How closely is Google reading your email?

Last week, a Houston TV station reported on the arrest of a man on charges of child pornography, purely based on a tip from Google.

Washington Post:

Most users know that Google routinely uses software to scan the contents of e-mails, including images, to feed its advertising and to identify malware. But many may not have been aware that the company is also scanning users’ accounts looking for illegal activity — namely, matching images in e-mails against its known database of illegal and pornographic images of children.

That bit of Google policy came to light last week, when a Houston man was arrested on charges of having and promoting child pornography after Google told the National Center for Missing and Exploited Children that he had the images in his Gmail account. The tipoff, according to a report from Houston television channel KHOU, led to the man’s arrest.

There’s been a lot of discussion since then on Google’s role in this case. Google is walking a fine line between respecting privacy and using its role as a guardian of your email to ensure that you are not trading in child pornography.

A recent Supreme Court case in Canada centered on a man who was found to be downloading child pornography and addressed whether Internet service providers should give up the identifying Internet protocol numbers to law enforcement without a warrant. In that case, the court ruled against providing the information, drawing praise from privacy advocates and criticism from law enforcement agencies, who called the decision a setback, because of the additional time it will take for them to get warrants.

The Texas case is triggering a similar debate in the United States over what role the companies — companies with whom we share our most private thoughts — should play in law enforcement.

Should Google, Microsoft, Apple and others be reading your email?


“Each child sexual abuse image is given a unique digital fingerprint which enables our systems to identify those pictures, including in Gmail,” added the spokesperson, who did not disclose technical details about the process. “It is important to remember that we only use this technology to identify child sexual abuse imagery—not other email content that could be associated with criminal activity (for example using email to plot a burglary).”

  • Mantrax

    If some perfect computer test existed to flag child pornography in emails, I’d be fine with that.

    But as it is, a computer can only make a guess. There will be false negatives and false positives. Also chances are a lot of the false positives might be risky photos you send to your boyfriend/girlfriend in a perfectly legal manner.

    Which means someone at Google is skimming through our perfectly legal emails and private photos based on a hunch by some sort of detection algorithm.

    Excuse me, but that’s effed up, Google.

    • marcintosh

      The “someone at Google” is an algorithm. It ran a checksum on the image this guy sent and it matched the checksum of a known offending image in Google’s database (a.k.a ‘hashing’). Google (without ever seeing the image in the perpetrator’s mail) alerted law enforcement which allowed them to get a warrant to search the man’s premises. They found child porn in his house which resulted in his arrest.

      What Google did here amounts to calling a tip line and letting police handle it.

      • Mantrax

        Checking against hashes of known illegal images feels acceptable to me.

        However, would you mind linking me to your source of that statement?

        Or is that just a guess you’re having.

        • marcintosh
          • Mantrax

            Thanks. This really should be in the articles reporting about the police tip.

            As an engineer, I’m fine with that implementation. Their image/video fingerprinting is very reliable (I bet the same thing they use for YouTube copyright infringement detection).

            As a politician (I’m not, but in case I was) I’d be really torn though. Slippery slope and what not.

          • And yet that Youtube detector has blocked videos for innocuous nature sounds it thought were a copyrighted song.

            Having said that, I don’t know where I stand on the issue of dealing with false positives. If they are few and far between, are they worth it in the larger scope of things? That sounds reasonable, until you’re on the receiving end of a false positive and your life or business is ruined. It’s a conundrum.

      • G

        What if you receive a illegal image in your mail, unsolicited? There are many scenarios here. It is read by Google, reported to the police. You have to try to prove your innocence. Sorry, but this is messed up. It is not Google’s job to look for illegal activity.

        • marcintosh

          I can’t confirm this, but I don’t think they’re as concerned with recipients for this very reason. You can’t be held responsible for what others send you. A jealous ex could ruin you were that the case.

          Again, Google is just reporting suspicious activity. It’s up to the police to decide whether to pursue charges. And they still need warrants to do their job.

          And as long as they are Google’s servers they can look for whatever activity they want. It’s in their TOS.

  • Anthony Visceglia

    I’ll take the unpopular stance here: in my view, email communication is never private. If you posted on your Facebook that you were downloading child pornography, could Facebook (or anyone else, for that matter) report it to the authorities? I certainly think they could.

    Email is no less public, in a sense. When you send or receive an email, you have no idea who else has or will see it. It is inherently impersonal. It is passing through multiple servers and has no assurance it will even reach its intended target.

    So, in that sense, you shouldn’t keep personal information in your email. As long as Google’s “word” isn’t the only piece of incriminating evidence, I see nothing wrong with this story.

    • Ostensibly, regular mail was never private,either. What made it so was the trust placed in the carriers and the laws that created penalties for opening someone else’s mail. Just because email goes through many servers and anyone can see it makes it no different from a letter going through many post offices and being handled by several people. There should be a reasonable expectation of privacy in communication. Beyond that reasonable expectation people can take their own further precautions (such as encryption, just as people sending postal mail can encode or specially seal their letters, also.

      The push to treat electronic and computer age things as somehow totally different from things we did in the past and assuming no older laws can apply is ridiculous. (What probably does apply here is the entrusting of communication to a private service instead of a regulated government service,and thus some laws likely need to be fixed or created.)

  • I’d hate to be the one stuck with the job of maintaining a “known database of illegal and pornographic images”.

    • marcintosh

      I hear the job has quick turn around.

  • Terry Maraccini

    Although it sounds onerous, and I would caution on the side of denying this method, Google has been very thorough about how and to what ends these methods are bing used. Proceed with caution and oversight, please.

  • Tvaddic

    They all currently “read” your email to see if it is spam.

  • Kyler Finn

    Should Google read your email? NO WAY Can Google read your email? TOTALLY Will Google read your email? BET ON IT BRAH

    Know where to draw the line. Today it’s filtering child porn. Tomorrow it’s exposing free speakers as terror dudes. The day after tomorrow it’s selecting dudes and babes with a genetic predisposition for ‘socially responsible internment’. And a few weeks down the road it becomes the backbone of some dystopian-type nation like Panem from the Hunger Games.

    Child pornographers suck, and they deserve the most gnarly of punishments, but at the same time we must be vigilant to guard the few freedoms we have left. Remember, Google only answers to their shareholder posse dudes.

  • matthewmaurice

    Of course not mentioned in the article is the fact that Google served him ads for 3 day care centers, 5 children’s clothing stores, and suggested a couple of young-looking teenagers that he add on Google+

  • GFYantiapplezealots

    So basically, if someone wants to get someone in trouble/fired/arrested, just send some child porn to their gmail account.