Is it right for Yahoo! to snoop on your emails?

by , Assistant Computing Editor Technology 24 June 2011
VN:F [1.9.22_1171]
5 - 7
avatar

Yahoo! Mail plans to snoop on your emails. Accepting its updated T&Cs give it the right to read your messages and target relevant advertising. Would you be happy if your emails were analysed in this way?

Yahoo! logo through magnifying glass

It’s eight in the evening, you’re juggling a glass of wine and a sneaky fag in one hand, while emailing away with the other. You’re venting to your best friend about the latest slings and arrows of outrageous fortune to have befallen your life; secure in the knowledge that nobody’s eavesdropping on your conversation.

Well, before you raise your glass in a congratulatory toast at this self recognition, you need to revisit that last comment, especially if Yahoo! Mail (Yahoo!) is your email service provider.

Why? Because Yahoo! Mail, Which? Computing has learned, is currently in the process of updating its terms and conditions to allow it to read and analyse its customers’ emails and messaging content.

Yahoo! Mail’s updated T&Cs

The world’s largest email provider has said that if you agree to its Additional Terms of Service (ATOS), you’re giving it your express permission to scan and analyse the content of any electronic correspondence sent by your account.

Why is it scanning your emails? In short, to target relevant content and advertising – this is something the email provider lets you opt-out of, but not the scanning itself.

To a certain extent we have no issue with this, if consent is being given freely. The only thing we would say is make sure you read the T&Cs, because if you don’t you’re in for a nasty shock. We do, however, have an issue with Section C. of the ATOS, which states:

‘By using the Services, you consent to allow our automated systems to scan and analyse all incoming and outgoing communications content sent and received from your account (such as Mail and Messenger content including instant messages and SMS messages).

‘If you consent to this ATOS and communicate with non-Yahoo! users using the Services, you are responsible for notifying those users about this feature.’

In other words, it’s saying that it will go on to do the same with any emails sent to your inbox, even if these senders have not given their express consent for this to take place (as they may not use Yahoo! Mail).

Can senders really give consent?

Yahoo! also says it’s apparently down to you to notify senders that their emails are now being analysed, which implies that once this has taken place senders have given their consent. Obviously, we have concerns with this, our main one being whether it’s even possible to get consent vicariously?

We’ve put a few of these questions to the Home Office and will update you as soon as we hear from it. In the meantime, if you object to Yahoo!’s new terms, we suggest you switch to a different email provider.

62 comments

Add your comments

avatar

dean

If this is announced in the same way as on here, I predict many users to jump ship asap.

I don’t know anyone who purposely ticks the box to say “send me promotions etc”, now they can just bombard you according to what you write in your email?

Surely this is snooping and a gross invasion of privacy

avatar

gail

DISGRACEFULL Should not be allowed. Whose going to talk to yahoo users now. They may loose out big time in the long term.

avatar

iJohn

So, they are just catching up to what Gmail have been doing since day one.

Also, since all mail goes through their servers, you think they couldn’t scan it already?

avatar

wavechange

What do you expect if you use a free email account? It has to be paid for in some way.

If you want privacy, expect to pay for the service. Hopefully, Internet service providers don’t do this because their email service is part of the package paid for by the user.

avatar

dean

Well, you just don’t know do you? Seeing as all of our browsing data is sold to market research, who’s to say that they don’t do that with email already?

avatar

Sophie Gilbert

That’s me closing my Yahoo accounts forthwith!

avatar

Unsure

At first I was worried about the sent emails bit, but then I think Gmail does this as well. Their privacy policy reads:

“Is Google reading my mail? No, but automatic scanning and filtering technology is at the heart of Gmail. Gmail scans and processes all messages using fully automated systems in order to do useful and innovative stuff like filter spam, detect viruses and malware, show relevant ads, and develop and deliver new features across your Google experience. Priority Inbox, spell checking, forwarding, auto-responding, automatic saving and sorting, and converting URLs to clickable links are just a few of the many features that use this kind of automatic processing.”

So I don’t think Yahoo does anymore than that. Senders don’t really need to give consent because it’s just automatic scanning – noone’s actually reading your emails. It’s just keyword stuff. And since you can opt out of the targetted advertising… what’s the problem? Yahoo has your emails anyway, they can pass them all over to the police if requested. In this case it’s just automatic scanning for keywords for ads… gmail does it too.

Hi Unsure,

The issue here is not with Yahoo! Mail scanning and analysing my email for behavioural marketing purposes. After all, I’ve accepted its terms and conditions and so, in theory, I consent to this activity.

But what about the rights of those people who email me, and who don’t want their emails ‘read’ in this way? As it stands, they have no choice but to accept that a service provider who they have no relationship with whatsoever is reading their emails, and no doubt collecting and storing their personal data for who knows what.

You say: ‘it’s just automatic scanning for keywords for ads… gmail does it too….’ but that doesn’t make it any more paletteable. No one really knows just how this data is going to be used in the future.

avatar

dean

And certainly something that needs investigating.

Companies say “we don’t sell your data to anyone”, well yes, they don’t sell our exact details, that’s done by the hackers of PS3′s and all other hackees this month, they sell our activity.

As in, what we do, what we like and what sites we visit. Pretty much every click on the internet is tracked by someone.

We, as consumers need to know exactly what details they are selling to 3rd party market research companies, time for Which? to investigate

avatar

Carbonize

“But what about the rights of those people who email me, and who don’t want their emails ‘read’ in this way?”

Email is the same as snail mail. It has been sent to you and has therefore become your property to do with as you see fit. In this case you have given permission for Yahoo to scan it.

