For Google, the long-running dispute over its data-mining of email just won’t go away.
Last Friday, the US District Court for the Northern District of California issued an order denying Google’s motion to dismiss a lawsuit brought by plaintiff Daniel Matera which alleged that Google violated federal and state wiretapping laws in its operation of Gmail.
The Wiretap Act prohibits the interception of wire, oral and electronic communications.
The headache that just won’t go away
In March 2014, the US District Court for the Northern District of California heard a lawsuit complaining that Google was scanning millions of students’ emails to build up profiles of users’ interests so it could target advertising at them.
The nine plaintiffs in that lawsuit similarly alleged that Google violated the Wiretap Act. But US District Judge Lucy Koh, denied the request for class-action status since it would be impossible to determine which email users consented to Google’s privacy policies.
A short time later, after admitting to Education Week that it automatically “scans and indexes” the emails of its Apps for Education users even though ads are off by default, Google announced in a blog post that it had:
… permanently removed all ads scanning in Gmail for Apps for Education, which means Google cannot collect or use student data in Apps for Education services for advertising purposes.
Google might have thought that move would put the data mining controversy to bed.
But no …
This latest ruling
In this latest twist, Judge Koh found Google’s policy of intercepting and scanning emails before they reach the inbox of the intended recipient may violate the California Wiretap Act and denied Google’s motion to dismiss Matera’s lawsuit.
Matera is not a Google customer but claims that the “ubiquity of the email service” means that Google has still intercepted, scanned and analysed his and many others’ emails:
[Matera] seeks to represent non-Gmail users “who have never established an email account with Google, and who have sent emails to or received emails from individuals with Google email accounts.”
He claims that Google is intercepting and scanning his emails for commercial purposes:
Google allegedly acquires and interprets the content of emails sent or received by Gmail users through “Content Onebox” and “Changeling,” which are “distinct piece[s] of Google’s infrastructure.”
Google then uses a process called “Nemo” to determine how to best monetize the data extracted from the intercepted emails.
In its defense, Google argued that scanning emails was an intrinsic part of its service – part of the ordinary day-to-day operations of its business that meets the “ordinary course of business” exemption in the Wiretap Act.
Koh disagreed, noting that just because something is routine it doesn’t automatically fall within the scope of the “ordinary course of business” and that Google had shown in 2014 that it could operate Gmail for specific groups of users without scanning their emails.
The ruling, as Ars Technica reports, means Google now has no chance of getting the lawsuit, which was filed in September, thrown out early.
The controversy over Google’s scanning of non-users’ emails will rumble on.Follow @NakedSecurity