After years spent communicating through its own email system, this summer the New York Times has placed all of its reporters on to corporate Gmail accounts. While these ‘corporate’ versions of Google’s email offering supposedly provide more privacy protection than the tech giant’s free standard accounts, the NYT’s staff could nonetheless find themselves in what NPR calls a “difficult legal position”.
The switch to new accounts means that emails sent to and from journalists will no longer be saved on the NYTimes’ server: instead, that information will now be stored by Google. Consequently the NYT will lose a certain amount of control over the emails and their content, meaning that the legal protection journalists are able to offer to their sources is significantly limited. Rather than going to the NYTimes to access information that a journalist has received, a US government official hoping to investigate a whistleblower would be able to bypass the newspaper and subpoena Google for the information. As the Wall Street Journal’s Julia Angwin explains “certainly our lawyers at a news organization are gonna fight to protect our emails. But, if they don’t fully control them technically, they can’t mount a very good argument… If Gmail is handling our emails, then we have to rely on them to mount our legal arguments.”
And Google has a complicated relationship with privacy rights.
Last week the company drew widespread criticism after it appeared to announce that people who sent emails to Gmail users had no “legitimate expectation” that their correspondence would remain confidential. Calling for the dismissal of a US class-action lawsuit accusing it of ‘data-mining’, Google issued a 39-page document in which it asserted that “Non-Gmail users who send emails to Gmail recipients must expect that their emails will be subjected to Google’s normal processes as the [email] provider for their intended recipients”. The document solicited widespread outrage and lead John Simpson of Consumer Watchdog to announce: “Google has finally admitted they don’t respect privacy… People should take them at their word; if you care about your email correspondents’ privacy, don’t use Gmail.”
This latest row over security has erupted just as Google’s relationship with the NSA is being closely scrutinized. The Internet company has insisted that it only hands over data to the government when legally obliged to do so – and it aims to make public those instances when a request for information has been made. However, many of these government requests come with a gag clause under the Foreign Intelligence Surveillance Act. Therefore if the government made an FISA request, news outlets that outsource their email system might never know that confidentiality had been breached.
The New York Times claims to have discussed these issues at length with Google, and is apparently satisfied that the security measures in place on corporate accounts and the precautions taken by journalists will be enough to protect sources. According to NPR, executives at the NYT feel that the threat from hackers is more significant than government investigations or interference, and from this perspective large email providers like Google provide the best protection. True enough, a recent spate of hacking attempts at CNN, Time and the Washington Post would seem to support the idea that news outlets face a serious privacy threat from hackers. However, it might be complacent to think that those companies that dominate the Internet landscape necessarily have the answers to the hacking problem. Facebook CEO Mark Zuckerberg, a man who knows a thing or two about the Internet, found that his Facebook account had been infiltrated on Monday by a blogger trying to draw attention to a bug.
Whatever the guarantees offered by Google, news outlets can never be too careful when it comes to entrusting an outside party with their private communications. Online security can escape even the biggest and the best Internet companies.