Your email is already being scanned to detect spam and yet I don’t hear anybody getting in an uproar about that.

avatar

Barry Blakesley

Yahoo must know that it is impossible to warn every one who knows your email account that any email they send will be subject to snooping.
What worries me far more is is the extent to which snoopers (Yahoo and/or Google) have the potential to profile all of the senders as well well as the recipient. From the combined knowledge of both senders and recipient, it becomes possible possible to build up a far more extensive and accurate profile (activities, interests etc.) of the recipient. It does not have to stop there – the snoopers can then build ever-better profiles of all senders (regardless of whether or not they are the snoopers’ clients [and the snoopers will argue argue that they have the senders' implied consent]).
It is only a matter of time before official government snoopers and criminals of various kinds decide to raid the snoopers’ databases whether by law, hacking or bribery & corruption.

avatar

Sanjay

Much ado about nothing. Google does the same thing routinely.

avatar

Sophie Gilbert

How does Google doing the same thing make the practice more acceptable?

avatar

Bernard Williams

This E Mail will be my last on this service, this is my response to Yahoo.

avatar

Carbonize

And what you going to do? Move to Gmail?

avatar

A17

Which? should be raising this with the Information Commissioner under the Privacy and Electronic communications regulations rather than the Home Office.

Hello A17,

The Home Office is responsible for the Regulation of Investigatory Powers Act 2000 (RIPA). As I understand it, under RIPA it is currently an offence to intentionally intercept communications without lawful authority – this includes the interception of e-mails. We are seeking clarity on this position.

avatar

Carbonize

Just like the recent Twitter posts regarding that footballer Yahoo is an American company and not subject to British laws.

avatar

Brian Andrews

Unfortunately there seems to be insufficient information as yet to answer all the possible questions, but equally comments such as ‘Google already do it’, don’t really move the debate forward either. It would appear that there are several issues intertwined here, including…
1) auto scanning
2) accepting T&C changes
3) sender privacy

With respect to AUTO SCANNING, then my own view is that this is probably OK, provided it is not available for routine human scanning as well, and is only ever used for the benefit of the User (eg. spell checking, virus detection, etc). There are many valid reasons why content could (should?) be scanned, provided – and that is a major condition – that the information is not made available to others, except under a legal requirement.

CHANGING T&Cs is something that will always occur from time to time in any major organisation, and again in itself is not unreasonable. However if the new terms contain chnages to privacy issues, restrictions, etc, that could adveresly impact the User, then these need to be fully explained well in ADVANCE of the new conditions being enacted. Additionally, any OPTIONS (ie. to opt out) need to be extremely clearly laid out. After that it’s just a matter of personal choice, although I doubt that many people will see a huge need to self-target themselves for yet more advertising mail!

The issue of INCOMING messages is however something else entirely. Whilst auto-scanning is fine (subject to the same limits mentioned earlier), the concept that the data within that email could be used without the Sender’s direct consent, is surely a very (dark) grey legal area? Implied consent from the account holder is the flimsiest of excuses for a probable transgression of several telecommunications acts, including I suspect, RIPA. It is not fully clear who would be targetted in this scenario, but if that were to be the Originator, then I forsee some extremely interesting court action ahead. And I for one won’t be emailing anyone with a Yahoo account!

avatar

chris

Google ‘do it’ BUT you can opt out of all this ad targeting rubbish and theres an add-in for Firefox that disable the analytics cookies, provided by Google.

Whers Yahoo’s?

Please let us know when you find it, first thing I’ll do.

(I’ve opted out of sumut, but its unclear what !!!}

Chris, hi.

You’ve opted out of receiving ads based on your browsing activity. You have not opted out of having all your electronic communications ‘read’. You either accept Yahoo! Mail’s ATOS and continue to use the service or you find another email provider.

avatar

John Marr

This is the “catch” point that might make the terms illegal. A person might have e-mails incoming and archived e-mails, but Yahoo is deying acces to both UNLESS one agrees to allow Yahoo to hack them. Thus, one is being coerced into agreeing to onerous terms, not just being invited.

avatar

John Marr

Could someone please explain how one can efficiently (instantly?) remove archived folders of e-mails from Yahoo’s posession and store them offline? I have invoices going back a decade, legal correspondence, and research communications. I probably couldn’t do it fast enough avoid having them all hacked by Yahoo while I’m tranferring them, or could I?

Thanks very much!

avatar

rchivist

I think there is an export facility – but I can’t check – I’m now shut out of the webmail interface because I refused to sign up the new Terms and stayed with Classic Mail (I’m a BTYahoo! mail user). Search for “import/export” in the help and see if you can find anything.

Alternatively you may just have to forward them all to a new address and then delete – and don’t forget to delete from Trash when you have fnished cleaning out the account – it all goes in there after being deleted from the other folders.

UK Interception of Communications Commissioner still has an outstanding complaint from me about the basic Yahoo Terms of Use but I don’t think he is very keen on ruling on it – he tried to ignore it when he replied to me last.

avatar

john.mccolgan

I deal with this invasion of my privacy in the only REALLY EFFECTIVE WAY. If you receive e-adverts aimed at you based on your surfing habits then simply don’t buy from these companies. If the post office opened your private mail and then sold the info to advertising agencies there would be an outcry in Parliament.

Make a point in dropping an email to the CEO of these companies that you will not deal with them because of their invasive intelligence gathering methods.

Simples. Take note John Lewis, Ebay and Zoopla to name but three

avatar

Colm

I wonder if this will apply to BT? Thanks for the warning, I won’t accept the T&Cs. But chnaging email is a pain.

avatar

wavechange

You are paying BT for their service, so hopefully you will not have any problem. Companies that provide free services aim to make a profit so it’s not surprising that they use automated systems to target advertising.

