"Privacy" Policies


A few weeks ago, I blogged about a court that decided it's perfectly fine for your ISP to read your e-mail.

I hope you weren't counting on your ISP's privacy policy to protect you, either. Another intrepid blogger takes a look at terms of service agreements for major e-mail providers and discovers some startling statements. Doug Isenberg writes:

Under these policies, customers of the big three ISPs should not have any confidence that their e-mail accounts are entirely private. These policies certainly don't forbid the ISPs from monitoring e-mail; indeed, the policies seem to do just the opposite: They expressly permit the ISPs to do.

By contrast, Google, which has been cast as a privacy villain recently because of the targeted advertisements in its new Gmail service, has this to say in its privacy policy:

Google employees do not access the content of any mailboxes unless you specifically request them to do so (for example, if you are having technical difficulties accessing your account) or if required by law, to maintain our system, or to protect Google or the public.


NEXT: Philippine Pullout

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I also find it interesting that some here are hiding behind the government, tossing around phrases like “common carrier” and the like to protect their data.

    Want an ISP that doesn’t read your emails? Hire one (or encrypt). Want a courier that doesn’t open your boxes? Hire one. It’s really quite simple. And someone mentioned the US Postal Service, a government entity that is governed by a completely different ruleset than the private sector. Since it’s the government, it theoretically doesn’t have the privlege of reading your mail, without a warrant. A private entity has no such restrictions, nor should it.

  2. Andy,

    Although I completely agree with you that sending e-mail is like sending a postcard and has no expectation of privacy, I have to object to your statement, “…this means that any data on them is owned by the ISP.” I’m not a lawyer, but Copyright law would seem to contradict you on this point, unless the contract with the ISP specifically stated that they own all emails or transmissions that go through their servers. I wouldn’t even be surprised if most ISP Terms and Conditions of Use have language to that effect, but I’m also willing to bet that most people using email services don’t believe that’s the case. Usually, people consider what they write to be their “property.”

  3. IANAL, and obviously neither is Hanah. if required by law, to maintain our system, or to protect Google or the public has even more wiggle room than Mikey Moore* would require.

    The site http://www.google-watch.org has some interesting info.

    (*Note to readers from 2024: Mikey Moore was a fat moviemaker who was popular for a couple of years).

  4. Andy,
    Ok. Replace USPS with FedEx. They don’t open my package and if they do I change carriers, just as simple.

    That’s the point of this whole post, it’s informing us that these guys DO NOT protect your privacy. It goes back to that whole econ thing where markets are more efficient with greater information sharing. Hanah is sharing information so we can make informed decisions. In this case, the information is that Earthlink, MSN and AOL suck nuts when it comes to privacy, Google does less so, but has a loophole to suck through.

    I’d figure, of all places, Reason would be the last place where someone would flip out over a neutral statement of fact. There is little hysteria in Hanah’s post, just a warning. Hysteria would be a call to boycott/write a Congressman to make a law not a simple FYI.

    If Hanah posted that UPS opens your packages and reads your mail would you call that hysteria or would you thank her for helping you make informed future decisions?

    Thank you and keep up the good work Hanah (but don’t stop with the frivolity either).

  5. I’m with Mo. Whenever a private entity is criticized on H&R there’s a predictable dynamic.

    Post #1: Whoozit Corp. did something that many readers here might consider bad.
    Post #2: Whoozit Corp. is a PRIVATE ENTITY! How dare you criticize them! They have the right to make any policy they want! Let the market decide.
    Post #3: Obviously they do and should have the right to make their own policies. And the rest of us have the right to criticize those policies. Their policy, our critique of it, and your defense of it will all be fed as inputs to the marketplace of ideas, and then what happens happens.

    You’d think that on a libertarian forum Post #3 would be considered redundant, but apparently it’s still necessary.

  6. On this side of the Atlantic we have a very effective EU Data Protection Directive which prevents this type of outrage by private business. You might like to try it on for size. The notion that the market will provide adequate privacy is quaint to say the least.

  7. If people were interested enough in privacy to make it a shopping decision, the market would provide. Unfortunately, most people have either work or free e-mail accounts, so there’s no market at all.

  8. Unfortunately, most people have either work or free e-mail accounts, so there’s no market at all.

    How, exactly, is that unfortunate? Maybe it doesn’t result in the optimum solution as far as what you find important, but apparently most people consider the disadvantages to be not worth the price of an e-mail account. There’s no market for providers that provide absolutely private e-mail because most people don’t value their privacy extremely highly, at least in the high-volume situation that most e-mail providers are in. The e-mail situation we’re in today seems to be the one that most people prefer, at least until something happens to make it appear less “safe.” How is that a bad thing again?

  9. Wow, of all places, I figured Reason would be the one I could count on for a lack of hysteria on this. The email servers are private property, owned by the ISP; this means that any data on them is owned by the ISP. Since they own the data, email in this case, that means they can read it. Nearly all don’t. It’s not worth the hassle, though they may “scan” the emails, watching for spam and the like.

    I work for a large internet enterprise and we handle over 1M emails/day on the e-mail servers I run. I read emails occasionally, but only as part of trying to chase down spam, spam bounces and other errant emails.

    If you don’t want your email read, get PGP or other encryption scheme. If you don’t want to be bothered with encryption to keep your email private, don’t complain that it can be read. E-mail is like handing a total stranger a postcard to deliver (and this stranger hands it to someone else, and then he hands it to someone else, eventually reaching it’s destination).

  10. “or to protect Google or the public.” Protect from what? How?

    Contrast my a**.

  11. Andy:
    “this means that any data on them is owned by the ISP.”

    Does that mean your landlord has the right to go through your apartment and do anything they please? Why should the ISP’s server be any different?

  12. Andy – “The email servers are private property, owned by the ISP; this means that any data on them is owned by the ISP. Since they own the data, email in this case, that means they can read it.” This is not necessarily so. The phone company, for example, owns the lines and switching hardware, but that doesn’t mean your transmissions are their property. Nor can the post office read your mail at will simply because you’re using their services. IANAL, so I don’t know if the US courts have held ISPs to be common carriers, but things appear to be leaning in that direction, as long as the ISPs really act like CCs and don’t queer their pitch by exercising editorial control.

    gmailmaven – Yeah, no kidding. “To protect Google” could potentially cover almost anything.

  13. Sad news, but I’m not sure this is any big surprise. It’s been well-settled law for years that our phone logs belong to the phone companies, that electric utilities can share, voluntarily, share their billing records with police (e.g., to detect marijuana lamps).

  14. Answer: Encrypt your e-mail. A plain-text file on a server you don’t own (and travels thru any number of servers you don’t own) isn’t private.

    Hopefully you’ve all heard this before, but sending unencrypted e-mail is the same as sending all your mail on postcards.

  15. I wouldn’t call it hysteria, I’d call it knowing what you’re getting into. And I don’t think your ISP should be allowed to read your e-mail any more than FedEx is allowed to read documents you send through their service.

Please to post comments

Comments are closed.