Gmail AI summaries

[gmax137]

I'm not sure where this post might belong, so I just started a new thread. If there is an existing thread it should go into, please feel free to move it.

Around tax time each year, I receive certain documents from my family's tax accountants. Actually, my brother gets them from the CPA, and then he forwards them to me. These docs are usually locked pdf files, so I need the password to open them.

This year, I couldn't find my little note holding the password, so I was going to ask my brother. Then I remembered doing the same thing several years ago. Looking back in my gmail, I found the email string where I had asked my brother for the password. When I went to open the email, it came along with a "helpful" AI summary:

"Your brother forwarded the XXX file to you. You replied to him, asking for the password. He replied that the password is '123ABC.'"

Now I wonder, who else has the gmail AI told my password to? I checked into security features, and was told in gmail settings to "turn off" all of the "smart features." Guess what? I already had all of them "off."

Does this bother anyone else?

 

[.Scott]

Personally, I do not send unencoded passwords in emails.

In this particular case, you triggered the AI activity. The response you got was a summary generated "on the spot" by AI from the material you had searched for.

I would wonder if that AI instance had the ability to update its learning history from the information it had just used. For example, if someone did a search for "passwords that might be found in emails", what are the barriers to keep you password from showing up. When I tried to check this out through Google, I did not find any substantive blanket statements that denied it. One response suggested that the information could be shared (but not sold) to "trusted businesses" - and, of course, in response to a legal warrant. On the other hand, Google is certainly expert enough to keep the information secure and business-wise enough to know how bad any leaks would be to their reputation.

There was once a common practice of never sending the username and password (or the encrypted document and the password) in the same email. But that would be ineffective in this case. That AI clearly demonstrated it could piece information together from multiple emails.

Here are two excerpts from the Google privacy policy:

With domain administrators: If you’re a student or work for an organization that uses Google services, your domain administrator and resellers who manage your account will have access to your Google Account. They may be able to: Access and retain information stored in your account, like your email ... We don’t show you personalized ads based on your content from Drive, Gmail, or Photos.