When changing an email account, keep the old one active for a year or two until everyone is using your new email address, but always send messages from the new account.

avatar

Wm

>You are paying BT for their service, so hopefully you will not have any problem.
Except that btinternet mail is provided by Yahoo.

avatar

George

Colm and Wavechange raise whether because we pay BT for the Yahoo-based email service – it’s far from free – we will be exempt from Yahoo’s unacceptable behaviour. However I do wonder if this gizmo hasn’t already been implemented as I’ve had ads on BT’s webmail page that relate to my mailings recently. Have BT snuck in a terms change?
Interception of communications always used to be a big no-no: there were no get out clauses.

avatar

wavechange

Sorry to hear that. My Internet Service Provider does not do that. I won’t recommend it because it is regional and has more than its fair share of deficiencies.

avatar

Alan Wenman

No, no, no, NO! No amount of deft, esoteric and adroit debate will change the fact that communication between people must be private. It is an obscenity that the so-called ‘free-world’ has prided itself on confounding the activities of totalitarian states, only to toss away it’s principles in concessions to the denizens of the business world.

Privacy can be defined as: the state of being free from intrusion or disturbance in one’s private life or affairs. I will not have my conversations intruded upon and my life disturbed by unwanted and unasked for advertising.

It appears that a new bill of rights is required to limit the activities of organisations that are determined to make their own rules in defiance of the valid wishes of the community.

avatar

Richard

I scanned this thread rather quickly and may have missed this point, apologies if it was made already. Yahoo also ‘manages’ the email systems for both BT and AT&T. So I bet digging away into their small print finds they are doing the same with their subsidiary email accounts. On past sneaky performance of BT it wouldn’t surprise me. When I got my first broadband connection with BT, installed all the software and without any warnings found my system was full of Yahoo nonsense, which if nothing else hogged resources. It took over 2 hours registry hacking to clear the stuff, partly because its designed to run as a rootkit.

I suspect Yahoo will get away with it, as a multinational can’t be touched by UK legislation!

avatar

Richard

Just to add, somebody pointed out gmail also do this, however if you manage your gmail through a third party package like Mozilla Thunderbird configured as an IMAP client your privacy isn’t compromised.

avatar

Richard

Yahoo are an American company, is this advertising targeting simply a PR smokescreen to cover checks for criminal and terrorist activities too. No doubt would be strongly denied for Yahoo board, but I bet Dept of Homeland Security has their fingers in this pie.

Come on Wikileaks where are you when the public really needs your help!

avatar

Francis

I’d like to see a definitive answer from anyone who knows, on whether bt and at&t are automatically imposing this yahoo condition on their paying customers , without informing them.

avatar

Brian Andrews

Sorry Francis, I don’t have the requested definitive, but my understanding is that to use any personal data other than for the purpose collected without specific permission, is a defined breach of data protection regulations. Information within a private email is considered ‘data’ as far as the legal process is concerned.

BT came close to being hauled before the courts a couple of years ago over their ‘trial’ of a data mining programme called ‘Phorm’ (previously known as ’121 Media’), which had to be very quickly curtailed. As such I doubt that they, or anyone else within the UK, will attempt again to introduce such a system without individual consents – even if only an ‘opt out’ clause as per Yahoo. To do otherwise would be likely to end with a significant penalty.

Of course, those organisations with no specific UK presence would potentially be able to circumvent such legal safeguards.

avatar

Robert

Francis wrote: “I’d like to see a definitive answer from anyone who knows, on whether bt and at&t are automatically imposing this yahoo condition on their paying customers , without informing them. ”

BT initially published identical Terms to Yahoo, but then modified them as customers complained. It is currently unclear what they are actually doing, although they do admit to gathering and analysing information from the content of customer emails, in order to provide relevant features and content for the “services”. Their Terms can be seen here http://info.yahoo.com/legal/uk/bt/terms/mail/atos.html with the relevant paragraph at 2.6. That paragraph has undergone at least four changes since July 26th 2011. It should be compared with the relevant Yahoo UK! (an English registered company by the way) terms here http://info.yahoo.com/legal/uk/yahoo/mail/atos.html and here http://info.yahoo.com/privacy/uk/yahoo/mail/beta/details.html although some BT email customers are still being referred to Yahoo! conditions. Two relevant threads on the BT customer forums can be found here http://community.bt.com/t5/Other-BB-Queries/Yahoo-snooping-on-personal-emails-BT-too/td-p/196175 and here http://community.bt.com/t5/Other-BB-Queries/Yahoo-Mail/m-p/262067#M7766 I have written on this matter here on the NoDPI blog https://nodpi.org/2011/08/13/bt-still-hooked-on-the-snooping-habit/

avatar

keith hodges

and watch out for microsoft…they have just announced (quietly) that they plan to use skype intrusion so that they can record / watch .intercept your conversations in technicolour…

I set up a firefox browser for fun to run with max protection and user choice..only problem is that I can’t get on to any sites without a lot of hassle!!

Basically all this stuff should be protected by international law.. the consumer should have to positively ask for these additional ‘services’.

avatar

John Freeman

I found this customer service reply to queries about this issue on the BT web forum (http://community.bt.com/t5/Other-BB-Queries/Yahoo-snooping-on-personal-emails-BT-too/td-p/196175/page/2). It doesn’t realy address the specific concerns raised.

Has anyone at Which? asked BT about this matter?

