February 12, 2012

Stop the paranoia: it doesn't matter if Google reads our email

There’s been some recent buzz about how it’s bad that Google is “reading” the email of Gmail users. Google examines email algorithmically to power its targeted advertising in Gmail.

This practice would be worth worrying about only if email was otherwise secure (it’s not) and if it was likely to hurt users (it isn’t). Ironically, switching away from Gmail could reduce, not enhance, email security.

Microsoft pans Google for “reading” your email in this ad. But does Hotmail/Office 365 offer the features that actually make email safe, like two-factor authentication?

Secure email is a myth

Email is simply not secure. Messages are not secure in transit: the protocol used for sending email (SMTP) does not require encrypted connections, so it could easily be intercepted by a third party as travels over the internet. You also have no guarantees about the security of a recipient’s email client or server. A hacker could have surreptitious access to a recipient’s inbox, or curious IT guy could be reading through email on the server.

You also have no control over what someone does when they receive an email. One of the biggest realistic risks for email security is human error: accidentally sending or forwarding to the wrong person, inappropriately replying-all, etc. A sensitive email could be inadvertently left on the office printer.

Given all these insecurities, Google’s algorithmic email reading is the least of my concerns. I simply assume that any email I send could be read by a third party, and when I need to communicate about a sensitive topic, I pick up the phone.*

Focus on the realistic threats

It’s easy to see how a single email could fall into the wrong hands, but what’s the most likely scenario for your entire email account being compromised? There are a bunch of plausible options:

Google becomes evil and steals all your email to do X is not on this list because it seems absurd by comparison. Google’s business model relies on analyzing user data in order to target ads. It’s in Google’s best interest to maintain the trust of its users so they will keep giving Google their data.

Also, I can’t even think of what X is – what nefarious thing Google could do with my email that is in its interest and that would cause me harm? Google’s business model is not a zero sum game: they can use my data to target ads without hurting me. Contrast this to all the plausible scenarios above, where a malicious entity is trying to get access to email for personal gain (e.g. stealing from bank accounts or credit cards). That is a zero sum game.

Google is actually probably one of the most secure places to keep your email because it is in their best interest to keep your data safe, and they have tons of resources and good engineers to do this. They also provide tools like two factor authentication, default HTTPS access, and suspicious activity monitoring that make individual accounts more secure. Few, if any alternative providers offer all these features.

Paranoia is part of human nature

Human brains are not wired to respond logically to risk. For example, we are often more concerned about low-risk, high-consequence risks than more common dangers. The classic example of this is being afraid of airplanes but not being afraid of driving in a car.

Paranoia about Google turning evil and ruining its users lives by reading their email may be human nature, but the net result of worrying about this extremely unlikely (but admittedly very scary) scenario is probably worse email security.

Moving from Gmail to a different email service could result in your messages being stored on a less secure server with fewer security-related features. And the time spent getting your email set up on this new service would probably be better-spent mitigating more realistic dangers, like your laptop being stolen.

Never use gmail.com

With that said, I think it’s a bad idea to use a @gmail.com address (or any other domain name you don’t own). If Google – or your email service of choice – does turn evil or shuts down, at best you have to change your email address, and at worst they own a critical part of your online identity.

Google Apps is an easy, free way of using your own domain name with Gmail’s interface. This makes switching to a new email provider transparent to the people you correspond with.

* Phones aren't perfectly secure either, but I'd argue they are substantially more secure than email.


Comments? Please send me a message.

Subscribe via RSS or email.