For companies that want data for marketing and other purposes, tapping into email is attractive because it contains shopping histories, travel itineraries, financial records and personal communications. Data-mining companies commonly use free apps and services to hook users into giving up access to their inboxes without clearly stating what data they collect and what they are doing with it, according to current and former employees of these companies.
Gmail is especially valuable as the world’s dominant email service, with 1.4 billion users. Nearly two-thirds of all active email users globally have a Gmail account, according to comScore , and Gmail has more users than the next 25 largest email providers combined. The data miners generally have access to other email services besides Gmail, including those from Microsoft and Verizon Communications Inc.’s Oath unit, formed after the company acquired email pioneer Yahoo. Those are the next two largest email providers, according to comScore.
Oath says access to email data is considered “on a case-by-case basis” and requires “express consent” from users. A Microsoft spokeswoman says it is committed to protecting customers’ privacy and that its terms of use for developers prohibit accessing customer data without consent, and provide guidelines for how data can and can’t be used. Neither company’s privacy or developer policies mention allowing people to see user data.
Google Got Mail
Gmail, which debuted in 2004, has a far larger market share than its top two rivals.
Percentage of email users who have an active account
Gmail
63%
%
60
50
40
30
Microsoft
21%
20
Yahoo
17%
10
0
2012
’18
Note: Numbers add to more than 100% because users can have more than one account; data from 2012 include desktop users only; data from 2018 include mobile and desktop
Source: comScore
Google’s developer agreement prohibits exposing a user’s private data to anyone else “without explicit opt-in consent from that user.” Its rules also bar app developers from making permanent copies of user data and storing them in a database.
Developers say Google does little to enforce those policies. “I have not seen any evidence of human review” by Google employees, says Zvi Band, the co-founder of Contactually, an email app for real-estate agents. He says Contactually has never had employees review emails with their own eyes.
Google said it manually reviews every developer and application requesting access to Gmail. The company checks the domain name of the sender to look for anyone who has a history of abusing Google policies, and reads the privacy policies to make sure they are clear. “If we ever run into areas where disclosures and practices are unclear, Google takes quick action with the developer,” a spokesman said.
Google says it lets any user revoke access to apps at any point. Business users of Gmail can also restrict access to certain email apps to the employees in their organization, the company said, “ensuring that only apps that have been vetted and are trusted by their organization are used.”
Google has contended with privacy concerns since it launched Gmail in 2004. The company’s software scanned email messages and sold ads across the top of inboxes related to their content. That year, 31 privacy and consumer groups sent a letter to Google co-founders Larry Page and Sergey Brin saying the practice “violates the implicit trust of an email service provider.” Google responded that other email providers were already using computers to scan email to protect against spam and hackers, and that showing ads helped offset the cost of its free service.
Google co-founders Larry Page, left, and Sergey Brin
Google co-founders Larry Page, left, and Sergey Brin PHOTO: ASSOCIATED PRESS; AFP/GETTY IMAGES
While some users complained the ads were creepy, people signed up for Gmail in droves.
Between 2010 and 2016, Google faced at least three lawsuits, brought by student users of Google apps as well as a broader set of email users, who accused it of violating federal wiretapping laws. Google, in its legal defense, emphasized that its privacy policy for Gmail said that “no human reads your email to target ads or related information to you without your consent.” Google settled one of the lawsuits; the other two were dismissed.
In 2014, Google said it would stop scanning Gmail inboxes of student, business and government users. In June of last year, it said it was halting all Gmail scanning for ads.
Meanwhile, Google in 2014 started promoting Gmail as a platform for developers to leverage the contents of users’ email to develop apps for such productivity tasks as scheduling meetings. A new Gmail version launched this spring adds a link next to inboxes to a curated menu of 34 add-ons, including one that offers to track users’ outgoing emails to report whether recipients open them.
Google says apps make Gmail more useful. Turning Gmail into a platform emulates Microsoft’s Windows and Apple Inc.’s iPhone, which attracted outside developers to make their software more useful to corporate users.
Attendees worked on their laptops during the annual Google I/O Developers Conference in May.
Attendees worked on their laptops during the annual Google I/O Developers Conference in May. PHOTO: DAVID PAUL MORRIS/BLOOMBERG NEWS
Google doesn’t disclose how many apps have access to Gmail. The total number of email apps in the top two mobile app stores, for Apple’s iOS and Android, jumped to 379 last year, from 142 five years earlier, according to researcher App Annie. Most can link to Gmail and other major providers.
Almost anyone can build an app that connects to Gmail accounts using Google’s software called an application programming interface, or API. When Gmail users open one of these apps, they are shown a button asking permission to access their inbox. If they click it, Google grants the developer a key to access the entire contents of their inbox, including the ability to read the contents of messages and send and delete individual messages on their behalf. Microsoft also offers API tools for email.