Re: Yahoo snooping on personal emails – BT too?
[ Edited ]

on 28-06-2011 21h02 – last edited on 29-06-2011 8h19 by Moderator DeanM

This is a reply I got from the BT Customer support ‘People’.

Thank you for your e-mail dated 25th June, ’11. [EDIT]. As I gather from you are email you are concerned about snooping of your private emails. I do understand your concern and assure you that I would try my best to provide you with relevant information to resolve the issue.

As per your request, I am sending you all the information through this email and would request you to please check for that. I can assure you that nobody can access your emails unless you share your password because BT at any cost does not share their customer’s information with anyone else.

However, if you are still concerned about the security of your account, I would request you to change the password of your email account as well as change the answers to the security questions which would definitely help you to resolve your issue.

If there’s anything else you would like to know, please try our help pages online at http://www.bt.com/help. You can also see the various ways you can contact us if you do need further assistance. Many technical problems can be immediately fixed using our desktop help tool. This free tool helps you sort out most common broadband connection and email problems, keeping you connected when you need it most. You can download and start using it now by accessing http://www.bt.com/help/broadbanddesktophelp.

Thank you for using BT Broadband Technical Help

*********************
Digital Care Team

Hi John,

Thanks for your comments. We are on this and are hoping to post a follow-up article sometime next week. BTW, the original article that this post derives from is going up online today. I’ll post a link and some more info later today.

avatar

gail

Snooping seems very popular at the moment !!!! We should be allowed privacy.

avatar

jay

Do I care — NO I DO NOT – ANYONE IS WELCOME TO THE C*** I READ AND WRITE . waste your time FOOLS

avatar

Tension Span

Oh, geez. ALL Internet activity should be assumed to be non-private! It’s been like that for ages, and is plain common sense. Ever hear of Menwith Hill, GCHQ or Echelon? Well, if you got a computer, why not use it for some self-education, instead of trivialities?! T&C’s cover the corporations, not the users, peasants or ants. This is NOT news! Yet, what’s the real thing here? They seem to be testing the water. You see, surveillance is now SO commonplace, that they expect us all to roll over and accept it as a matter of convenience. Ever read the documentation that proved Facebook was a Nothing until it got some serious funding and development by the CIA? You think I’m making this up?! I bet you do. Clueless populations = easy meat. And I don’t just mean the Internet. Look around you.

avatar

Kelly

International law is quite specific…. it is illegal to intercept any communication without lawful reason.
Scanning for targeting advertising is not legal.

IF Yahoo! and Gmail are already practising this behaviour are guilty of illegal practices.

The EU also has made it plain that an Opt IN system is mandatory by directive.
Yahoo! again breaks this code by an Opt Out and (Legally) unfair Terms and Conditions.

The Terms and conditions are unlawful in that they also break the EU Rule of a right to a private life.

avatar

Brian Andrews

Sorry Kelly, but unfortunately this isn’t quite so.

Despite the phrase being used increasingly, there is actually no such thing as ‘international law’. It is a common misnomer. There are international treaties (eg. Geneva convention), there are UN Resolutions (eg. recent Libya civilian protection), and there are federal agreements (eg. the plethora of EU directives). None of these apply to countries that have not specifically signed up to them, and most are open to interpretation and – importantly – generally lack enforceability.

The International Criminal Court is perhaps the nearest thing to an international court of law, but applies only to war crimes (or similar), has no juristiction in most cases to overide local laws or judgements, and applies only to those countries which have ratified it. Russia for example has never signed, and (significantly) the USA which had signed, subsequently ‘unsigned’ itself. So neither of these major global players are bound by it.

Laws that apply in any country are solely those that are issued by that country’s legislature (whatever form that may take). Such laws may be based on international agreements, as above, but it is the country’s own laws and not the underlying agreements that actually apply.

Yahoo and Gmail may be morally reprehensible, but they are not as far as I can see ‘guilty of any illegal practices’ within the UK as suggested. I am also unaware of any specific EU directive adopted within the UK, that makes an ‘opt in’ mandatory in this instance.

With respect to that astonishingly verbose and ill-defined EU document that allows criminals to roam our streets, and makes it illegal to even mention the adultery of the rich and famous without being prosecuted (don’t get me started on HRA !), it is unlikely that the ‘right to a private life’ could definitively be deemed adversely impacted by this Yahoo practice.

I’m sorry! I’m sure we and many would wish otherwise, but I cannot currently see any legal restriction other than possibly the DPA, to curtail this activity. And unless Yahoo and Gmail have a legal presence in this country, then even that has no enforecabilty.

As it is unlikely that significant numbers of people would be prepared to change away from Yahoo and Gmail as email providers, then regrettably we must just accept that this is how it is. And ensure we have very robust spam filters!

avatar

Kelly

I have given this further investigation and thought.
http://itlaw.wikia.com/wiki/International_Telecommunication_Union

There are international communication laws and agreements as well as individual country laws and state laws covering governance of telecommunication law.

In my country one can be charged with criminal damage even to ones own property.
Giving permission to another person who damages the property does not change the law and they MAY be charged with criminal damage (along with other possible charges).

The fact that various service providers are requesting users permission to scan their emails in no way changes the basic law that such practice is illegal.
Try getting your own letter back once it is placed into the mail system… it is illegal to interfere with the post and it must be delivered to the address.

http://en.wikipedia.org/wiki/Secrecy_of_correspondence

This does not apply just to letters and post, but has been expanded to cover all electronic data (not just emails).

http://en.wikipedia.org/wiki/Phorm
European Commission case against UK Government over Phorm
The Phorm / BT debacle had two flaws in its inception.
1. They conducted tests without users permission.
2. They conducted “deep packet inspection” of telecommunication data.

http://www.telegraph.co.uk/technology/news/4277433/Internet-privacy-Government-warns-email-providers-over-targeted-online-advertising.html
The UK government is (allegedly) aware of the [Mal]practice.

