Will The Patriot Act Cost Google Business?

from the well,-thanks-to-fear-mongering dept

Tue, Mar 25th 2008 8:08am — Mike Masnick

The Globe and Mail is running a somewhat sensationalistic piece about a Canadian university, Lakehead University, that decided to start using Google's email system to replace its own buggy and frequently crashed offering. The problem? Fears concerning US data privacy laws, such as the Patriot Act, mean that professors are told not to send confidential info, including grades, via email. This has upset a number of professors who are protesting the use of Google's products. There are a few different points that are worth sifting out of this.

First is the question of whether US laws like the Patriot Act, are potentially harming US businesses, as foreign organizations choose not to do business with them due to the implications of those laws. Chances are likely that this is happening quite frequently, even if those fears are totally overblown with respect to reality. Of course, it's not clear why a company like Google doesn't just set up local servers in certain countries, like Canada, to deal with local companies -- and then consider those out of the reach of US laws and authorities. It would seem like a smart business move.

The second question, though, is whether or not the government is really sniffing through everyone's email. The article seems to imply that, thanks to the Patriot Act, the feds have open access to Google's servers. While you can understand the paranoia, that's a bit overstated. The article says: "Using their new powers under the Patriot Act, U.S. intelligence officials can scan documents, pick out certain words and create profiles of the authors." That's not accurate. Or, rather, it's leaving out huge parts of how this is done. The Patriot Act didn't just hand all of Google's info over to the feds so they can create profiles on anyone. I'm not one to defend the Patriot Act, which I think is a terrible piece of legislation, but it does no one any good to make false statements about what it has allowed.

The third question is whether or not Google's own ad displays next to email is troubling to a university -- which is a bogeyman I thought had been killed back around 2004. Given the cost (free) to the university, you'd think they'd understand the tradeoff. The "payment" is the ads. If it's such a problem, then the university is free to go spend however many millions of dollars on building its own system. Or, perhaps Google can offer up an ad-free version for paranoid universities.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: canada, data privacy, patriot act
Companies: google

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Fernando, 25 Mar 2008 @ 8:47am

we don't need no steenkin' Act of Congress
The Patriot Act didn't just hand all of Google's info over to the feds so they can create profiles on anyone.
And it didn't hand over all of America's telephone conversations, but most telcos fell all over themselves to give the feds unwarranted access to our phone calls. If Verizon lets the government have whatever it wants, it's not unreasonable to fear that Google will do the same.
[ link to this | view in chronology ]
AC, 25 Mar 2008 @ 9:14am

False Statements?
The article may omit a lot of detail about the the illegal wire tapping, but its claims are hardly false. Read here: http://www.eff.org/related/3488/blog, especially the March 10 WSJ Article about Hepting vs. ATT. "Officials quoted in the article acknowledge a massive domestic spying operation run by the NSA, and confirm that the program includes the wholesale copying of entire data streams by the telecoms..."

The only argument I see is whether the Patriot Act allows it or whether it's illegal, not whether or not it's happening.
[ link to this | view in chronology ]
Joe, 25 Mar 2008 @ 9:15am

This happens quite a lot
Living in Vancouver, I've seen this concern play out several times, such as recently when the provincial government considered using an American firm to manage patients medical records. That created a strong backlash based on privacy fears.

http://www.privacylawyer.ca/blog/2004/05/bc-privacy-watchdog-seeks-us.html

The general feeling here, and probably in other countries is that, justified or not, any information that passes through the US has all the privacy of a postcard.
[ link to this | view in chronology ]
Anonymous Coward, 25 Mar 2008 @ 9:17am

If companies are put at a disadvantage in their need to comply with US laws, if they are good laws, too bad. Financial institutions need to comply with money laundering laws, they would make more money by not doing so, but that isn't a good idea.

Our government has always been hooked into our communications networks, this is nothing new. Of course, now it has the technology to actually do something with it, so that does change the ball game a bit. Encryption? I have read reports that the NSA has the capability to intercept Skype, so even p2p isn't safe anymore.
[ link to this | view in chronology ]
Ernst K, 25 Mar 2008 @ 9:32am

The simple fact of placing the servers outside of the US may not be sufficient: The US Patriot Act in Canada
[ link to this | view in chronology ]
Jonny Rotten, 25 Mar 2008 @ 9:43am

Patriot Act allows it or...
If the Patriot Act allows it, why do the telecoms need retroactive immunity for helping the government? Oh yea, it was illegal for the telecoms to turn over all that info without a warrant presented. If the government can strong arm (scare) the telecoms into revealing so called private info, what chance does any company have against the George Orwell Bush system?
[ link to this | view in chronology ]
Anonymous Coward, 25 Mar 2008 @ 9:47am

Google does offer ads free versions to Edu
http://www.google.com/a/help/intl/en/admins/editions_spe.html
[ link to this | view in chronology ]
Roger, 25 Mar 2008 @ 9:58am

Confidential info
Why would you send confidential data via anyone's email? Do you think that the US is the only place where someone can intecept your email?
[ link to this | view in chronology ]
- Ben, 25 Mar 2008 @ 10:24am
  
