A lawsuit filed in 2014 against Google has reignited the debate over the company’s controversial email-scanning practices. Represented by the Electronic Privacy Information Center (EPIC), two of the suit’s nine plaintiffs accuse Google of data-mining student emails sent and received through Google Apps for Education on Chromebooks.
They contend that Google violated student privacy laws by using email scanning to compile secret profiles of students and target them with ads. The plaintiffs seek class certification to recover damages for all Gmail users subject to the allegedly illegal practice.
The lawsuit raises concerning questions about the propriety of Google’s privacy policies as a whole, but the thorniest question is whether Google’s Chromebooks — affordable, web-based laptops that run Google Apps for Education — compromise students’ cyber security. Google’s sworn admissions in the lawsuit have many questioning whether Chromebooks are really just a snooping wolf in sheep’s clothing, compromising the privacy of millions of users around the world. Read on for answers to this question as well as details about the lawsuit.
Plaintiffs’ Argument: Google Apps and Devices Violate Educational Privacy Laws
The primary focus of the recent lawsuit is Google’s Gmail privacy practices, but two of the plaintiffs are college students at schools that adopted Google Apps for Education. The students claim that their universities required them to use Gmail once the schools began using Apps for Education.
Used by 30 million students, teachers, and administrators internationally, Google Apps for Education is a cloud-based productivity suite and the foundation for Google’s Chromebook. The plaintiffs contend that Google violated the Family Educational Rights and Privacy Act by scanning their Gmail accounts.
Synopsis of Google’s Data-Mining Practices
Google’s practice of scanning the emails of general Gmail users to target them with ad campaigns is not exactly a secret. Most consumers know about this data-mining and consent to it, albeit implicitly, when they register for a Gmail account. The problem is that, when the plaintiffs filed suit, Google was engaging in the same data-mining practices with student emails — students required to use the service as part of the Apps for Education and who did not consent.
You might wonder how Google could get away with this in the face of strict regulation on educational privacy. The company essentially found a loophole by disabling advertisements in Apps for Education by default but allowing administrators to turn them on if they wished. However, the student plaintiffs allege that although Google doesn’t advertise within Apps for Education, it still uses data mined from these apps to advertise through other channels.
Google’s Defense: Email Scanning Has Non-Commercial Uses
In response, Google concedes that it scans the incoming and outgoing emails of students and other users of Apps for Education, but it insists that it does not use the information collected therefrom to advertise unless customers agree to it.
Google’s email scanning software cannot be turned off, though, even if Apps for Education users opt out of advertisements. The company defends the practice by pointing out its non-commercial purposes, including spell check, virus protection, and prioritizing emails.
What’s disquieting is that Google will not comment on whether it uses student email data-mining to build profiles of Apps for Education users surreptitiously. The company’s silence validates the plaintiffs’ assertion that Google may be using the data to deliver targeted ads in services outside of Apps for Education, including Google+, YouTube, and Google search.
Google Has Changed Some Advertising Policies, but Are Chromebooks Any Safer?
After experiencing public backlash from the lawsuit, Google permanently disabled advertisements in Apps for Education regardless of whether administrators consented to them. Privacy advocates argue, however, that Google is a day late and a dollar short when it comes to protecting users’ privacy. Social media lawyer Bradley Shear believes that disabling ads in Apps is just a superficial, meaningless attempt by Google to pacify skeptics.
“Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube in a school setting,” Shear argued. “Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its terms of service and privacy policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?”
Shear’s point is that Google still mines data from Chromebooks, and it is still free to use that information to advertise to Chromebook users in other services. For this reason, speculation that Chromebooks are really just sophisticated eavesdropping devices persists.
The Chromebook: A Gold Mine for Spies and Hackers?
The selling point of the Chromebook is its cloud-based approach, and therein lies its Achilles’ heel. Chromebooks have very little internal storage, so almost everything that users put on them is stored in the cloud. Emails, documents, pictures, etc. are not safely stored on an internal hard drive; they exist only on Google’s servers.
Users then have very little control over who sees their private data, which is especially unsettling when you consider that the data dwell with what some regard as the world’s largest advertising company.
Google’s response to the public skepticism of the Chromebook’s security is that it is the “safest computer one can buy.” The company insists that its data-mining practices are completely transparent and that the Chromebook is as close to impregnable to hackers as computers can get. Whether consumers believe Google’s company line remains to be seen.
The recent revelations about Google’s unsavory collection and use of students’ information have inspired fear in the hearts of many Chromebook users about their privacy. In Google’s defense, anyone who uses Gmail is subject to these practices, but Google’s unbridled control of Chromebooks leaves users especially vulnerable to exploitative data-mining. It’s unclear just how much Google knows and exactly what it does with its intelligence, so consumers with privacy concerns are probably better off opting for a different laptop brand until we know more.