UK Government again has “tuned in a blind eye” to what in reality is an illegal practice. Government gets lots revenue from advertising tax and it becomes a conflict of interests to thwart an income.

Scanning data for Trojans Malicious or Illegal content is lawful, as is the monitoring
to enable security services or government bodies promote anti terrorist methodology.

While most users may give their service providers permission to scan their emails
it may not actually be legal for the company to scan them.
Scanning for the purpose for “Targeted Advertising” is NOT legal .

avatar

Brian Andrews

Hi Kelly

An interesting debate, but please be aware that WIKIs, although very useful ‘first look’ information sources, should be treated with caution as they are only as accurate as their last editor:- who is seldom a subject matter expert. For example your quoted comment regarding ‘…international laws and agreements…’ is only half true. There are indeed numerous international agreements, but there are not international laws. And the difference is extremely important.

You don’t say in which country ‘damaging your own property is illegal’, but in the UK it certainly isn’t unless there is a secondary ownership or charge vested in the property, so the comment does notsupport your point. Rather it actually illustrates the nature and pre-eminence of differing national law rather than evidencing any (phantom) and overarching ‘international’ law.

Despite your assertion, scanning email in the UK (and I suspect most western societies including the USA), is NOT illegal. An individual CAN give their permission for their email/data to be used in any way they are willing to permit. It is the improper use of the data that is illegal. Scanning is not ‘use’, it is merely ‘manipulation’, which is perfectly legal. Again, an important legal differentiation.

You mention an example of not being able to retrieve your letter from the Royal Mail once posted. That is not actually 100% true, however generally it is the case, as by posting it you have relinquished your ownership and additionally in most cases it is difficult/impossible to track once collected from the postbox. Even when it is delivered to the recipient, it is still not recoverable without permission (of the recipient), as it is now THEIR property (not yours), to do with as they wish. Including publishing it, destroying it, or whatever else they feel like. This is very similar to an electronic communication. The SEND button efectively relieves you of ownership.

The BT/Phorm trial was deemed to be illegal as it was using data for purposes other than for which it was held – a DPA transgression – but was only done to test the law in this area. The trial was terminated immediately the ruling was made, so no prosecution was appropriate. Were the process to be reinstigated with a ruling now established, then a prosecution could be raised. Yahoo however has got around this issue of ‘misuse’, by asking (by opt-out only) their Customers to agree to this new use.

Lastly, although I understand and empathise with the sentiment, I feel that you are being a little harsh in your accusation of the government ‘turning a blind eye’, as in this instance I really cannot see what they have done incorrectly. Yahoo may be morally corrupt, but there is as yet no law against that! Maybe you should lobby for opt-outs to be banned, so that people have to opt-in to services?

avatar

Kelly

Thanks for the debate Brian.
Other persons may not be aware of the technological advances electronic surveillance has made recently nor the intrusion it makes into peoples lives.
I hope this makes people more aware of computer technology and communications.

It may surprising that personal data once recorded presently may be kept indefinitely.
There is presently no law that ensures data must be erased after 10 20 30 or 1000 years.
I believe that is a problem for youngsters doing silly things and paying for it the rest of their life.
The EU is trying to push for change to data held by social sites, but others files may be retained and held for long periods elsewhere.

Super computers store vast amounts of data and can progressively improve on their own algorithms as they evolve… which means they get more and more clever as they progress.

There exists the possibility of an AI++ algorithm that will add Artificial Intelligence to its own kind.
Some computer “toys” have evolved to lie so that they can cheat and evade capture so they can exist.
http://gizmodo.com/346029/scientists-invent-robots-that-lie-real-bender-closer-than-ever

New Botnet: The Horror of the Many-Headed Hydra
http://www.technewsworld.com/story/72786.html
While this is a virus, it suggests that if such an AI++ algorithm were placed into a computer, it could rapidly evolve like a DNA body.

IF the machine becomes artificially intelligent to the extent the machine begins making decision on who is and who is not a desirable, the machine may eventually take over and exclude the citizen.
Automated traffic offence fines. At present progress it does not seem too futuristic.

Trying to keep ahead of the changes in law is frustrating as fast paced business pushes the limits and the present law did not account for the new practice. The following is quite new and specific to telecommunication data ownership:

http://www.out-law.com/page-11876
I quote
OUT-LAW News, 19/04/2011
“RIPA requires the consent of both the sender and the intended recipient of the intercepted communication,”

http://www.simply-docs.co.uk/Newsletter.aspx?NewsletterID=257
I Quote
“New Laws for May 2011

Taking effect on 26th May 2011 the law regarding cookies within the EU will change. Rather than leaving users to opt-out, EU-owned websites must require users to opt-in where third-party cookies are involved. Given the large number of cookies used by some websites this may seem extreme, but under a strict interpretation of the new law, users must be asked for permission before placing such cookies.”
Unquote

The Information Commissioners Office is the UK Regulating body. Unfortunately because of poor implementation in the manner the UK Internet advertising cookies was conceived; there was a belief that an Opt In was not necessary because everyone implied they were in agreement.
Most cookies were therefore an OPT out option (if you were given one).
So to OPT Out…. one had to OPT In to OPT out. [Double dutch I know] and all the advertisers were worried about their revenue loses if it were changed to OPT In.
The EU Directive for 25th May 2011 was deferred (by the UK ICO) for one year BUT is in force as far as the EU Lawmakers are concerned should anything go dreadfully wrong. Thus although UK is “tuning a blind eye in” (sic)

This is not in fact deliberate.
http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/hol_select_committee_on_the_constitution310708.pdf

Quote
“However, it is inappropriate and arguably beyond his powers for the Information Commissioner to advise on the nuances of RIPA. He does not have particular expertise in this area.”
Unquote.

