Yahoo Says Users Consent To Email Scans
- by Wendy Davis @wendyndavis, March 12, 2014
Yahoo is asking a federal judge to dismiss a potential class-action lawsuit accusing the company of violating privacy laws by scanning email messages in order to surround them with ads.The company argues in court papers filed last week that its scans don't violate the Electronic Communications Privacy Act, on the theory that Yahoo users explicitly consent to the company's practices by accepting the terms of service.
Yahoo says it unambiguously informs users about its policies in the terms of service, which state that the company's systems “scan and analyze all incoming and outgoing communications content sent and received from your account ... to match and serve targeted advertising and for spam and malware detection and abuse protection.”
This lawsuit was brought in October on behalf of non-Yahoo email users who send email to Yahoo account holders. The non-Yahoo users allege that they never consented to scans of their messages.
But Yahoo argues that it doesn't need permission from non-Yahoo users, because federal privacy law only requires consent from one party to a conversation, which in this case would be the Yahoo account holders.
“The clear terms of Yahoo’s agreement with its users demonstrate that all users consent to the scanning and analyzing of their email. If such language is deemed inadequate to obtain consent, it is hard to imagine what text would suffice,” the company says.
Yahoo also says that it doesn't violate a California privacy law that prohibits companies from intercepting communications without all parties' permission. Yahoo argues that applying the California law to activity like automated email scans “would potentially turn ordinary and widespread computer use into criminal activity.”
The lawsuit against Yahoo is similar to one litigation accusing Google of violating the federal wiretap law by serving contextual ads in Gmail. In that case, U.S. District Court Judge Lucy Koh in the Northern District of California rejected Google's motion to dismiss the lawsuit.
Koh -- who also is presiding over the Yahoo lawsuit -- said in the Google case that non-Gmail users don't consent to have their messages scanned. Koh also ruled that Gmail users don't consent to the interceptions because Google's terms of service don't clearly explain its scanning program. Google has scanned Gmail messages since launching the service in 2004. Yahoo only started doing so in 2011.
5 comments about " Yahoo Says Users Consent To Email Scans".
Read more comments >
Next story loading 
Non-Yahoo e-mail senders have no standing to sue. When you send e-mail, you have no grounds to hold anyone else to any obligation to keep your message private, to not allow it to be scanned, or anything else. The domain "mailinator.com" provides free disposable e-mail addresses. If I give someone "March12@mailinator.com" I can go there and read any message sent. So can anyone else in the world. Does any sender have grounds to argue they can hold Mailinator responsible for allowing their messages to be read by anyone? I think not.
An e-mail message is not a FISA court order nor an FBI national security letter and has no power to bind a recipient not to disclose it to other parties notwithstanding anything it says in the message about it being confidential, if it does.
I know Yahoo notifies users because I purchased my email account from Yahoo with the understanding that I wouldn't have ads. It costs about $20/year but it's worth it not to have ads on my personal email account. However, I do hate the other changes they've made recently and I plan to switch to another email service soon.
Just because you don't see ads in Yahoo mail doesn't mean they aren't reading, profiling and/or selling on information about you. Just by virtue of you (and people that send email to you) sending your (unencrypted) email through Yahoo enables them to do so. The only way to achieve this is finding a service that provides encryption on three fronts: transmission (over the Internet), at rest (on your computer and the computers of whatever email service you use) and ideally within the email clients of the sender and receiver. Transmission encryption is improving rapidly (https for webmail, TLS for email). At rest encryption violates provider (e.g., yahoo, gmail, hotmail) business models so you have to use someone like xcapsa.com that provides a dedicated email server with storage encryption to provide that. Usable open standards endpoint encryption just isn't there yet but is progressing (maybe this year will be the year!). My view is that you need to do two things: accept you have to pay for privacy (buy services like email from a company whose revenue model isn't predicated on analyzing your data); and take an 80/20 rule view to re-enforce privacy where you can, even though that's not everyplace (yet).
When will software companies introduce the 'segmented' EULA. At the moment the EULA contains all the terms and conditions and the user has the chance to accept or not - meaning that they have to accept ALL the T&Cs or bail out. I doubt anyone has the patience to read them all anyway (let alone understand them). I've always thought it would be a great piece of research to include in a EULA a term along the lines of "The User agrees to giving up their first-born to The Company", and then seeing how many people still click on the Accept button!
I also pay 20.00 a year for email services but not yahoo since I know they still filter all email no matter what. I grabbed myself a .edu email address from my-edu-email.com for privacy, no ads, no filtering and best of all, works for student discounts! ;))
I also tested my .edu email with some friends gmail accounts and did not end up in their spam bin like my old yahoo email account. It seems that gmail does not consider .edu email addresses as spam, Bonus X2!!