Rhythmdvl, take a look at section 2.2 of the EPIC document I linked in the OP. It describes what Google is extracting and storing.
Based on that description, I would say your subpoena should be quashed under Rule 45-whatever-it-is because it does not request either relevant evidence or material reasonably calculated to lead to the discovery of admissible evidence.
Now, if Google stored complete copies of the mail, of course, that wouldn’t be true. But that’s not what EPIC objects to, and, indeed, any of the providers they recommended in lieu of Google would be equally vulnerable to your subpoena if they stored complete copies.
What lawyers do is nearly indistinguishable from magic for me, but I’ve been a sysadmin for a few years at a hosting company, and several of its customers have been sued. I don’t have experience with a situation that matches the hypothetical, since none of these customers had anything that we would have stored for them after they ended their contract with us (e.g. remote backups can often linger for awhile before they get cleaned up, but no sued customers have purchased them). I do not remember an instance where the legal department asked if we had a customer’s data, and we didn’t end up providing the data. The only question usually asked of me other than if we have the data, is whether turning it over will expose any proprietary information of ours. But again, I’m not in the legal department. I’m just the schlub who would locate and move the data around to be handed over. There were almost surely all kinds of incantations and spells uttered under bright fluorescent lights before I was involved.
My take as far as Gmail is concerned: If you’re an individual, use it in good health. Don’t discuss anything illegal in writing ever, anywhere (much less in a place that’s going to store it, for heaven’s sake). If you’re a business, my advice is more nuanced. Again, IANAL, but their policy on using the data for internal use appears pretty broad. Google’s business interests are also expanding fairly quickly and broadening outside of their original core business. Before moving your mail operations to Gmail, I would suggest seriously evaluating if Google is going to be a likely competitor in your industry in the future. Even with that risk, I wouldn’t say it’d be a good idea to try to change your customer’s email provider, unless there were some issue such as reliability.
I missed the edit window, but I’d like to add: I don’t see anyone even remotely responsible not making backups of their mail system. Not just for legal purposes, but you never hear the end of it if mail is lost. I know that Gmail has ditched a lot of their user’s data and restored from tape, so the question would be how long they store it, I suppose. Either way, as I said, anyone wanting to sleep regularly before they die makes backups of email. Singling out Gmail for that would be silly.
Precisely my point. Everyone makes backups – and would you want a company that didn’t take elementary precautions like having a contingency plan that included backups and off-site storage of critical data?
Google’s plan discussed above doesn’t add any additional risk of disclosure.
Oh, how I wish that everyone did. Since that’s one of my duties, it’d mean more job security. As it is, getting someone to purchase a backup plan is difficult – unless they’ve had catastrophic failure make their data merely a memory at least once, and probably paid the cost of several years of backups to a data recovery company to get most of their data back after several days of downtime, that they often blame us for. But you didn’t come here to hear about my problems.
I agree it doesn’t change anything in the case of discovery during a legal case. But I’ve worked for some rat bastards who, if they had access to a competitors data, would say “Mwuhuauauaua” so authentically while they mined it for info, it’d give you goosebumps . The legality would only enter their minds later while they were being sued. If those kind of folks ran a mail service like Google’s, and were using it for essentially corporate espionage, do you (or anyone else here who cares to volunteer an opinion) think that their privacy policy disclosure would cover them from being sued?
My perspective is that this danger makes it worth it for certain companies to pay a company to host your mail, provided that company guarantees your privacy from everyone, including themselves. Yes, its nothing worth singling Google out for. Any free service that’s offering free mail in exchange for access to the same presents the same danger. Sorry for the diversion. Thanks for the answer.
Google’s computers automatically sifting through your mail to decide what ads to serve up poses no more privacy concern than Google’s (or anyone else’s) computers automatically sifting through your mail to filter out the spam. And I don’t think anyone’s willing to use an e-mail service without spam filters, any more.
Computers can read anything they like about me. It’s not a privacy intrusion until some human reads it.
