This is a post I wrote in 2014 following a previous post at the end of 2013. Self-explanatory, but the point about it at the time was that no one believed me when I was suspicious that Google was reading my emails, but now that everyone knows, no one cares. The post is from April 18, 2014.
Let me start with this news item from two days ago, Google admits it’s reading your emails:
GOOGLE HAS UPDATED its privacy terms and conditions, eroding a little more of its users’ privacy.
Google is so far unapologetic about its changes, despite having created some controversy. The bulk of the responses worry that Google is now able to read users’ emails and scan them for its various purposes.
In its terms and conditions the firm said that its users agree that information that they submit and share with its systems is all fair game. Its update, the first since last November, makes the changes very clear.
This I have known myself since last October. This is the report I sent to IT within the University:
I am doing a presentation on Tuesday next week and wrote the following note to the coordinator of the seminar:
This is the paper I will speak to which is an update on my previously published paper. I cannot believe how much things have evolved from then. I will also do a set of overheads which will help me keep track of where I am and might even be of use to those who come to listen.
Attached to it was my paper named nowhere other than in the paper itself:
The Use of Multiple Choice Questions with Explanations for Economic Assessment
This was the same title for a paper I had written in 2008 and put up on an academic website along with an abstract. But for the past five years the paper had simply been a paper that could be accessed but no one had. And then, a few hours after sending my note off to the coordinator of the seminar I received the following email:
Hi Professor Kates,
Hope you are doing well.
I would like to introduce myself as [redacted], one of the fastest growing research acceleration firm. We have been working with academicians from 35 of the top 100 universities across the globe including researchers from Harvard, Wharton, Stanford, MIT, NUS, and INSEAD.
We help researchers with Data Harvesting, Analytics, Visualization and Technology Implementation. As an organization, our primary focus is to increase research productivity, reduce research costs, and enable researchers focus on the most important facets of their research. You can read more about us here .
As we read through the abstract of research paper on The Use of Multiple Choice Questions with Explanations for Economic Assessment, we thought it would be a good idea to set up some time for a short call and explore how we can help you accelerate your research. Let me know a good time and we can schedule a call accordingly. I look foward to hearing from you.
I do not believe in coincidences, specially not one in a million shots like this would have been. This was, moreover, not just someone who had read my email but had been able to open my attachment, read its title and presumably anything else they chose to read within the contents, and then send me a follow-up email, all on the same day.
It’s not just the NSA and it’s not just our foreign enemies. My google account information is not just being shared but my attachments can be opened by total strangers. And the more I think about it, the more it burns me up.
I then had very helpful assistance from someone in our IT department who was as interested as I was in whether Google really was reading my emails and allowing others to read them as well. After quite a number of emails back and forth to each other, this was the final email sent to me.
Apologies for the delay in getting back to you.
I’ve had some ongoing discussions with Google Support and here is the summary. They say that a message that travels only within Google servers can’t be accessed in transit, so could only be seen by a third party if the sending or receiving account is compromised by eg. phishing.
However, they also say that their mailflow algorithms mean that an email sent from one Google account to another, even sent from a Google user to themselves, may leave Google’s mail servers and come back in again. In that case, messages travelling on the internet would be subject to the inherent insecurity of email.
I’ve done a quick search to find a good explanation of why/how email is insecure, and I think this one sums it up pretty well:
As I understand it, hacking of email in transit, by eg. packet sniffing etc, is thought to be pretty rare. But it’s possible. However, there’s no way we or Google can establish whether or not this has happened since it would have occurred out in the wild, on servers or connections to which we have no access.
Not only is it not “out in the wild” or “pretty rare”, it even turns out to be integral to the google mail (gmail) system and no doubt common. The fact of the matter is that you do not know who your emails are being diverted to or who is reading them or the attachments. And now that Google has said so in public, it burns me up even more.
Same for Facebook, Twitter, and every other form of social media as well.