If the UK Information Regulator was/is not provided with the correct interpretation of RIPA, then the outcome may or may not be legal. This implies it may not be as well regulated as it should be.

Finally
http://www.informationweek.com/news/security/privacy/229700122
35 Million Google Profiles Captured In Database

Google Search Bar entries are logged into a database.
This leads me to think that there may be a problem with security for everyone on the www.

Computers will know by Logging every eyebrow batted, picture spotted, fantasy sought, or political outlook viewed, the way and how fast you type, the literature you produce, your personal identity.

Worse… super computers NEVER sleep and NEVER forget.

avatar

Cedric Knight

I am not a lawyer.

It strikes me as correct that consent cannot be given by an email’s sender to the terms and conditions of the recipient’s provider. However, the main issue is making a distinction between, on the one hand, scanning and processing for the benefit of the parties to the communication and for operational reasons to improve the service (those related to spam and malware for instance), and on the other hand, for the benefit of the service provider (behavioural or targeted advertising).

RIPA s3(3) permits scanning that “takes place for purposes connected with the provision or operation of that service”, but that should be read narrowly as meaning operational purposes and not commercial ones. So Gmail and Yahoo practices could be illegal regardless of the terms of service.

avatar

Brian Andrews

By extending the provided ‘service’ (sic) to include targetted advertising and having that agreed by the Customer (ie. no opt-out selected), Yahoo are fully compliant with the quoted RIPA clause. They are indeed providing the agreed ‘service’. Sneaky indeed, but fully legal.

avatar

Kelly

I concur with you Cedric.

The Home Office forwarded an OPINION on the POSSIBLE legitimacy of Targeted Advertising.
http://cryptome.org/ho-phorm.htm
Quote
“18. It is ARGUABLE that a targeted online advertising service can be
“connected with the provision or operation of [the ISP] service”.
20………. The providers of targeted online advertising services, and ISPs
contracting those services and making them available to their users, should
then – to the extent interception is at issue – BE ABLE TO ARGUE that the
end user has consented to the interception (or that there are reasonable
grounds for so believing).”
End Quote. (Capitalization is mine)

Telecomms may be lawfully scanned for security and intercepted for monitoring (traffic count etc) but nowhere does it say in RIPA that Telecomms may be intercepted for Targeted Advertising.

The fact that a user gives permission to the Service Provider, might not be lawful.
Furthermore the terms and conditions of the Service Provider may be also illegal or illegally applied.

Considering email ownership:
I send you an email… It still belongs to me even thought you got “My Email”.
This is different to documents which may change ownership like House Deeds, Diplomas etc
The copyright remains with me and technically it should not be copied without permission.
In scanning an email for target phrases or words, is copyright being broken?

If an email is delivered to the wrong recipient and were scanned: as nobody’s permission is valid scanning of such an email would be illegal.
————————————————————–
After closing I viewed other information on the WWW. which seems to quantify my former statements about the speed of AI progress.
http://www.pcpro.co.uk/news/368638/computer-teaches-itself-to-play-civilization-ii
Computer teaches itself to play Civilization II

An eye opener, even for myself, from a very reputable magazine:
If such a program ever gets onto the WWW …. let you read it for yourself.

Best Regards, Kelly

avatar

Kelly

I quote my former posting:

” IF the machine becomes artificially intelligent to the extent the machine begins making decision on who is and who is not a desirable, the machine may eventually take over and exclude the citizen.”
Unquote.

The following URL gives greater quantification to my statement than I could have imagined.
http://www.pcpro.co.uk/news/368638/computer-teaches-itself-to-play-civilization-ii

If such a programme were to become a www botnet there is every chance it would win.

avatar

Robert

Thank you to Which? Computing for raising this. I am struggling to reconcile the current Yahoo! UK statements about their analysis of the contents of customer emails, with the requirements of RIPA 2000. This law was amended on 26th May 2011, by the Regulation of Investigatory Powers (Monetary Penalty Notices and Consents for Interceptions) Regulations 2011.

RIPA 2000 is a complicated Act. It makes the interception of communications a criminal offence except in certain specified circumstances, when interceptions are deemed to be lawful. It seems that Yahoo is trying to bring itself within one of the exemptions, when both the sender and the recipient gives prior consent to the interception taking place.

However, the published Yahoo! UK and BTYahoo! terms do not reveal any mechanism for obtaining that prior bilateral informed consent from sender and recipient – and my ISP have not told me how I can inform all the people who might email me in the future on my scanned email address, in order for them to give such prior informed consent. My response to what BTYahoo! and Yahoo! UK are doing, has been to contact my local police force (the police are currently the responsible body for enforcement of RIPA 2000), and submit a crime report which is currently under investigation. I have also made a complaint to the Information Commissioner’s Office relating to the Yahoo! UK actions and the UK DPA/PECR legislation.
If neither the police nor the ICO choose to carry out enforcement, then I intend to complain to the EU Commission that the ePrivacy Directive is not being applied properly in the UK, and ask for the recent (suspended) court action against the UK government in the European Court to be revived by the European Commission. If Yahoo! UK are able to carry out their stated intentions of using the content of customer emails for their own commercial purposes without obtaining bilateral prior informed consent from both sender and recipient, then privacy is dead in the UK, and the recent changes to RIPA were a total waste of time. It’s not just a question of what people think, or commercial reality – everyone needs to observe the LAW, and criminal activity must not be tolerated.

