Judge Rejects Google Deal Over Email Scanning

March 16, 2017, 2:26 PM UTC
Photographed by Getty Images

A federal judge in San Francisco on Wednesday slammed a legal settlement that proposed to pay $2.2 million to lawyers, but nothing to consumers who had the contents of their email scanned by Google without their knowledge or permission.

In a 6-page order, Judge Lucy Koh told Google (GOOG) and class action attorneys the proposed settlement was insufficient, in part because it failed to clearly tell consumers what the search giant had done.

“This notice is difficult to understand and does not clearly disclose the fact that Google intercepts, scans and analyzes the content of emails sent by non-Gmail users to Gmail users for the purpose of creating user profiles of the Gmail users to create targeted advertising for the Gmail users,” Koh wrote.

The case is the latest twist in a long-running legal fight over whether Google’s email scanning practices amount to illegal wiretaps and a violation of California privacy laws. Even though this scanning is automated—and doesn’t amount to Google employees poking around emails—critics say the practice is akin to AT&T listening in on people’s phone calls or the United States Postal Service reading personal letters.

Google won a related lawsuit several years ago involving Gmail users who had signed up for the the service. The 2015 case is different, however, because it involves people who use other email providers—such as Microsoft (MSFT) or Yahoo (YHOO) —but whose messages are scanned without their permission when they send an email to a Gmail users.

Get Data Sheet, Fortune’s technology newsletter.

As part of the proposed settlement, Google agreed to change the way it scans incoming messages so that it no longer reads emails while they are in transit, but only when they are in someone’s inbox. The change amounts to a technicality but the company and the class action lawyers agree it puts Google in the clear as far as wiretap laws.

Judge Koh, however, said she’s not so sure about that. Her ruling claims the settlement does not provide an adequate technical explanation of Google’s workaround, which involves scanning in-transit emails for security purposes, and then later parsing them for advertising data.

“It does not disclose that Google will scan the email of non-Gmail users while the emails are in transit for the “dual purpose” of creating user profiles and targeted advertising and for detecting spam and malware,” Koh wrote.
The judge also added that another settlement last year, involving Yahoo’s scanning of emails, did not reflect the facts of the Google case.
The upshot is that Koh wants the case to proceed further and for the class action lawyers to push Google for recent documents about how the email scanning process really works. As the judge notes, the current settlement relies on documents that are three to six years old.
Any future settlement will presumably also have to do more to inform email users about Google’s scanning practices and, possibly, direct some of the settlement money to consumers instead of only the lawyers. Under the deal Koh rejected, Google would have paid $2.2 million to the attorneys, plus up to $140,000 in online ads to publicize the agreement.
Koh’s concerns reflect a sore point among many, including judges, who feel a long string of privacy settlements with big tech companies have done little to compensate consumers or improve privacy.
Google declined to comment on the ruling.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward