Did Google Go Too Far?

[W!nston]

I'm wondering what else Google is looking for when they 'review' all of our online activity? What else will the government require Google to 'report'?

Did Google Go Too Far?
BusinessInsider | By Julie Bort | 12:45 pm August 3 2014

Houston Metro Detective David Nettles

A Houston man has been arrested after Google sent a tip to the National Center for Missing and Exploited Children saying the man had explicit images of a child in his email, according to Houston police.

The man was a registered sex offender, convicted of sexually assaulting a child in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston.

"He was keeping it inside of his email. I can't see that information, I can't see that photo, but Google can," Detective David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told Channel 11.

After Google reportedly tipped off the National Center for Missing and Exploited Children, the center alerted police, who used the information to get a warrant.

A search of the man's other devices revealed more suspicious images and text messages. Police arrested him and he's being held on a $200,000 bond.

On one hand, most people would certainly applaud the use of technology to scan email in a case like this.

On the other, debate rages about how much privacy users can expect when using Google's services like email. In a word: none.

A year ago, in a court brief, Google said as much. Then, in April, after a class-action case against Google for email scanning fell apart, Google updated its terms of service to warn people that it was automatically analyzing emails .

Considering Google has been working to fight online child sexual abuse since 2006, it stands to reason the company would scan emails looking for those sorts of images. Google has never come right out and said so, but hinted strongly at it about a year ago when Jacquelline Fuller, director of Google Giving, specifically mentioned the National Center's "CyberTipline" in a blog post . The CyberTipline receives leads and tips regarding suspected crimes.

Fuller explained:

In 2011, the National Center for Missing & Exploited Children’s (NCMEC’s) Cybertipline Child Victim Identification Program reviewed 17.3 million images and videos of suspected child sexual abuse. ...

Since 2008, we’ve used 'hashing' technology to tag known child sexual abuse images, allowing us to identify duplicate images which may exist elsewhere. ...

We’re in the business of making information widely available, but there’s certain 'information' that should never be created or found. We can do a lot to ensure it’s not available online—and that when people try to share this disgusting content they are caught and prosecuted.

Online service providers like Google are required under federal and many states’ laws to report child pornography when they find it, attorney Chris Jay Hoofnagle, director of information privacy programs at the Berkeley Center for Law & Technology tells Business Insider.

However they are under no obligation to go out and look for it, Hoofnagle says. "But if you look and you see it, you have to report."

We reached out to Google for comment and will update the story if we hear back.

 

[james1981]

Hmm. Intriguing question. It is obviously easy to say protect the children and lock up the pedophiles. Certainly, children in such a situation deserve all the help they can get.

There are, of course, risks with Google adopting such an approach. Are their employees trained to look for this sort of thing? There's a difference between a picture of child pornography and a photo that a parent took of their kid at bath time with the intent to share with the other parent. Do people who do those latter type of things deserve to be subject to investigation? If they have nothing to hide, what do they have to fear? The justice system never wrongly convicts individuals, right? That said, subjecting children to the kind of horrors that these abusers bring down is terrible. So what is to be done?

Honestly, I don't know. What is the greater evil? Certainly child abuse is a huge evil. Governments and private entities snooping in private lives has been used for terrible purposes. Does government have the tools at their disposal right now to effectively deal with this problem? Will Google looking at these messages enhance the law's ability to nab these perpetrators?

This brings to mind the debate about the authorities investigating library books. Should the books you sign out of the library be kept private or subject to review by the authorities (do people even borrow books from the library these days)? What if I decide to check out a racist book or a book on making weapons... does that mean I want to partake in those things? Or maybe I'm just an inquiring mind? Or maybe I'm writing a paper on why these things should not be done. Does that mean I deserve a knock at my door from the appropriate authorities to make sure everything is legit? These are potentially very dangerous materials I am dealing with.

For another perspective, I draw your attention to this article, aptly named On Internet privacy, I'm with the child pornographers .

 

[pinklee1]

WARNING. THIS IS NOT A JOKE. THE NSA MONITORS THIS WEB SITE AND WILL PUT YOU ON A WATCH LIST IF YOU POST TO THIS ARTICLE...ESPECIALLY IF YOU ARGUE AGAINST GOOGLES ACTIONS. READ "THE INTERCEPT'S" NEWS RELEASES FROM EDWARD SNOWDEN'S NSA PAPERS. It is a sad day that we reach this point but that is what the rogue government of the USA has become.