[Hello Robert, we have edited your comment due to libel issues - if you have any concerns please get in touch using our Contact Us form. Thanks, mods.]

avatar

Robert

Just to update this thread, I have failed to get the local police interested in dealing with either BTYahoo! or Yahoo! Uk & Ireland in regard to possible RIPA 2000 intentional interception of communications offences, so I have sent the whole matter to the Interception of Communications Commissioner (c/o of MI5) for further examination under the RIPA 2000 May 2011 Monetary Penalty Regulations, to see whether there is an offence of unintentional interception of communications. He has to decide first of all whether there is a criminal offence of intentional interception without bilateral explicit prior consent (in which case he sends it back to the police), and if not, then whether there is a civil offence of UNintentional interception – in which case he can impose a monetary penalty (and presumably they would have to stop doing it!).

If the IOCC rejects my complaint as well, then the details will be sent to the EU Commission and the whole cycle of an EU court case as to whether the UK is effectively implementing the ePrivacy Directive will start again.

I’ve had the formal IOCC acknowledgement so the case is in the system. BT still won’t let me anywhere near their customer forums despite taking the full whack of subs from me for the BT phone and broadband service.

avatar

Barry Blakesley

An alternative and additional approach that is independent of RIPA is the Data Protection Act. Based on the assumption that almost anyone’s email will hold what is considered to be sensitive personal data (say something medical, or about love-life, or maybe a peccadillo) then it is an offence for any organisation to hold and process such sensitive personal data without your consent and informing you of what uses are being made of that data. Furthermore for a mere ten quid you can write to the snooper’s data controller and ask for copies of all your data plus an list of the codes that you would need to interpret it. Anyone who cares to, can also issue various kinds of notices to the Data Controller (queries and complaints).
Complaints are an essential first step to complaining to the Information Commissioner – and then if need be you can take it to the Information Rights Tribunal (Note: the Information Commissioner is notoriously reluctant to do anything).

avatar

Keith

It is like some sort of creeping disease.

I suppose, strictly speaking, if the regulations as they stand and might be interpreted are enforced against BT then similar should be applied, presumably retro-actively, to services like Google Mail and Yahoo! Mail. People are not generally aware that such practices are exercised by these ‘free’ providers. That might be an incorrect statement but I feel it is likely that people commenting here and taking an interest will naturally be aware. Does that apply to ‘Joe Public’ in general? Probably not.

There were similar concerns when Virgin migrated their customers to Google Mail,

http://news.cnet.com/8301-1035_3-10220255-94.html

Not expressed in that article but certainly discussed in forums elsewhere. Having moved from TalkTalk to Sky I know they also make use of Google Mail. I do not know if similar practices are in place or under consideration for those services. My impression is that for the moment this is not the case, perhaps someone can check properly. I would imagine that if BT is permitted to implement this then the others will follow. As I suggest it is a creeping disease.

Slightly off-topic but I dumped TalkTalk as a result of their implementation of the Huawei/Symantec GreenNet system, re-branded as HomeSafe. It is something I consider to be a possible violation of RIPA where the company concerned has adopted an advantageous interpretation of standards and regulations. Sky was the only available non TalkTalk/BT or subsidiary/reseller service available from my exchange.

Given the ‘choice’ of Google Mail I took the opportunity to sort e-mail out via one of the many other available options. Since I know about the possibility and have some IT knowledge then that was an option. I just needed something to prompt the jump.

Excluding the £5.99 to register a .co.uk domain for two years I get 50 e-mail addresses for £20 a year. Naturally I am not using them all but the deal was too tempting compared to others… I get POP, IMAP and WebMail and probably other stuff I would not know about. I might be certain that the burden on the provider as a result of offering 50 as opposed to 5 or 10 is minimal or indeed negligible.

Putting that into perspective it adds £1.53 per month to my internet bill if I just use one. If I shared out the rest then that would be 3 pence per month per address…. and BT/Yahoo wish to monetise your e-mail.

Perhaps Which might consider an article about such alternatives.

Elsewhere I have a ‘free’ Yahoo webmail account which continues to ask, occasionally, whether I wish to upgrade to the ‘new’ version but I decline and am still using Yahoo! Mail Classic. Privacy Policy here,

http://info.yahoo.com/privacy/us/yahoo/mail/details.html

“Information Collection and Use Practices
-
-
Yahoo!’s practice is not to use the content of messages stored in your Yahoo! Mail account for marketing purposes.”

On beginning to ‘upgrade’ to the ‘New Yahoo! Mail’ my acceptance includes stating that I have read,

http://info.yahoo.com/privacy/us/yahoo/mail/ymail/details.html

which includes references to the scanning for targeted advertising. I’m sure everbody who has upgraded read those new policy terms…. No?

Perhaps BT/Yahoo wished to migrate people to the ‘New’ system and took the opportunity for a sneaky bit of extra monetisation. Presumably BT did not directly inform their customers of these changes but just quietly modified their terms and conditions and hoped no-one would notice. Of course people did.

Regarding RIPA. I am not as focussed on the recent changes as others are and have been. Perhaps I should try harder.

http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-lawful-intercep/ripa-lawful-intercept-responses?view=Binary

“39 formal responses to the consultation were received.

Broad themes from the submissions received can be briefly summarised as follows. There was strong support among submissions for an unambiguous ‘opt-in’ consent. Many argued that including relevant information within general terms and conditions or privacy policies does not allow for a sufficient expression of consent. Respondees also proposed that consent should not be a pre-condition of service, that it be time limited and revocable without penalty.”