With Gmail, the developers who get this access range from one-person startups to large corporations, and their processes for protecting data privacy vary.
Return Path, based in New York, gains access to inboxes when users sign up for one of its apps or one of the 163 apps offered by Return Path’s partners. Return Path gives the app makers software tools for managing email data in return for letting it peer into their users’ inboxes.
Return Path’s system is designed to check if commercial emails are read by their intended recipients. It provides customers including Overstock.com Inc. a dashboard where they can see which of their marketing messages reached the most customers. Overstock didn’t respond to a request for comment.
FROM GOOGLE’S PRIVACY POLICY
The company’s privacy policy stipulates when it shares personal information:
We do not share your personal information with companies, organizations, or individuals outside of Google except in the following cases:
With your consent
We’ll share personal information outside of Google when we have your consent. For example, if you use Google Home to request a ride from a ride-sharing service, we’ll get your permission before sharing your address with that service. We’ll ask for your explicit consent to share any sensitive personal information.
Google’s Complete Privacy Policy
Marketers can view screenshots of some actual emails—with names and addresses stripped out—to see what their competitors are sending. Return Path says it doesn’t let marketers target emails specifically to users.
Navideh Forghani, 34 years old, of Phoenix, signed up this year for Earny Inc., a tool that compares receipts in inboxes to prices across the web. When Earny finds a better price for items its users purchase, it automatically contacts the sellers and obtains refunds for the difference, which it shares with the users.
Earny had a partnership with Return Path, which connected its computer scanners to Ms. Forghani’s email and began collecting and processing all of the new messages that arrived in her inbox. Ms. Forghani says she didn’t read Earny’s privacy policy closely and has never heard of Return Path. “It is definitely concerning,” she says of the information collection.
Matt Blumberg, Return Path’s chief executive, says users are given clear notice that their email will be monitored. All of Return Path’s partner apps mention the email monitoring on their websites, he says, and Earny’s privacy policy states that Return Path would “have access to your information and will be permitted to use that information according to their own privacy policy.”
Oded Vakrat, Earny’s CEO, says his company doesn’t sell or share data with any outside companies. Earny users can opt out of Return Path’s email monitoring, he says. “We are actively looking for ways to improve and go above and beyond with how we communicate our privacy policy,” he says.
Matt Blumberg, chief executive of Return Path, which collects data for marketers, says users of its email apps are given clear notice that their email will be monitored.
Matt Blumberg, chief executive of Return Path, which collects data for marketers, says users of its email apps are given clear notice that their email will be monitored. PHOTO: JENNI LILLIE
Return Path says its computers are supposed to strip out personal emails from what it sends into its system by examining senders’ domain names and searching for specific words, such as “grandma.” The computers are supposed to delete such emails.
In 2016, Return Path discovered its algorithm was mislabeling many personal emails as commercial, according to a person familiar with the matter. That meant millions of personal messages that should have been deleted were passing through to Return Path’s servers, the person says.
To correct the problem, Return Path assigned two data analysts to spend several days reading 8,000 emails and manually labeling each one, the person says. The data helped train the company’s computers to better distinguish between personal and commercial emails.
Return Path declined to comment on details of the incident, but said it sometimes lets employees see emails when fixing problems with its algorithms. The company uses “extreme caution” to safeguard privacy by limiting access to a few engineers and data scientists and deleting all data after the work is completed, says Mr. Blumberg.
Jules Polonetsky, CEO of the nonprofit Future of Privacy Forum, says he thinks users want to know specifically whether humans are reviewing their data, and that apps should explain that clearly.
How Earny asks Gmail users for permission to scan their email. Redaction by The Wall Street Journal.
How Earny asks Gmail users for permission to scan their email. Redaction by The Wall Street Journal.
At Edison Software, based in San Jose, Calif., executives and engineers developing a new feature to suggest “smart replies” based on emails’ content initially used their own emails for the process, but there wasn’t enough data to train the algorithm, says Mr. Berner, the CEO.
Two of its artificial-intelligence engineers signed agreements not to share anything they read, Mr. Berner says. Then, working on machines that prevented them from downloading information to other devices, they read the personal email messages of hundreds of users—with user information already redacted—along with the system’s suggested replies, manually indicating whether each made sense.
Neither Return Path nor Edison mentions the possibility of humans viewing users’ emails in their privacy policies.
Mr. Berner says he believes Edison’s privacy policy covers this practice by telling users the company collects and stores personal messages to improve its artificial-intelligence algorithms. Edison users can opt out of data collection, he says. The practice, he says, is similar to a telephone company technician listening to a phone line to make sure it is working.