 

[dargelos]

I don't trust google and try to keep away from this dishonest company. So I use and highly recomend the weirdly named DuckDuckGo as the search engine that does not store records of its users. Gmail? no way, Fastmail is more protective of its users email security. Google driverless car? no no no I'd rather walk.
A lot of people blame "the internet" for enabling child sex abuse. There was no internet 200 years ago when there was a lot more child sex abuse, more cruel and never punished, in the good ole days of slavery.

 

[gb2000ie]

Is this a breach of the 4th amendment? I'm not so sure.

Google offer a service. Every users of Google's service accepts an acceptable usage policy. In that policy you agree not to use your account for illegal activities, and Google reserve the right to report crimes to the authorities.

The chances are high that this person was using a FREE Google service, hence, had no rights. Once a Google technician spotted the illegal material, of course it was reported - it would most probably be a crime NOT to report it!

If you think you have privacy on Google's services you are either spectacularly naive or spectacularly stupid. Google's entire business model is based on giving you services in exchange for your privacy so they can sell you to advertisers.

The 4th amendment restricts what the government can do, not what private companies giving you a free service can do.

The fact that the police needed Google to tell them about this criminal would seem to imply that the government are not spying all that effectively on stuff held on Google's servers. If they were, they wouldn't have needed Google to tell them!

 

[ihno]

It was most likely not a technician or a person who found the pic but a computerprogram. In 2013 there were news about a database about missing children or children that were victims of rape.

There is Face-recognition-software for example and if you ever used the picture search with uploading a picture you've seen it too. There are always "similar pictures".

That emails get scanned for keywords to give you "better" advertisement is also not a secret.

 

[bigsal]

When we download illegally also we commit a crime, then Google should report him to the authorities?

Far be it from me the intention to defend the pedophile, in fact I'm glad that it has been unmasked.

I do not want to jump to hasty conclusions, but this story puts me some questions.
Google reads my emails and play back the pictures that I send to my friends?

In this case, even if I have nothing to hide, would give me much hassle.

 

[gb2000ie]

When we download illegally also we commit a crime, then Google should report him to the authorities?

If we use Google's services to store or distribute pirated material then they would be entirely within their rights.

HOWEVER, there are laws making it mandatory to report child abuse in many countries, there are no such laws (that I know of) in any country about piracy.

Far be it from me the intention to defend the pedophile, in fact I'm glad that it has been unmasked.

I do not want to jump to hasty conclusions, but this story puts me some questions.
Google reads my emails and play back the pictures that I send to my friends?

Yes!!! That's how Google makes money! They are not a charity, they make money by invading your privacy and selling you to their customers, the advertising industry! You, and all your data, are Google's PRODUCT, you are not their customer![/QUOTE]

This is how all free online services not run a charities work. A good rule is that if you're not paying for a product offered by a commercial company, then you ARE the product!

B.

 

[tonka]

There's a lot of angst about this, but as a regular user of Google and all the others...their intrusiveness seems pretty light.
I get ads on certain sites, targeted to my recent online shopping. But that's about it.

 

[dargelos]

And if you don't like that, other email providers are available, ones that don't shake you down for every last vestige of privacy.
Why don't more people use them? Most computer users are not highly knowledgeable. Lots of people think google own the internet. If a product is a household name they innocently believe they can trust it. Ok so it's their own fault for not reading the terms and conditions, who reads that stuff?, the same three people who have ever read a EULA.
You don't have to eat McDonalds.
You don't have to drink coca cola.
You are allowed to take your custom elsewhere.

 

[bigsal]

I don't trust google and try to keep away from this dishonest company. So I use and highly recomend the weirdly named DuckDuckGo as the search engine that does not store records of its users. Gmail? no way, Fastmail is more protective of its users email security. Google driverless car? no no no I'd rather walk.
A lot of people blame "the internet" for enabling child sex abuse. There was no internet 200 years ago when there was a lot more child sex abuse, more cruel and never punished, in the good ole days of slavery.

Thank you for reporting this search engine. I use it from two days already and I'm fine with it. :thumbs up:

 

[gb2000ie]

There's a lot of angst about this, but as a regular user of Google and all the others...their intrusiveness seems pretty light.
I get ads on certain sites, targeted to my recent online shopping. But that's about it.

It's a personal thing - if you are prepared to swap privacy for free email, it's a good deal.