  Re: Confidential info
  Any confidential information needs to be encrypted. This is relatively easy to do with gmail - See
  http://www.langenhoven.com/code/emailencrypt/gmailencrypt.php
  [ link to this | view in chronology ]
Jake, 25 Mar 2008 @ 10:18am

If Google's registered headquarters is in the United States, I think a case could be made that the US had a legal right to access any data that could be pulled up from their head office; the only way I can see to guarantee immunity from the PATRIOT Act to users outside the USA, if Google hasn't already done this, would be to split its various regional servers off into subsidiaries and decentralise their operation in a big way.
All the same, the CIA would need some very compelling reasons before they got permission to conduct covert intelligence-gathering operations against residents of neutral or allied countries; that kind of thing is extremely bad for diplomatic relations.
[ link to this | view in chronology ]
cutter892, 25 Mar 2008 @ 10:19am

Hilarious
This is too good. These people are worried about privacy in email!? Every security expert and hack wannabe will tell that email is the most insecure way of relaying information period. Well shouting it out loud would be real close. As for the Patriot Act and spying well anyone with a little know how can intercept and read email (China). Part of me believes it's more anti-America retoric then anything else. Are some of the fears founded? Probably but who's to say Canada or any other country is doing the same thing to us. We just have to realize that we don't live in a happy cuddly hold hands and sing kum-by-yah world. Every country is looking out for it's best interests.
[ link to this | view in chronology ]
DCX2, 25 Mar 2008 @ 10:23am

Patriot Act vs. Executive Orders
The Patriot Act is not what you should be concerned about, re: eavesdropping on email. It's actually the (secret) Executive Order that Bush signed several days after taking office (not 9/11) that permits the warrantless surveillance.
[ link to this | view in chronology ]
Tommy, 25 Mar 2008 @ 10:50am

Why not Google sell their email program in an academic format exclusively? I am a student at Michigan State, and our email service is below par. I think it would be interesting if Google were to make something like this, then tie it in with facebook. eh :)
[ link to this | view in chronology ]
Anonymous Coward, 25 Mar 2008 @ 10:52am

A university using Google as their email system? That's just asking for trouble. By doing so, you give up any and all control over your email, and have to rely solely on a third party (i.e. Google) to perform proper antivirus and antispam functions. I can understand if an aging email system needs to be replaced, but no organization like a business or school should be using a free email system like that. It just introduces a host of problems, as evidenced by this article. Granted, the paranoia issue is probably a non-issue, but there are other more serious concerns in this scenario. Either their network admins are very poorly trained, or the university's administration has not been properly informed about the problems and dangers of using a free email system.
[ link to this | view in chronology ]
CVPunk, 25 Mar 2008 @ 10:54am

uh huh...
"We just have to realize that we don't live in a happy cuddly hold hands and sing kum-by-yah world. Every country is looking out for it's best interests."

So, you are saying we should just sit back, relax, and not care that our rights are being stripped away? I believe that's how they got the Patriot Act passed in the first place right? "Give up your rights so we can protect your freedom".
People are such sheep.
[ link to this | view in chronology ]
Anonymous Coward, 25 Mar 2008 @ 11:23am

NSA wiretapping?

Is it "authorized" by the Patriot Act? Right or wrong, the justice department thinks so.

So you say, anyone can break the law-- but to that, I say it is much easier when the law has been made grey. Indeed, why break it when its boundaries have been replace by rubber?

Thus, it is not merely sensasionalist to say that "[u]sing their new powers under the Patriot Act, U.S. intelligence officials can scan documents, pick out certain words and create profiles of the authors."

IAAL.
[ link to this | view in chronology ]
Zach, 25 Mar 2008 @ 11:25am

No-ads on University email
At Arizona State we have a gmail based mail system that has no ads next to the messages. I'm not certain whether the school has paid for that privilege or that google offers the service in exchange for other intrinsic benefits such as more people using other google services.
[ link to this | view in chronology ]
- NW64, 25 Mar 2008 @ 11:46am
  
  Re: No-ads on University email
  We just got Google Apps at University of South Florida as well, our old email was pretty terrible. But like Az State, we don't have ads.
  [ link to this | view in chronology ]
chris (profile), 25 Mar 2008 @ 12:18pm

it's called google apps for your domain
they aren't using gmail like the free accounts that you sign up for.

http://www.google.com/a/help/intl/en/admins/editions_spe.html

i'm sure the service uses much of the same software and infrastructure, but it's not the same thing.

as for the guy that talked about not having control and spam and viruses, i have set up two instances of google apps for domains for non-profits that i used to work for, and the admin accounts that you set up have full control of everything. i set up the accounts, i changed the passwords and everything, google only set up the application.

i have also used gmail to centralize email from two unix shell accounts and my university email. one shell account, i had been using as my primary email account for 10 years. i was worried that i would have to abandon them since i was getting so much spam, but i forwarded both of them to gmail and i think one spam message has slipped through in two years.
[ link to this | view in chronology ]
Bobbknight, 25 Mar 2008 @ 12:46pm

Taps
It's the pipes, the pipes go through the USA, almost everything goes through the USA. If this were not the case, why did the NSA build their room in the AT&T building in San Francisco. Look how an IP packet goes one way and then another. And you know that the NSA has more than one room tapping into the internet, at more than one location.
All you need to do I look at where the 13 primary's are and you will find the locations of the NSA's taps.

