So this is how e-mail dies.
I’ve been using university-provided e-mail since 2002. Partly this was just because it was free and convenient, but there was also something more than that. I’ve consciously avoided forwarding my e-mail out of my academic account and into a commercial provider, like Yahoo or Hotmail or Gmail. I felt I could trust my university not to engage in undesirable practices like handing over the contents of my e-mail to government agencies (or marketing firms), blocking messages that are inconvenient for them, or otherwise compromising what is, fundamentally a private and highly personal part of my daily life. I trusted them in part because I am a client of the university, to the tune of several thousand dollars a year. When you use a free commercial e-mail account, the opposite is true: you are the product.
Universities have been increasingly unwilling to invest in their mail operations though, especially as budgets are squeezed. The sticking point has been handling of spam, which has become more and more difficult as the cost of sending a billion ads for 409 scams has fallen to just about zero.
The best spam handling systems work by observing e-mail patterns of millions of users, enough to catch, identify, and block each new spam wave as soon as it starts. One company, Postini, provides this filtering as a commercial service, and Harvard, rather than run (and constantly update) its own spam filters, has contracted with Postini to provide filtering. Last night they switched my account over to the new system, a Microsoft Exchange server with Postini for spam.
So why is this the end of e-mail? Because this means Postini reads all of my mail, every message sent to my primary account … and Postini is owned by Google. Now Google is dramatically better than most, thanks to their transparency report, in which they tell us that they received 5,950 requests by US government agencies for private user data in the past year, of which they complied with over 5,500. The fact that they actually review requests and occasionally deny them is remarkable. Still, it’s hard for us to know for sure how they strike their balance between their users’ privacy and their own legal safety.
There are other threats too. Google has recently seen a series of hacks by apparent agents of the Chinese Communist Party. They have a reputation for never deleting anything. They’ve also caught their own employees snooping on users.
Traditional e-mail mostly doesn’t have this kind of privacy problem. On the modern internet, e-mail is point-to-point, so there aren’t too many people who have a chance to inspect or record your messages … or at least it was. Now if you send an e-mail to me, Google will see it first. They’ll even get a chance to block it from ever hitting my inbox, if it gets classed as spam.
This isn’t really e-mail anymore. It’s GMail, or close enough. When everyone has GMail, GMail is more like the old-fashioned bulletin-board message systems, run by a single host where all the users have accounts. Like a Facebook message. (An oligarchy is hardly better, if none of the providers are accountable to their users.)
If Harvard is going to route all my mail through Google, then there’s hardly any reason not to forward my account to GMail entirely … and indeed precious little reason for Harvard to operate its own mail system at all.
If you’re sending me a private e-mail, I hope you’ll consider encrypting it to my public key. Otherwise, I can guarantee that Google is reading every word … and someone may be watching over their shoulder.