Is Google Too Big to Sue Over Gmail Privacy Concerns?
Google, fighting claims that it illegally scans private e-mail messages, says it shouldn’t have to face a lawsuit that lumps together hundreds of millions of Internet users. It may not have to, but the issues the lawsuit raises may be harder to deflect.
A case brought against Google in 2013 claims it violates a federal wiretap law, as well as several state privacy laws, by intercepting, reading, and mining the content of messages sent through its Gmail service, which has 104 million users in the U.S. The information, the suit claims, is used to target ads and build user profiles.
Privacy experts say the case raises important questions about how companies such as Google and other Internet companies make money from user data for a digital ad market that generated $42 billion in the U.S. last year. (Yahoo!, Facebook, and LinkedIn are facing similar actions.)
The Google lawsuit is what’s known as a consolidated action, combining several lawsuits filed from 2010 to 2012 by Gmail users and other e-mail services in states including Texas, Pennsylvania, and Florida. The case seeks to represent a class of plaintiffs numbering in the hundreds of millions. That number includes non-Gmail users whose messages make their way through the Gmail system and users of other services, such as Google Apps for Education, which powers e-mail services at many universities. Class-action status would allow plaintiffs to pool resources and put greater pressure on Google to settle the case.
The plaintiffs face “a very steep hurdle” to proceed as a class, says Deborah Hensler, a law professor at Stanford University, adding that only 10 percent to 20 percent of cases filed as class actions are allowed to go forward.
At a Feb. 27 hearing in San Jose, Federal District Judge Lucy Koh considered whether to grant class-action status. (She hasn’t said when she will issue her ruling; the case is scheduled for trial in October.) Koh earlier denied Google’s attempt to dismiss the case by rejecting its argument that users agreed to the scanning when they accepted Gmail’s service terms and privacy policies and that non-Gmail users should have known their messages were being intercepted. Google doesn’t deny scanning e-mails.
The billions of messages at issue raise the possibility of an unmanageable amount of evidence over whether Gmail senders and recipients were aware of the automatic scanning, Google said in a court filing. The class action would “indiscriminately amass together virtually everyone in the United States with a non-Gmail e-mail account, along with large groups of the over 400 million people who use Gmail and Google Apps,” making it impossible to build and defend the case, the company said. At the hearing, Koh expressed skepticism about the non-Gmail users being part of the class and the court’s ability to adequately verify information in determining who is eligible to join the class. “We’re not a government agency of verifying birth dates,” Koh said.
Details about how Google scans messages are murky—key documents in the case are under seal or have been heavily redacted. But some privacy experts say evidence introduced at the Feb. 27 hearing is problematic for Google.
Plaintiffs’ lawyer Sean Rommel presented information about a device Google uses to intercept e-mails called the Content One box. Originally, the device was used in the Gmail storage system to intercept and scan e-mail traffic. Then Google discovered Content One could not extract information from unopened or deleted e-mails, or from e-mails accessed by phones or through Microsoft Outlook, Rommel said. So the company allegedly reconfigured the process in 2010 to capture user data before messages are delivered to the intended recipient, not after they are stored in a user’s e-mail account. “There is not a single disclosure in the record that identifies, alerts, tells anybody that there is an interception occurring,” Rommel said. At the hearing, Google’s lawyers did not deny the existence and use of the Content One box. The company declined to comment.
If that evidence is true, says Chris Hoofnagle, a University of California at Berkeley law professor, it strongly supports the plaintiffs’ arguments that Google’s conduct is illegal and violates federal wiretapping laws. “Stored communications get fewer protections,” he says. “But with live or unopened communications, courts are much more likely to interpret that as a wiretap.” It raises the question of whether Google is adhering to data-mining agreements that apply to many university employees at Berkeley and other schools whose e-mail programs use the Gmail service, he says. “It’s inappropriate to allow a company to generate knowledge from those documents,” Hoofnagle says. “I don’t think we understand how valuable the information is and the consequences of it.”