A new update rolling out for Gmail offers a “self destruct” feature that allows users to send messages that expire after a set amount of time.
While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.)
“As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time,” the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. “The public’s fundamental right to transparency and openness by their governments will be compromised.”
“We urge you take steps to assure the “self-destruct” feature be disabled on government Gmail accounts and on emails directed to a government entity,” the organization added.
The self destruct feature was announced on April 25 as part of Google’s new confidential mode for G Suite. In addition to self destruct, confidential mode allows users to delete messages after they have been sent and places restrictions on how recipients can interact with received emails.
“Technology that allows the self-destruction of official, electronic public communications is not promoting transparency, and under most state open government laws, is illegal,“ Leary wrote in a press release.
Google’s update marks the first major overhaul to Gmail since 2011.
“Technology companies need to provide solutions to government that take into account transparency laws created to ensure accountability and preservation of government proceedings,” NFOIC Executive Director Daniel Beavarly said in a press release.
Google did not immediately respond to Motherboard’s request for comment.
Torschlusspaniker on May 5th, 2018 at 01:18 UTC »
I run a gsuite domain with google vault. I keep anything sent from or to my domain forever for legal reasons.
I do not think this setting allows users to bypass this. Provided the system is configured to be compliant with the law I don't see this as a problem. There are tons of portals to do secure mail and if the recipient can see it they can make copy it regardless of any anti-copy tech.
When setting up email for medical offices I include secure portals that can revoke access to mail so that if the wrong contact is sent a message we can recall it and know if it was viewed or not. We can also do secondary authentication to make sure only the intended recipient can read the message. These tools help make email more secure when dealing with people that are operating without secured email. Google was working on an easy web based pgp plugin but they gave up so it is nice to see them doing something.
LanceThunder on May 4th, 2018 at 23:51 UTC »
this is totally outside of google's responsibility. if government agents are destroying information that is supposed to be archived then they need to be help accountable and the penalty needs to be very high. these people are supposed to know better.
tuseroni on May 4th, 2018 at 22:22 UTC »
don't disable it, just...silently archive those one.