to your keystrokes and reconstruct what you are typing.

    Different keys make different sounds? What are you typing with, a piano?

    Might sound better… :-)

  40. I am doing a presentation on Tuesday next week and wrote the following note to the coordinator of the seminar

    … or maybe the coordinator entered your details into some database which was then accessed by this “research acceleration firm”.

  41. Luke

    Well how else do you expect Google to get their preferred government?

  42. Talleyrand

    .. am doing a presentation on Tuesday next week and wrote the following note to the coordinator of the seminar

    Was the seminar advertised somewhere on the internet via the School/Department’s site freely available?
    Example.

    If so, it was scrapped by some search worm, and your details and content description harvested and linked up to LinkedIn, your bio at University etc, and thence to create a marketing email back to you.

    Gedanken sind frei, aber nicht das Internet…

  43. Dan

    The recipient did something to put hose details on the web and the ‘hacker’ had a daily search alert presumably via google which sent him the data soon after it was indexed (which is now almost immediate).

  44. Dan

    Well yes Tel if you are planning a revolution then tor might be necessary, but for normal social or business purposes industry standard encryption is a reasonable compromise.

  45. Steve Kates

    To make it more clear, the sequence of events was that I sent my note to Jonathan with a document name something like “131020sa.mc1″ which can give no clue about its contents let alone the title of the document. When I received the response within half an hour from an outsider I went to Jonathan to ask whether he had sent the document to someone else. And in fact, he had not even opened the document at that stage. A document sent by gmail is not closed but can be opened and examined by those to whom certain trigger alerts are available. I cannot see given the circumstances how someone else might have emailed me about the exact subject of my email unless they had looked at the contents of the email. The possibility of coincidence is one in a million – same day within half an hour is not remotely probable.

  46. Dan

    A document sent by gmail is not closed but can be opened and examined by those to whom certain trigger alerts are available

    Steve it is as of recently 128 bit encrypted end to end, what do you mean by this? Previously it was like all other email, ie insecure. Nothing particular to gmail.

  47. Dan

    It’s interesting that a research firm thinks it can get your business by hacking your email

    hi ya Steve,

    I see from your confidential email you have some interesting research underway. Our firm may be of help, for a modest fee.

    Sincerely Faithfully Regards

    Dianne of marketing

    I’d be surprised if the company is indeed legit

  48. Diogenes

    The reason for Google’s notice is to get around a little problem they are having in the States and were about to have here ie several school districts had just banded together in a class action suit against Google.

    Many may not know this but Google provides the email platform for many school districts in the US , and for NSW DEC students (and “real soon now” (for the last 2 years) we (NSW DEC Teachers) will be encouraged to have the students use the other google apps for project work (some really good collaborative tools).

    Google have promised that no ads will be shown if mail & apps are used under a school account, but all the scanning/profiling they do will continue & when Google is able to match a “real” id to the school account, the information they glean from the school account will be used to target ads in youchube , ordinary gmail & all places where google serves ads.

    I would guess that the company [name redacted] never actually saw your email, – but something in it triggered an email “ad” served by google

Comments are closed.