If you value your privacy and thing it's not to be whored around for a cheap mail client, then you won't.

IMO what's important is that people go into these things with their eyes open. The criminal moron who started this thread clearly didn't get it, and very very few of your average users do. It's the fact that this taking of privacy is being done without informed consent that I find detestable, not the fact that companies offer services in exchange for privacy. "here, have some free stuff, don't look too closely at those incomprehensible terms of service, of course they're OK, don't worry your little head about it, we really do value your privacy."

When ever I hear google or FaceBook say they value users privacy I mentally finish the sentence "we value you privacy because we can sell it for a bloody fortune!"

B.

 

[dargelos]

If I paid for my Fastmail it would only be US$10 a year. That's not a lot to pay for no ads, no spam ,no scams, no spying and as much security as can be managed with webmail, which isnt very much, but better than elswhere. The office in Australia does not give in to subpoenas from Uncle Sam, I'll never need that protection because I have nothing to hide, but that isnt the point.
I'd be happy to pay that when my free membership runs out.

 

[james1981]

And if you don't like that, other email providers are available, ones that don't shake you down for every last vestige of privacy.
Why don't more people use them? Most computer users are not highly knowledgeable. Lots of people think google own the internet. If a product is a household name they innocently believe they can trust it. Ok so it's their own fault for not reading the terms and conditions, who reads that stuff?, the same three people who have ever read a EULA.
You don't have to eat McDonalds.
You don't have to drink coca cola.
You are allowed to take your custom elsewhere.

I agree with the core of your message, which I take as users should be knowledgeable of what they're using and if they don't like it, they can take their business elsewhere. However, I think there is some onus on the companies to be clear in how they operate. How many products do we purchase, download, sign onto, register for, in one day, one week, one month? Is it reasonable that we should have to wade through mountains of byzantine legalese before we click "Ok"? Why shouldn't companies be more explicit and transparent in how they operate? Sure, I know the answer, but I'm wanting to point out that this is not totally an end user problem.

I consider myself a fairly savvy and intelligent person; however, I freely admit that I routinely do not read those legal disclaimers. And, in fact, me clicking "Ok" just to get on with it might not actually mean I'm consenting to the tome that is presented on my screen.

The former Privacy Commissioner of Canada, Jennifer Stoddard, when taking Facebook to task for their lack of privacy settings, stated, "The principle of consent was important. You can't really consent if you don't know what is going on. Without consent, it was open season for all those organizations behind the scenes scarfing your personal information."

I think individuals and companies need to be held to greater account for the actions here. Individuals for not bothering to read what they are participating in and companies for not bothering to clearly explain their policies. Shame on everyone. lol

 

[dargelos]

What Jennifer really means is 'informed consent' instead of mere 'consent'
It is wrong to have sex with animals because the animal doesnt have the knowledge to be able to understand what you are about to do to it, to say that the animal gave consent because it didn't complain won't get you very far in court.

A man walks into a bar, buys a beer
He stands at the bar sipping his beer
The bartenders dog walks in
The dog rolls over and starts licking his own balls
Man says "I wish I could do that"
Bartender says " ok, go ahead, he'll let you, he won't mind."

We are that dog, we say nothing when the big business starts to lick our balls.
It takes that as implied consent for later on when it fucks us.

 

[gb2000ie]

Heading back towards the original topic a little - I was listening to the latest episode of the Security Now podcast today and they covered this topic. It turns out Google, and many other companies cooperate with an international anti-child-exploitation organisation, and scan all images against digital signatures (hashes to be precise) of known child abuse images. Basically, it's AV for images, and it detects abuse images rather than viruses.

It's an entirely automated process, and to me it shows a willingness by Google to do their bit in the war on child abuse.

The more I read about this, the more sure I am that Google is doing nothing wrong in this instance (though IMO it's doing plenty wrong in other instances).

B.

 

[dargelos]

I'm not trying to give tips to perverts here but wouldn't you just resize the image to defeat this scan.

 

[gb2000ie]

I'm not trying to give tips to perverts here but wouldn't you just resize the image to defeat this scan.

Or crop it or encrypt it or add a watermark or transcode it to a different image format or ........

It's not that hash scanning is impossible to thwart (or even hard to thwart), it's that an awful lot of images fly around the net unedited, so it's an effective technique. Hashes can never catch everything, but, as long as they catch something, it's worth scanning for them.

B.