I first learned about Google’s aggressive surveillance of sensitive communications in early 2013 when I was emailing an editor at TIME. He was editing my article, “Google’s Dance,” which was about Google’s deceptive business model.
By now you probably know about the model: Google pretends to be the ultimate free public library, when it is actually the ultimate surveillance machine, using dozens of free services to gather personal information about us and then monetizing that information.
I had an odd hunch during my exchange with the TIME editor that Google might be monitoring our emails. So I expanded the header of one of his emails to see what computer servers it had traveled through to reach me, and there is was: mail-da0-f48.google.com. His emails were being routed through a Google computer because TIME, like many other companies, was using Google business services to handle its emails. As far as I can tell, it no longer does, but that’s not the end of the story.
Over the years, as my research on internet influence has put me in touch with many prominent reporters and editors, I have continued to look at email routings, and I have been shocked to learn that emails to and from The New York Times, The Wall Street Journal, The Times (London), CBS, Salon, The Boston Globe, Slate, The Economist, CBC (Canada), The Guardian, The Huffington Post, The Hill, The Atlantic, The Verge, The Daily Caller, WIRED, The New Yorker, The Outline, Gizmodo, U.S. News & World Report, Quartz, VICE, The Washington Times, Vox, The New York Post, The Financial Times, and other investigative news organizations are shared with Google, not to mention the emails of hundreds of major universities (including Columbia University, New York University and UCLA), publishing houses (St. Martin’s), and even law offices.
Relatively few news organizations I’ve dealt with in recent years shield themselves from Google: The Washington Post, Politico, NPR, NBC News, Bloomberg News, Al Jazeera, the BBC, Reuters, Fox News, the Los Angeles Times, USA Today and Breitbart. Sometimes, though, such organizations still facilitate Google’s surveillance. ProPublica, for example, which does not share its emails with Google, embeds Google services on its web pages – Google Analytics, AdSense, and Google Maps. As ProPublica acknowledges, this allows Google to track visitors to its site, but the innocent-sounding disclosure fails to note, unfortunately, that the tracking occurs without anyone’s knowledge or consent. Why does ProPublica, which prides itself on having “no hidden agendas,” allow its website to be used for clandestine surveillance?
Then there are those mindless media professionals, such as the producers who contacted me from Frontline and PBS NewsHour or the editor who wrote to me from Fast Company, who don’t even bother using their corporate email systems; they just use gmail, apparently not giving the matter a second thought.
Worse still is how easy Google makes it for people to link their personal gmail accounts to their business accounts in a way that allows them to “send mail as that address.” When this happens, as I learned when I received an email from a Cornell University address, you see an institutional email address on the sender’s email (cornell.edu), but the emails are routing through Google servers – even though the institution itself has not authorized the linking. It’s not inconceivable that millions of people have linked their Google accounts to their business accounts in this way, feeding Google’s insatiable appetite for data under the imprimaturs of thousands of unsuspecting organizations.
Sometimes the information sharing is ironic – even disturbing. The Boston Globe recently published a powerful editorial calling for the breakup of Google, opening with the startling line, “Never in the history of the world has a single company had so much control over what people know and think.” But The Globe’s emails route through Google, and their website search is handled by Google. When I asked Jason Tuohey, Senior Deputy Manager for Digital Platforms to comment, he declined. He said I would hear from someone in their PR department, but I never did.
Pat Buchanan’s nonprofit organization, The American Cause, which has openly called for Google’s regulation, mindlessly uses gmail. Even Tristan Harris’ cutting-edge Center for Humane Technology, devoted to fighting internet addiction, runs everything through Google, the main company it’s fighting.
Recently, an editor at a major publishing house expressed interest in a book I’m writing about Big Tech, but I said I wouldn’t be comfortable sharing work materials with him when all of it was in turn being shared with Google, the main company I was exposing. He understood the problem, but said, “Hey, I’m just an editor here. I have no control over the decisions the business people make.”
That’s pretty much what Carole Cadwalladr, an investigative reporter at The Guardian and an ardent critic of Google, said when I pointed out that all of The Guardian’s emails were being shared with Google. Because Google Docs and Google Calendar are part of Google’s business package, when Guardian reporters draft articles or schedule meetings with whistleblowers, is Google capturing that information too?
Without whistleblowers or warrants, it’s hard to know exactly how Google uses this massive amount of sensitive information, but two former Google software engineers I’ve spoken to assure me that all such information is added to personal profiles and that the information in such profiles is used to build increasingly accurate predictive models. My own research quantifies the enormous power Google has to use such models to manipulate opinions and votes, and the company has also used the data it collects to penalize both individuals and organizations.
Like Facebook and other Big Tech companies, Google also shares the material it collects with unnamed business partners and government agencies, with many of its own employees, and, as The Wall Street Journal reported recently, with hundreds of outside software developers.
Setting the data issue aside for a moment, think of the value of simply being able to monitor reporters– to look deeply into ongoing investigations by the EU or the FTC, to collect sensitive information about competitors and possible acquisitions, to anticipate potential threats to the company. If I were running Google, I’d set up a team devoted to doing nothing but monitoring the communications of reporters and editors at major news organizations 24/7. Wouldn’t you?
Why are thousands of organizations so blindly sharing their private communications – not to mention documents, schedules, chats, and spreadsheets – with the largest data miner in history? Why do hundreds of universities embed the Google search engine into their websites, allowing Google to track all searches conducted on those sites?
They do so because Google makes it easy, cheap, and often even free for organizations to use its business services, while slyly misleading business users into thinking Google doesn’t use the data it collects; it’s Google’s dance again, now operating at the organizational level.
Google’s slick online materials assure business users that “the customer – not Google – owns their [sic] data” and that the company will never use those data “for any advertising purposes.” Purposes other than advertising are, notably, not mentioned. Google even shows you a picture of “Neal” (click “Learn More” under “Transparency”), who “uses special equipment to completely erase all of the data on old servers” – the implication being that Google protects your business’ privacy by erasing its old data.
Google claims the right to track everything you do, even when you’re on third-party websites that embed Google tools like Google Maps and Google Analytics. You’re told you can delete your data, but doing so just prevents you from accessing it, while Google still can. The company acknowledges that the internal deletion process can take six months and might be subject to further delays, but the real truth was stated bluntly by Google exec Tom Kershaw in 2015: “Never delete anything, always use data – it’s what Google does.”
To make matters worse, a former Google software engineer reminded me recently that you can’t possibly request that Google delete information it has about you if you don’t know it exists: continuous records of your location captured by your Android phone, recordings made in your living room by Google’s Home device, DNA data obtained from archives, or the real pay dirt: the models the company has created to predict your behavior, which are truly Google’s property, not yours.
Alternatives to Google services now exist that preserve privacy, but few people use them, and the sad truth is that the surveillance business model – Google’s invention – has become the new norm. Both AOL and Yahoo emails are now being monitored and monetized as aggressively as gmail, and no laws or regulations yet exist to protect the average user – or the average mindless journalist – from such surveillance.
Robert Epstein (@DrREpstein) is senior research psychologist at the American Institute for Behavioral Research and Technology. Epstein is the former editor-in-chief of Psychology Today and has published 15 books and more than 300 articles on internet influence and other topics. He is currently working on a book called Technoslavery: Invisible Influence in the Internet Age and Beyond.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.