It absolutely is, which is why what they're doing looks fine on internal metrics.

Imagine I make a laser bug zapper and install them at every fast food joint in the US. 9999 out of 10000 times it zaps an insect. 1 out of 10000 times the laser fires it blinds a child.

I could wax all I want want about the 99.99% accuracy, the _relative_ accuracy won't mean a thing to the million people blinded by it.

When there is a mix of spambot garbage and human beings that being harmed the right metric isn't the ratio. Blinding a million children wouldn't go from unacceptable to acceptable just because the level of insects swarming around a restaurant increased by a factor of 10. The harm stands alone, and there is a level of harm which could not be justified by any amount of boring spambot influx.

Something about this argument doesn't smell right.

I care about the crime rate, or car accident rate, or botched surgery rate, because it tells me the odds that something bad will happen to me.

Given a stable rate of bad things, population growth alone causes more bad things to happen.

If we took your argument about absolute harm seriously, then we should, say, encourage population reduction until there are only 10k human beings on the planet. That would surely minimize the number of bad things that continue happening to people.

It is trivial to put every criminal to prison: put everyone in prison.

It is trivial to ban every spammer: ban everyone.

If you ban most spam while significantly harming some of your users, you've done your job poorly.

Can you give some examples of this type of job done flawlessly? i.e. where all bad actors are stopped and no good actors are hurt in the process

No, but I can think of a few examples where most of the fraud is stopped while not significantly harming users.

Make fraud impossible through technical means or make "abuse" impossible by just not providing any incentive to do so (for example, make the service paid so that there is no longer any incentive to "abuse" the free service)?

Humans are notorious for under estimating routine hazards, and overestimating things that are rarer. We worry about strangers in deep dark alleys trying to rob/rape/beat/kill us, when in fact, most crime is perpetrated by someone the victim is familiar with.

Your comment calls to mind the paperclip maximizer thought experiment: https://wiki.lesswrong.com/wiki/Paperclip_maximizer

I think you would agree that there is no plausible amount of spam traffic which would justify google murdering a user to cut the spam down. That it's just incomparable, right? Even though the cost of being dead would be borne by the user and their family and not part of google's bottom line-- murder for spam reduction would be right out.

I don't think it's that big a leap to say that it is unlikely that there is any plausible reduction in spam from an automated facility that justifies the kind of extreme harm and disruption created by locking an honest user out of their decades long email-- which might be more damaging to them then a home fire--, with zero effectual recourse. Yet it happens because the cost of the spam is on google's 'balance sheet' while the damage to the user is not.

So that is the sort of argument that I'm making. I think google is creating damages wildly out of proportion to any plausible benefit, but it works out for them currently because the damages are externalities.

Were Google a more conventional company the threat of litigation (even litigation they'd ultimately win) would help internalize some of these costs, but Google has grown to such a size and scope that even the federal government finds prosecuting them to be extremely daunting.

An externality is a cost borne by an unrelated third party. That is not the case here. These are two party arrangements. You and Google have engaged in a contract; Google is providing you email in exchange for your eyeballs, and there are terms and agreements.

There should still be a solution though. Maybe this is a terrible idea, but one idea: Google could sell a service where you pay them $200 and they thoroughly review your case, tell you what happened and work with you to restore access to data, maybe even setup email forwarding for 90 days or something that comes reasonably close to making you whole even if they can't restore service.

If in the course of doing this work they figure out they screwed up closing the account in the first place, the money is refunded. Of course fraudsters would not generally want to sign-up and pay this money as - even if the information of how they were caught was worth $200 - that would create a paper-trail. And it could still be the case that Google is under a FISA letter or something and can't fulfill this service, and in that case they'd refund your money as well.

Bullshit. Maybe 99.999 are successfully identified, but one is mistakenly banned/suspended for no reason and it often has significant impact on his/her business. Google automation is a broken system. A system made by people who never have to deal with the actual users.

> you do not give those actors information on how you detected them.

Not about how you detected them, but you should tell them what you detected. E.g. if you're using a spam filter, you don't want spammers to know which exact keywords triggered the classification, but it wouldn't hurt much to let people know that their account was locked for sending spam instead of some other reason.

If it were spam I think they'd tell them that. If they don't tell you the reason, almost certainly its fraud, and the only way to win against fraudsters is not to play with them. Anything you tell them is just an invitation for them to argue with you and waste your time, or infer detection methods. It is very hard to control fraud costs without alienating your users, especially for a free service with low barriers to entry. That isn't an excuse for Google to be so terrible, but I do think people lack appreciation for the actual problems here.