We should all be wearing tinfoil hats (Real Tinfoil) I have one on under my touk.
[ link to this | view in chronology ]
Lucretious, 25 Mar 2008 @ 12:54pm

Can someone tell me what is so troubling about a 4-5 line box that is akin to a classified ad sitting on the side of the screen? Google ads are so ubiquitous that I don't even notice them anymore. Seems like a rather fair trade-off for an email service that has the functionality of Gmail......
[ link to this | view in chronology ]
Dean Landolt, 25 Mar 2008 @ 1:35pm

If it's such a problem, then the university is free to go spend however many millions of dollars on building its own system.

Methinks you're giving Google engineers a little too much credit here. It shouldn't be terribly difficult to roll out a working email solution. It's only been done eleventymillion times...

Of course, it may not have some of the sweet usability goodness of gmail, but it's not like they're for lack of options, not to mention the open-source alternatives...
[ link to this | view in chronology ]
Blaise Alleyne (profile), 25 Mar 2008 @ 2:07pm

Concerns at the University of Toronto as well
The Patriot Act is an issue at the University of Toronto (UofT) as well, where I am a student. UofT has an email policy that all correspondence between staff and students is supposed to be done between @utoronto.ca email addresses. Students and professors are supposed to use their university addresses, as opposed to personal address (like a gmail or hotmail address).

In my Software Engineering class last term, my prof discussed the Patriot Act's effect on this policy. There are some privacy laws in Ontario that affect data stored in jurisdictions with weaker privacy laws (such as the US, because of the Patriot Act). More importantly though, in terms of relevancy, he asked the class how many students were from out of the country. Half the class raised their hands. Many international students are from countries that the US might not have great relations with either.

As a Canadian, it is a concern when it comes to storing student information, or even storing client information at my business. I work at an I.T. consulting company, and we have a web host which we use for a wide variety of clients. Currently, that hose is in the US, but we're in the process of migrating to a Canadian host, largely because of the privacy implications of the Patriot Act. We want to be able to tell our clients that they are protected by Ontario privacy laws, rather than warn them of the implications of the Patriot Act.
[ link to this | view in chronology ]
Joel Coehoorn, 25 Mar 2008 @ 2:50pm

Canadian Law isn't all that great either.
The whole thing is quite funny: as bad as the Patriot Act is, even with it in place US data is still *more* private than most other countries, not less. If you are a US Citizen, your data is much less private than it was before the Patriot Act, but you're still better off than many other countries (and I mean democratic countries, not just dictatorships and the like). It's just that the political stink raised here, and the associated news coverage, has created a perception to the contrary.

Again, lest anyone think I'm saying different: The Patriot Act *is* bad for privacy. But not so much that when comparing US to other nations the US doesn't still come out pretty good in that area.
[ link to this | view in chronology ]
Anonymous Coward, 25 Mar 2008 @ 8:53pm

"professors are told not to send confidential info, including grades, via email" - they shouldn't be sending anything like this through email, regardless of who owns the servers.
[ link to this | view in chronology ]
Anon Ymous, 4 Apr 2008 @ 7:19am

google mail in academia or other corporate environments
To address your specific points:

1) "google set up shop elsewhere". I believe that US law makes executives personally responsible. So it's not just the data centre that has to move, it's the whole company. Ask the CEO of Bodog why he never sets foot in the US any more.

2) "open access". I can't comment, I'm not sufficiently familiar with the process. My observation is that the Patriot Act, secret warrants and other security legislation do not make me confident that the public would ever know the truth.

3) "ads". sigh. It's a sad reflection on a generation that so willingly accepts being subjected to advertising in every nook and cranny of their lives. No wonder TV advertisers can get away with in-band advertising (popups during the programs)

And you didn't even get to the real issues in the labour grievance filed by the Lakehead Faculty Union:

1) personal privacy: communications between student and professor are supposed to be private. *No-one* is supposed to have access to them. Period.

2) Academic work-in-progress: If two researchers are communicating about a research project, there may be unpublished results, speculations, untested theories and other material that shouldn't be accessible until results have been published. This can be a part of "academic freedom" which *the* sacred cow in academia.

And as the article points out, this trans-border data-flow problem (which has existed since the 1970s, btw) is not restricted to adademia. Corporate, proprietary information is also subject to examination. Our organization recommends that none of the "free" webmail services be used for anyhing important, including gmail and hotmail/live.

And if this isn't enough to make you paranoid, consider:

http://tradelawyersblog.com/blog/archive/2008/february/article/another-story-on-laptop- searches-by-united-states-customs-and-border-control/?tx_ttnews%5Bday%5D=11&cHash=9a4f49cf11
[ link to this | view in chronology ]