February 17, 2014

More Questions About Google Data Mining

Because I had recently posted about my concerns with Google Chromebooks, when Jonathan Pelto over at Wait What? posted something called "Are Governor Malloy’s new Google Chromebooks data mining our kids?" several people pointed me to it.

Seems that a lawsuit has been filed against Google for their privacy practices.

Pretty much any average Joe who uses Gmail knows that his email is being scanned so that Google can more accurately target ads. And that's their defense in the lawsuit that alleges that they are not properly informing people of the fact that they are doing it; everyone already knows.

But my concern is not with how Google is scanning my email. My concern is about my kids using Google products for school. Here in Cheshire we use Google Apps extensively. After I finally went out and bought Microsoft Office, my kids don't need it; Google Apps does it all, online; documents, slide presentations, spreadsheets. And when they are done with those projects they simply submit them online for their teachers to retrieve.

So it was with interest that I followed through Pelto's links and found that in searching through documentation submitted to the court by Google, an organization called Safegov.org reports:

Google Apps for Education... has a more ambivalent policy regarding advertising. While Google pledges not to serve ads to students without schools’ permission, its Google Apps suite, which is a repurposed version of Google’s Gmail and other consumer services, was designed from the ground up to include ad-serving as well as highly sophisticated user profiling and data mining capabilities. Google explicitly offers schools the option of enabling ad serving to student users of Google Apps for Education.

While we take Google’s word that it does not serve ads to its student users unless it has permission from schools, an important question that until now has gone unanswered is whether the targeting algorithms that power Gmail are still running in Google Apps for Education even when ad serving is turned off.

SafeGov has been searching for further evidence that would help to resolve one way or the other the question of Google’s data mining practices in Apps for Education.

Google’s own lawyers... confirm in a sworn public court declaration that even when ad serving is turned off in Google Apps for Education, the contents of users’ emails are still being scanned by Google in order to target ads at those same users when they use the web outside of Google Apps (for example, when watching a YouTube video, conducting a Google search, or viewing a web page that contains a Google+ or DoubleClick cookie).

The issue at stake in the case is whether Google has properly informed its users and obtained their consent for data mining and ad serving in Gmail and, by extension, in Google Apps for Education... Regarding Google Apps for Education... the lawyers state that schools which contract with Google to provide Google Apps “have a contractual obligation to obtain their students’ and end users’ consent to Google’s automated scanning”.

Google... acknowledges that its standard consumer privacy policy is an integral part of its standard Google Apps for Education contract. It is still possible that, in contrast to the situation described in the Google court filing quoted above, some educational institutions have managed to strike individual agreements with Google that do indeed “supersede” the standard privacy policy. If they exist, however, Google has curiously not chosen to make any such agreements public.

 In sum, then, we have learned from Google’s own statements that:
  1. Ad serving remains a standard option in Google Apps for Education,
  2. Even when ads are turned off (as they currently are by default) Google still data mines student emails for ad targeting purposes, and
  3. Google’s consumer privacy policy is incorporated in standard Google Apps for Education contracts.
Safegov.org also says that:

Although it does not yet offer to share the resulting ad revenues with schools that choose the ad-serving option, it has clearly left the door open to such revenue sharing in the future. Indeed, it is hard to see why Google would explicitly write the ad-serving option into its standard contract with schools if it did not hope one day to make ads for students a default and perhaps even mandatory feature of Apps for Education.

Interestingly, only colleges are mentioned in Google's filing. So what's the deal with K-12?

After signing out of my Gmail account I signed into my 7th grader's school account. And was reminded that Google now connects all the users on my computer. Even though I sign out, I'm still there:

You can see my son's account that he is now signed into on the top, but it still has me showing up underneath him. It's a multi-step process to remove users from the computer, that I can't get my kids to actually do, so we have four or five accounts all being connected by Google at any given time. I can only imagine what they are doing with all that information.

Anyway I was interested in the part that says "This account is managed by cheshire.k12.ct.us" since I'm now wondering if Cheshire is one of those "educational institutions [that] have managed to strike individual agreements with Google that do indeed “supersede” the standard privacy policy." So I clicked on the part underneath that that says "Learn more". And all I learned is that the school has access to my kids' stuff. Duh.

Then I clicked on the "Privacy" link and was brought to the same privacy page that I get to when I'm signed in with my personal account. On it, it says:

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:
  • With domain administrators
If your Google Account is managed for you by a domain administrator (for example, for Google Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:
  • view statistics regarding your account, like statistics regarding applications you install.
  • change your account password.
  • suspend or terminate your account access.
  • access or retain information stored as part of your account.
  • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
  • restrict your ability to delete or edit information or privacy settings.
Please refer to your domain administrator’s privacy policy for more information.

No privacy policy specific to Google Apps listed anywhere in the school literature or on its website.

So then I clicked on "Account" and found that my kid has two additional email addresses:

"No, I have no idea what those are," he tells me. Interesting.

The good news is that the school blocks the kids from using Gmail; they have access only to the Apps. And thus far, Google is only scanning email to target advertising. But why should we believe them now?

No comments:

Post a Comment

Comments are very welcome, but are moderated. Please keep in mind that this blog is specifically for dissemination of information that is free from political affiliation bias and uneducated fear mongering. Comments containing either will not be approved.

Additionally, although you may know me from Facebook, and I am not shy about who I am, because I do share personal experiences here I ask that you respect the privacy of my children by refraining from using my real name. Comments that use my real name will unfortunately not be published.

Subscribe to: Post Comments (Atom)