shutterstock_115187173

sergign/Shutterstock

General


In an unusual move, Google is responding directly to former TechCrunch editor Michael Arrington’s allegation that it accessed his Gmail account to root out his source for a major story.

“A few years ago, I’m nearly certain that Google accessed my Gmail account after I broke a major story about Google,” wrote Arrington on his personal blog Uncrunched. “I certainly freaked out when this happened, but I never said anything about it because I didn’t want people to be afraid to share information with TechCrunch. But I became much more careful to make sure that communications with sources never occurred over services owned by the companies involved in the story.”

Google denies that charge.

“Mike makes a serious allegation here — that Google opened email messages in his Gmail account to investigate a leak,” Kent Walker, Google general counsel, said in a statement. “While our terms of service might legally permit such access, we have never done this and it’s hard for me to imagine circumstances where we would investigate a leak in that way.”

The allegation of snooping on user email accounts is especially sensitive for Google. Among other concerns and complaints, the company is currently facing a lawsuit over data-mining student emails.

Arrington’s allegation came shortly after Microsoft admitted to accessing a blogger’s Hotmail account to investigate suspicions that an employee leaked pre-release Windows software via email.

It turns out that Microsoft’s terms of service allows it to access user communication in order to “protect the rights or property of Microsoft or our customers.”

Moreover, the terms of service of Google and Yahoo’s free, hosted email services afford it similar privileges.

Arrington wrote late last week: “I have first hand knowledge of this. A few years ago, I’m nearly certain that Google accessed my Gmail account after I broke a major story about Google.”

The proof, he said, was that a former Google employee — who was his source and was apparently drunk at a party — approached Arrington and said he or she had been “shown an email that proved that they were the source” by people at Google investigating the leak. This email was sent from a non-Google email account to Arrington’s Gmail account, he said.

“The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account,” wrote Arrington. “A little while after that my source was no longer employed by Google.”

Arrington declined to comment.




12 comments
NBEE
NBEE

Dear Google: If you're not snooping on people's Gmail for whatever reason, put that in the terms of use. 


Until then, excuse me if I think that this denial is complete BS.

krkeegan
krkeegan

Wow Michael Arrington is still around huh?  I haven't seen anything worthwhile from him or his companies in ages.  Perhaps that is why these allegations are being made?

mbeckman
mbeckman

The most important takeaway from Arrington's ill-advised comments is that tech journalists need to thoroughly understand libel law. It's one thing to publish defamatory comments when you have the defense of "provably true" backing you. And even then the truth may not be enough to avoid a lawsuit. But to defame a person or company when you can't prove your claims is at best amateurish and at worst an indefensible civil tort. Michael admits he just "thinks" this is true. He doesn't have proof. That's reckless and makes the jobs of all tech journalists more difficult.

If Google is guilty, then prove it. Otherwise professionalism, and the law, demands silence.

thori
thori

I'm confident he was shown the e-mail contents and not the e-mail per se.


"The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account”


This is actually false. That's not the only way to have accessed the e-mail contents. Companies use other means to control certain things they employees do (for security reasons), and they are aware of it.

FF22
FF22

"Mike makes a serious allegation here — that Google opened email messages in his Gmail account to investigate a leak"

No, he didn't make _that_ allegation. But the fact that you (Google) tried to rebute a statement Mike didn't make, while not commenting the actual statement he did make, leads to the logical conclusion that he might not be so wrong with his accusations, after all.

Swift2
Swift2

@mbeckman  How do you feel about Snowden? I'm not sure that a corporation can be libeled by "almost sure." Mike knows click-bait and tabloid rules perfectly. I don't think they did do it, but it would be within their rights. They're tracking a leak. Why wouldn't they do something if its within their rights? Didn't the lawyers write that "Terms of Service" scam? Would it be Bad P.R.? Yeah. That "don't be evil" thing. 


Not saying that the column is true, I doubt that it would be. Arrington, you may have heard, exaggerates his importance. He is probably a public figure, and "defaming a corporation" in the United States at least is not the same as libeling a person. Freedom of speech goes to the reporter if he can prove plausibility. He's not saying Google is a slut and slept with your husband right on the floor at a party, he's saying "he's almost sure," which is there to weasel out, that Google looked at his male. He then gives the circumstance of his suspicion. Go ahead, sue. You'll lose.


NBEE
NBEE

@FF22  Yep.


It's logical to think that Google has the right to do this in their terms of service for a reason. That reason being, they will make use of this right. Otherwise why insist on the right? 

djm
djm

@FF22  wrong. That's exactly the accusation Arrington made:


"The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account."

FF22
FF22

@djm @FF22 You just refuted yourself by quoting Arrington. Bravo!


The point is: he said nothing about "opening email messages". He was talking about "accessing his account". Which is a far broader term and which accusation was actually not refuted by Google by any means. Guess why (not)?

ABAB
ABAB

@FF22 @ABAB@djm I agree that those two statements are not semantically identical.  We don’t know if they are intentionally obfuscating or if it’s just poor wording on the part of the lawyer.  They could have certainly made a more airtight denial.  My point is that there are plenty of simple scenarios where Google gets the message from the sending end as the leaker accesses their external email provider from Google’s corporate network on a company owned device.  The distinction here is that Google doesn’t need to access Gmail accounts in any way to do this since it’s on the sending end before the message has gone through any mail servers and even reached Arrignton’s Gmail account.

FF22
FF22

@ABAB @FF22@djm "I think "opening email messages" and "accessing his account" are equivalent in this case"

They're not. And if they'd would be equivalent, then why would Google need to rephrase Arrington's original statement, instead of for ex. just quoting it?


The obvious answer is, that they used a different term just because those two are not equal, and because they couldn't have refuted his original claims without lying. So instead they constructed a new statement of their own, and refuted that instead.


This is a well-know trick in public relations (also called beating the strawman), which is supposed to make it appear like if they'd deny the original statement, while in fact it does not.

ABAB
ABAB

@FF22 @djmI think "opening email messages" and "accessing his account" are equivalent in this case, though if we are parsing the statements NSA-style, you could technically access metadata like message headers without "opening email messages". Since Arrington claims that Google showed a copy of the whistleblower's message to the whistleblower and Google is claiming not to have accessed Arrington's account, my guess is that Google, like many other large companies, sniffs all traffic going in and out of its corporate network for confidential information and security threats, and the whistleblower made the mistake of accessing his external email account from Google's corporate network in an unecrypted fashion (either a non-SSL web session or plain old SMTP/IMAP).  Unencrypted web mail was pretty commonplace a few years ago when this allegedly took place.  The other somewhat less likely possibility is that Google logs all keystrokes on company owned devices, and the whistleblower was targeted when they used a company provided device to access their external email account to email Arrington.

Follow

Get every new post delivered to your Inbox.

Join 309,031 other followers