What is the point you're trying to make? One could use your argument for any single entity in the world. "I'm not implying that Coca Cola's CEO does or would put poison on the beverages, only that some non-null set of employees there, probably including the CEO if he were really determined to do so, could." Replace Google/review private email with anything and you'll have a meaningful sentence: Obama/release nukes, kindergarten teachers/child abuse, etc, etc, etc...

I'm pointing out a double-entendre, not making an "argument".

But, the double-entendre can also serve as a reminder that when you choose Google as a webmail provider, you have also chosen a set of people for whom your communication is potentially transparent. Yes, when you choose to drink Coca-Cola you've chosen a set of people who can potentially adulterate your food; that's a fair analogy.

Those reminders alone aren't anything profound, except to emphasize: pay attention to the values and incentives of those you delegate these powers. Google occasionally seems casual or dismissive about privacy concerns, as with Schmidt's recent statement. Until something blows up on them, they actually make more money (and more friends in government) by being lax about privacy protections.

I know that this is nitpicking, but it's highly doubtful that some random Obama staffer could just launch nukes willy-nilly. Actually, on that matter, it would probably be an order of magnitude more difficult for Coka-Cola to get away with poisoning cokes than for Google reading private emails.

Actually, I'm not nitpicking, I agree with the first guy. If Google were to violate out privacy in such a way, it's quite possible that we would never find out.

Exactly what I'm thinking. I thought this tinfoil hat mentality has died with slashdot. Face it: any e-mail provider can read your e-mail, including the e-mail provider of your recipient. The sysadmin in your office can read your e-mail. Your ISP can read your e-mail even if you host your e-mail server (unless you use https). Same goes for the ISP of the recipient. The only way to be safe was if everyone hosted their own e-mail servers and used PGP/GPG to encrypt their e-mail.

Maybe it's time to stop being paranoid and start concentrating or real problems? Like pondering on how to create an e-book reader that doesn't suck or discovering how to cure AIDS and cancer efficiently?

It's possible that my priorities are simply out of touch with those of the mainstream, but for me "half of the world can read the email of the other half of the world" is a bigger problem than "ebook readers aren't very good right now". The notion that we should stop caring about privacy because a couple of network protocols have design flaws is silly.

Two wrongs do not make a right. Google needs to step up and deal with this.

How could they possibly solve it? One of the most important features of Google Mail is fast searching of e-mails. For them to search e-mails, they need to be able to index them so they can't just encrypt the emails on their storage.

Frankly, for me the abilty to search my emails quickly outweights the risk of some nosey Google employee with a shallow private life reading my private email or bank stuff or whatever.

Let Google ask you specifically if you are ok with that. You get fast search, and you give up some privacy in return. A clear and explicit exchange.