Tech giant’s email snooping comes under the spotlight

Douglas Crawford

Douglas Crawford

March 21, 2014

The NSA and other government spying organizations have taken a lot of (quite justified) flack of late   over their mass surveillance activities, and not least for their apparent hacking of internal Google and Microsoft internal communications systems in order to gain access to millions of emails (although complicity of these firms in such activity remains hotly debated).

Tech companies’ response has been to quick stage big shows of outrage, to publish detailed transparency reports of government requests for data, and to demand the right for even greater transparency but, noble as this sounds, there is an elephant in the room.

Tech companies are among the worst offenders when it comes snooping on their own users’ emails. Google has after all built its entire business model on doing just that, and this is a fact that has been highlighted by two recent court cases,

 Microsoft vs. Alex Kibkalo

Alex Kibkalo was a disgruntled Microsoft employee who, following a poor performance review, allegedly leaked an unreleased version of Windows 8 to a blogger in France. A massive internal investigation at Microsoft followed, which obviously focused on the blogger. However, instead of taking any evidence to the police, Microsoft searched through he blogger’s Hotmail account emails to uncover the identity of his contact, Mr Kibkalo.

Microsoft defended the search, saying that such things happens ‘only in the most exceptional circumstances,’ but refused to comment on how often similar searches have been made in the past. It is true that Hotmail’s Terms of Service expressly forbid the uploading of stolen software, but then again, they also forbid, among other things, ‘vulgarity’ and ‘profanity’, something that Hanni Fakhoury, staff attorney with the Electronic Frontier Foundation, noted was a ‘pretty broad’ list.

In fairness to Microsoft, on Tuesday, following the attention this case has attracted, it made the surprise announcement that its future bi-annual transparency reports will include information about how often it accesses private customer data in this way. This great news, and signals a sea-change of policy from Microsoft.

Google vs. various (including National Public Radio, New York Times Co. and Washington Post Co.)

In a lawsuit in which it is fighting claims that its interception of emails amounts to illegal wiretapping, Google last Friday asked U.S. District Judge Lucy H. Koh to prevent the details of its scanning process from reaching the public eye.

The argument revolves ‘Content Onebox’, the system Google uses to scan emails. It is alleged that in September or October 2010 Google moved Content Onebox from scanning stored emails, to scanning ‘the delivery pipeline’, allowing it to extract data from email content before users even received the messages.  This is crucial, as unopened communications receive greater protection than stored ones under the federal Wiretap Act. The scanned unopened emails were then used to create profiles ‘from which they could extrapolate additional advertisements’.

The technology used in Content Onebox is of course proprietary, and Google has cited ‘security reasons’ for its unwillingness to disclose its methods.

The case (In re Google Inc. Gmail Litigation, 13-md-02430, U.S. District Court, Northern District of California (San Jose) continues.


Tech companies provide fantastically useful services, typically for free (at least in terms of money). There is a cost however, and it is paid for with our privacy. Edward Snowden’s NSA revelations have raised public awareness of the degree to which we have let the once prized notion privacy slip through our fingers in the name of convenience, but there is, fortunately, also a growing awareness that the technology companies whose products we rely on every day pose as least as great  a threat.

Exclusive Offer
Get NordVPN for only
Get NordVPN for only