Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Students Sue Google over Gmail Account Scanning

A group of former and current students have sued Google in federal court in San Jose, California, alleging that the company scanned their Gmail accounts and gathered data for advertising purposes.

A group of former and current students have sued Google in federal court in San Jose, California, alleging that the company scanned their Gmail accounts and gathered data for advertising purposes.

Four University of California, Berkeley students claim that the Internet giant scanned their emails despite the fact that they had school-issued accounts, which the company pledged not to track. The plaintiffs say that Google not only scanned their accounts, but also processed and retained their data for advertising and tracking purposes.

On April 30, 2014, Google announced  that it stopped scanning Google Apps for Education (GAFE)-powered account emails for advertising purposes, an activity that it had been engaged in between November 2010 and March 2014.

In December 2015, the Electronic Frontier Foundation (EFF) filed a complaint with the United States Federal Trade Commission (FTC) claiming that Google was spying on students despite committing to not do so. The EFF explained that Google associates students’ educational account in GAFE services with the activity on other services, and that it serves ads in non-GAFE services based on that association.

The practice was said to be in violation of the Student Privacy Pledge , which Google signed previously, and which states that the company was not going to “collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes.” In its complaint, EFF noted that Google was abusing the Sync feature in Chrome on Chromebooks sold to schools for carrying out the collection and tracking of students’ data and activity across services and devices.

Google responded to the EFF complaint and said that the student data in GAFE Core Services is not used for advertising purposes and that Chrome Sync is meant to provide students with instant access to their work across devices. The company also noted that the feature can be easily disabled, but admitted that some Chrome Sync data is used to improve services, but only after “completely removing information about individual users.”

The new complaint (PDF) filed on behalf of four GAFE users claims that Google intercepted and scanned emails in GAE-powered .edu email accounts before the April 2014 announcement, and that the company did so to profile users. Given that some schools informed students that their emails were private, the plaintiffs believe they have strong claims against Google.

Moreover, the complaint states that Google both refused to “release additional details that would confirm its indirect admission that it has stopped collecting or using student data (or information derived from analysis of student data) for advertising purposes,” and refused to delete the data collected prior April 2014 or to promise it won’t use the data for advertising purposes.

The lawsuit, known as Corley et al v. Google, suggests that tens of millions of users might have been affected by Google’s actions. On a dedicated website, attorney Ray E. Gallo says that clients from nearly a dozen universities may be accepted on a contingency basis, including students from UC Berkeley, UC Santa Cruz, San Diego State, University of Maine, Bates College, Pacific Lutheran University, Harvard, Yale, University of Arizona, University of Washington, and SUNY Stony Brook.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...