I was one of the 39… Of itself hardly a large number. I do not know if such concerns were carried through to the final changes. It is quite obvious to me that ISPs are hungry for this and simply will not stop attempting to monetise their customers in this and similar ways. The possible revenue available from such profiling and the delivery of BTA is presumably massive and too tempting for them.

BT seem to think that surreptitious changes to T&C or Privacy Policies is sufficient for them to overcome any legal concerns. That is the way these companies have and will continue to behave until the regulations are properly tightened and enforced. They will continue to look for loopholes and advantageous interpretation to impose this on their customers without regard for anything else other than the bottom line.

It is depressing to know that this is going to happen again and again and again with the actions being like some sort of war of attrition whereby it is the customer who has to be vigilant and raise awareness with the companies concerned eroding privacy in their hunt for profit whilst the authorities remain supine, effectively tacitly supportive?

avatar

Keith

For more perspective then given I can get an a-mail address with a small ‘bulk buy’ which equates to 3 pence per month, that’s how the numbers run and I will assume BT/Yahoo do it for less for themselves. Call it 1p per month.

Then let’s say they expect to monetise their customers e-mails at an average of £1 a month via BTA.

Of course that is a made up number but I would not doubt that BT/Yahoo have run things through a business plan.

It might be nice to see that one along with any skew that might arise from engendered trust along with an indication of ‘interested parties’ outside of BT and Yahoo already signed up to the prospective BTA fest.

1p vs £1 makes 10,000% profit.

Otherwise that figure is very much dependent on people accepting such terms and conditions or probably being unaware that such activity is taking place in the first place by burying the changes where no-one will look and hoping or rather knowing that ‘Joe Public’ will not have a clue about such things.

He probably does not subscribe to Which? either so they might be fairly ‘safe’ with that one.

http://www.ispreview.co.uk/review/top10.php

BT Retail (PlusNet) 5,832,000 customers..

That makes £69,984,000 call it £70 million extra bottom line profit a year.

Strange to say that, ‘made up’, £70 million hits the £84 million figure previously suggested by Phorm for their operations… as long as no-one knows. ;-)

Of course this is all, in part, just wet finger waving.

Now Then. Now Then. Sanctity of your e-mails or £70 million and the chance of slapped wrists if we fail. Decisions Decisions.

avatar

Cedric Knight

I rarely log in to my Yahoo email account via the web (I’m one of those people who think webmail is only for internet cafés and libraries where you can’t use a proper email client), but today 23 Aug, it looks at first glance as if you have no choice but to “Upgrade Now”. On closer inspection there is some tiny (10 pixel) writing in light grey (#A1A0A0) below the huge “Upgrade Now” button:

“By clicking the button above, I certify that I have read and agreed to the Communication Terms of Service [link], and Yahoo! Privacy Policy [link]. To deliver product features, relevant advertising and abuse protection, Yahoo!’s automated systems scan and analyse [link] all email, IM and other communication content. [horizontal rule] We recommend you upgrade to the newest version of Yahoo! Mail now or review Yahoo! Mail Help [link] for other options.”

Only by being aware of a possible legal issue and very attentive would you actually notice that there are “other options” (in fact, just one is listed, which is to click on http://mrd.mail.yahoo.com/switchclassic to access the normal webmail). I would guess about 99% of people with a supported browser (not Opera or Konqueror at the moment say) just click the button not seeing any other choice, even if 50% don’t see any problem with the old mail. Yahoo lawyers may then think that the user is at a disadvantage for having lied by not reading something saying they had read something else that they hadn’t and no reasonable person ever would… you do wonder if the legal teams are running amok and the original people who once made Yahoo a useful web directory should rise up and organise a cull.

(Also by the way one reason the old email may be slower is that it looks like Yahoo’s old tracking/webbug server at us.bc.yahoo.com is intermittently down. A good time to add that host to Adblock Plus or a hosts file or router block list.)

avatar

Ifeoma Nweke

I want the advert that comes into my box and sents out of my box to stop. I’ve got several embrassing mails asking me what the advert was for; which I complete don’t have any idea what they’re talking about.
Please help, I want it to STOP!!!!

avatar

mea

I just tried to sign in and got that notice. I’m leaving Yahoo immediately. They have NO right to look at anything in my account or emails. This is yet another example of the liberal looney left trying to get more info and more control on everyone. I’m outta there.

avatar

F

Just happened to me as well.

I am honestly DISGUSTED at this blatant breach of OUR right to privacy.

Look how they try to ‘legally’ circumvent our rights/protection??!!:

‘If you consent to this ATOS and communicate with non-Yahoo! users using the Services, you are responsible for notifying those users about this feature.’

I feel like throwing up…

avatar

rarrar

The internet provides access to a huge amount of data and a large number of services like email for “free” .
The user may not pay for it directly , but we all pay for it through targeted ads and the commission paid through click-through shopping links.
It wouldnt exist if it wasn’t paid for somehow, especially free email services.

Back to top

Post a Comment

Commenting guidelines

Your email is never published nor shared. Required fields are marked

Tired of typing your name and email? Why not register.

Register or Log in

Browse by Category

Consumer Rights

777 Conversations

9655 Participants

27946 Comments

Energy & Home

658 Conversations

7293 Participants

25358 Comments

Money

826 Conversations

6311 Participants

16417 Comments

Technology

781 Conversations

7665 Participants

20162 Comments

Transport & Travel

603 Conversations

4840 Participants

13561 Comments