Search


CRA TumbleLog

Archives
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
Archives by Category
American Competitiveness Initiative (45)
CRA (38)
Computing Community Consortium (CCC) (6)
Diversity in Computing (9)
Events (8)
FY06 Appropriations (13)
FY07 Appropriations (32)
FY08 Appropriations (8)
Funding (135)
Misc. (42)
People (67)
Policy (179)
R&D in the Press (56)
Research (45)
Security (20)
Recent Entries
NY Times on Women's Interest in Computing
Time on GENI
Innovation Briefing Event
NSF Reauthorization
Eugene Spafford Honored with ACM President's Award
Innovation Bill Moves Forward
CRA's Hiring
Innovation Funding Featured in House Budget Resolution
Announcing the Computing Research Policy TumbleLog
Innovation Press Conference and Hearing
CRA Links
Computing Research News
CRA-Bulletin
Computing Data and Resources
CRA in the News
Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online
Danger Room
Defense Tech
Freedom to Tinker
InsideHPC
Lessig Blog
Nothing is as simple...
Reed's Ruminations
Schneier on Security
Techdirt
UMBC eBiquity Blog
USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf)
Cyber Security R&D One-pager (pdf)
Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
Cybersecurity R&D (pdf)
IT R&D Funding (pdf)
Syndicate this site (XML)
Atom (XML)

Subscribe with Bloglines

Powered by
Movable Type 2.65

May 28, 2004

Regulating Gmail

As a Gmail account holder (peter.harsha), I've got mixed feelings about news that the California State Senate has approved Sen. Liz Figueroa's (D) bill placing restrictions on Google's web-based e-mail service in order to prevent, Figueroa says, Google from "secretly oogling private e-mails." While I'm happy on the one hand that government appears to be getting the message that privacy is an important issue -- one maybe not so well understood by most consumers -- I'm a bit nervous about the California legislature intervening.

I was especially nervous about Figueroa's original bill, which would have "forbid Google from secretly scanning the actual content of e-mails for the purpose of placing targeted direct marketing ads" and required the company to "obtain the informed consent of every individual whose e-mails would be 'oogled'." By "every individual" Figueroa meant not only the Gmail account holder, but any person who e-mailed a Gmail account holder, or (presumably) anyone whose original e-mail message may have been forwarded by a third party to a Gmail account holder. I was primarily nervous because it seemed to me that the hurdle this restriction posed would effectively kill Gmail, and I was kind of intrigued by the service (despite Ed Felten's objections). :)

Though the bill passed by the CA Senate (SB 1822) appears to have been amended heavily -- gone is the outright prohibition against scanning e-mail without consent for marketing purposes, replaced with language that notes the many legitimate uses of e-mail scanning (spam filters, translation into audio for the blind, automatic sorting and forwarding, blocking image ads and web bugs, stripping HTML for handhelds) -- the bill still notes that

In the context of electronic mail and instant messaging communications where electronic mail is scanned for purposes other than those [exceptions listed above], full and informed consent or notification of parties to the electronic mail communication is both appropriate and necessary.
The bill also places restrictions on how, even if granted consent, Google can make use of the e-mail scanning: it can only provide automated scanning to provide contemporaneous ads -- which I believe was Google's plan all along. But it also means Google can't keep, for any purpose, any information or "user characteristics" it gleans from my email -- even if that purpose might provide me some great benefit (I don't know what exactly...great deals on products I'd like? pointers to information I might find useful?). Don't get me wrong, I realize that there are plenty of nefarious things Google might be able to do with a monstrous database full of user data. But there might also be plenty of good things it could do -- things I might even want them to do -- in the future. This bill, it seems to me, would insure Google won't have an opportunity to innovate at all in that area. What I worry about with this CA Senate action is the same thing I was worried about in the Total (Terrorism) Information Awareness debate and the ongoing P2P filesharing debate: the act of locking down technologies because some uses might be illegitimate can kill areas of legitimate research and innovation (or send them underground). I really worry that the legislative hammer is just too blunt an instrument to tinker with these technologies. Rather than artificially constraining the technologies because there's a hypothetical chance they might be used for something nefarious, maybe the effort would be better focused on stopping those who are actually doing nefarious things.

Update: The San Jose Mercury News makes the same point about stifling innovation in an editorial.

Update 2: Gene Spafford sends an interesting e-mail with his perspective:

I think the best way to look at any of these issues is through the lens of the Fair Information Principles. They have been refined over the years, and enacted into the laws of countries around the world (including Canada). They also are consistent with standard ethics as practiced in a number of fields.

One of the standard ideas is that of informed consent. Information should be given only with consent, and then only after the uses of the information have been fully disclosed. Gmail doesn't do that -- if I send email to your gmail account, I have not been fully informed nor have I given consent. The California law restores that. You are correct that the law probably goes too far.

I think the TIA issue is addressed the same way. If you apply the fair information principles, then it was an unethical use of personal information.

Posted by PeterHarsha at May 28, 2004 12:30 AM | TrackBack
Posted to Policy