CNET también está disponible en español.

Ir a español

Don't show this again

Software

Is Google the future of e-mail?

Not necessarily, says CNET News.com's Declan McCullagh, who notes that there are more privacy-protecting alternatives to Google's controversial new service.

Google is hoping to convince us to use its forthcoming Gmail service for our lifetime e-mail needs.

Once signed up to the , every user gets a gigabyte of free Web-based e-mail storage. That's about 100 times the number of bits Microsoft's Hotmail accounts can hold.

It's a generous offer. But should we take Google up on it?

Right now, people who use Web-based e-mail can't squeeze that much in the cramped 4 megabytes or so that Google's competitors offer their nonpaying subscribers. What that means is that the impact of a security breach or privacy incident is sharply limited; your entire online life wouldn't be on public display in the case of one. With Gmail, on the other hand, you might have 20 years' worth of correspondence protected only by the thin shield of a password.

My concern is not about Google's management, who have been upstanding corporate citizens. They've maintained a firewall between advertising and search results, and have resisted the temptation to follow Yahoo's "paid inclusion" lead. Google has stood up to censorship and, in general, has alerted its readers when it's legally required to yank sites from its index.

Still, there are good reasons to be leery of Gmail, which requires you to trust the security of a computer system over which you have no control. If you keep your correspondence on your home computer, you can encrypt your old e-mail or squirrel it away on CD-ROMs that won't be accessible to a malicious hacker. That won't work, if everything's online.

In August 1999, a bug in a script used by Microsoft's Hotmail let anyone log in to any of 50 million accounts without typing a password first.
This is no theoretical concern. In August 1999, a bug in a script used by Microsoft's Hotmail let anyone log in to any of 50 million accounts without typing a password first. Yahoo has experienced its own series of embarrassing e-mail security breaches, and there is no reason to believe that Google will be any different.

If you're using Mac OS X or third-party utilities like , you can "" any file, meaning that it will be repeatedly overwritten until it's unrecoverable. But if you delete an e-mail message from your Gmail account, it may exist forever--remaining permanently accessible to police armed with a Patriot Act order or your spouse's divorce lawyer, wielding a . (Google refuses to discuss how many subpoenas it already has received for users' search terms.)

That's because Google and other Web-based e-mail companies back up their servers' hard drives, meaning that your e-mail may exist on an archival tape, even though you think it's gone. In its Gmail privacy policy, Google acknowledges that "residual copies of e-mail may remain on our systems, even after you have deleted them from your mailbox or after the termination of your account."

And there are the privacy issues. Gmail works by serving related ads on Web pages that display e-mail. Google's terms of service say its servers scan the content of e-mail messages with no human intervention and that "no e-mail content or other personally identifiable information will be provided to advertisers."

If you delete an e-mail message from your Gmail account, it may exist forever.
That's fine, and Google's current management seems trustworthy enough. But who will be running the company in a few years, and will they have the same views? Google has reserved the right to change its privacy policy any time it wants, something that likely would happen, if the company is bought or if it ever decides to sell Gmail.

For its part, Google says it is "committed to the highest standards of user protection."

"We consider ourselves a company that does no evil, and we take user privacy seriously," Wayne Rosing, Google's vice president of engineering, told me last week. "We have very strict internal rules, even among Google employees who are able to access confidential data. It would harm Google enormously, if we behaved badly with personal data. I don't believe we ever will."

While Gmail's initial version may not be for everyone, Internet users should still be able to make their own choices. Unfortunately, some regulatory enthusiasts are trying to ban Gmail, something that makes as much sense as outlawing compilers, just because someone might use them to create surveillanceware.

Last week, the U.K. group Privacy International filed a complaint against Google, saying Gmail violated European data collection laws. A few days later, it and other sincere but misguided activists wrote to Google, saying Gmail should be shut down or suspended. So much for preserving consumer choice.

The alternatives
If Google wanted to veer in a more privacy-protective direction, it could look to the intriguing model of Vancouver, Canada-based Hush Communications, which runs the Hushmail Web mail system. Unlike rivals, Hush encrypts mail sent between Hush users. It uses a Java-based technique that allows for only its intended recipient--and not Hush employees--to decrypt a scrambled e-mail message. If a subpoena arrives, or if a security breach ever happens, disclosure would be limited.

Hush offers 2-megabyte-limit free accounts and pay accounts, and it said 900,000 accounts have been created since its May 1999 launch. The company also lets users store files in an encrypted volume and this week plans to announce a feature that permits encrypted volumes to be shared among multiple users.

Hush's patent No. 6,154,543 covers some aspects of encrypted e-mail. The company said it'd happy to license it to Google. Originally, Hush Chief Technology Officer Brian Smith said, the patent was quite broad, but "we have narrowed the patent to apply only to e-mail and messaging systems. The modifications were accepted but don't yet appear" on the U.S. Patent and Trademark Office's Web site.

True, if the archived e-mail is encrypted, Gmail won't be able to search message bodies very efficiently, but users might be willing to give up that feature and even pay a monthly charge in exchange for additional security.

"We'll think about it," said Google's Rosing. "We don't have any explicit plans right now...If someone really needs to encrypt a lot of e-mail, maybe they should be putting that on their laptop. We're trying to provide a service that offers some utility to our users. If you change the service to take away all the value of the service, you're back where you started."

Maybe. But until that happens, would-be users of Gmail or any similar service should recognize that their so-called free e-mail comes at a price.