back to article Google on Gmail child abuse trawl: We're NOT looking for other crimes

Google has said its scanning for child abuse images on Gmail and other services does not extend to searching for evidence of other crimes. US police recently arrested a registered sex offender after Google notified the authorities about illegal photos of children that were allegedly found in the 41-year-old's Gmail account. …

  1. Eddy Ito

    As noble as their intentions may be, I see two problems right away. First, it only catches the dumb ones who don't encrypt their illegal activity, although that may very well be a large percentage. Second, if someone wanted to use the police to harass someone all they have to do is send them the appropriate image to produce the digital equivalent of swatting.

    1. Anonymous Coward
      Anonymous Coward

      If I was sent such stuff in my email I would report it to the police. With the express hope that they would trace the email and arrest whoever sent it.

      1. JimmyPage Silver badge
        Stop

        Um ... did you read the story just before this one ?

        You'd go down, big time.

        1. Alan Brown Silver badge

          Re: Um ... did you read the story just before this one ?

          The guys concerned _didn't_ report it. That's why they got whacked.

      2. Tom 35

        Police

        In Canada they have created a service to report the finding of child porn anonymously because reporting it to the police can result in them taking all your gear at best.

      3. This post has been deleted by its author

        1. Thorne

          Re: Do pure evil

          "I think google aka screwgle should be severely punished for allowing such content to be traded or circulated through its systems."

          Clearly you're stupid.

          Google is no more responsible for the content than the mail service is for the same stuff sent by post. The only difference is Google has the ability to detect some of it from known samples and then report it.

          1. This post has been deleted by its author

            1. Thorne

              Re: Do pure evil

              Of course they can block it and filter it and then the people can work around the blocks and filters.

              Of course then Google would be tampering with evidence and filtering it out would alert the people that the police was onto them which would allow them to hide their collections and burn all proof plus teach them to be more careful when sending this stuff out.

              In reality it's much hard to distribute this stuff from inside a prison cell.

              Google is doing exactly the right thing and unfortunately you're just too thick.

              How does your brain handle the tasks of breathing and typing at the same time?

          2. cipnrkorvo

            Re: Do pure evil

            Exactly. Google's role should be that of the postal service. This is very dangerous, because it opens up a bunch of questions about other reasons to let police/governments stick their noses in people's mail.

            For example, if people are planning a massive terrorist attack, isn't that 1000* worse than child molesting? But then if governments were allowed to spy on people for child porn and terrorism, how about plots against the government, or planning protests? And since the U.S. gov considers everyone terrorists, that would justify anything. And why would it be Google's role to choose what's bad or not?

            This is very dangerous and I hope it makes enough controversy that Google has to apologize for spying on people, child molester or not, terrorist or not, protester or not.

            This is as if the postal service was asked to open every letter and look for nude pics. It's just wrong and similar to what Communist Germany was doing in the 70's.

            (by the way, Microsoft also has a very strange policy to search for ANY nudity/partial nudity in your account/cloud and can suspend it even for containing a photo of a nude Picasso painting, but that's another story)

        2. h4rm0ny

          Re: Do pure evil

          >>"I think google aka screwgle should be severely punished for allowing such content to be traded or circulated through its systems"

          Firstly, it's Google aka Google, not "screwgle". Secondly, you must be trolling. You cannot put the onus on the carrier for what people send.

          I don't have a problem with Google flagging this up based on image signatures. But it should really be focused on Sent Box, rather than Inbox, I would say. Otherwise it's far too easy to use child porn as a means of attacking people. And as some in this thread have said, they're afraid to report this stuff not because they want it, but because they fear having their computers impounded and, worst case scenario, being considered paedophiles themselves.

          Maybe Google could block matching images on the receiver's end as "this image has been deleted as child porn". Then you have a two-pronged approach where senders can be reported and receivers don't get it.

      4. JEDIDIAH
        Devil

        You have too much faith.

        I would be worried that ANY case of failing to keep a low profile with regards to the police would be a mistake. Once you try to engage them, you've put yourself in their sights even if it is only to snitch on someone elses wrong doing.

      5. This post has been deleted by its author

    2. Gannon (J.) Dick

      Eddy, please.

      "... it only catches the dumb ones ..."

      Please don't say such things around Silicon Valley. It gets them all IPO's up and innocent legs may be humped.

  2. Anonymous Coward
    Anonymous Coward

    So Google have a huge stash of child abuse images they use to create 'fingerprints' for searching Gmail, etc.

    Who did they get it from and why aren't we prosecuting them both for possession and supply?

    1. NinjasFTW

      they don't have the images.

      They have a list of hashes provided by a child protection agency (or similar)

      1. This post has been deleted by its author

      2. Charles Manning

        Hashing...

        Tweak one pixel and you're in the clear again?

        The scary part of this is that it is the thin end of the wedge. Today kiddy porn is a hot button issue. What nextt? Once the jackboots have new toys they will want to use them.

        1. Fibbles

          Re: Hashing...

          Tweak one pixel and you're in the clear again?

          If they're only using hashes then yes. However, if Google have access to a copy of the offending image they could employ their reverse image search technology which can identify matches even when they've been scaled or saved to an alternate file format producing different compression artefacts.

          1. Tachikoma

            Re: Hashing...

            they could employ their reverse image search technology

            Which I must say, works brilliantly, I have used it a few times to find people stealing photos from my online galleries.

        2. dan1980

          Re: Hashing...

          @Charles Manning

          Correct, 100%. Always has been the way, always will be.

          Whenever politicians vote themselves another chapter of 1984, it's always sold as protecting children or, more recently, from "terror".

          Yet somehow, these essential tools of justice and protection seem to find their way to pretty much any government department that asks. What's that? You're a local council that thinks someone's been dumping rubbish illegally? Here you go! You think someone's on benefits when they shouldn't be? Be my guest? Cruelty to animals, well, you're not actually a government body but, what-the-hell - go get 'em tiger.

      3. Anonymous Coward
        Anonymous Coward

        So Google are giving unknown authorities the ability to provide file hashes (which could be hashes of ANY file and we nor Google would never know) and Google will dutifully report back to them a list of their users who own said file?

        I don't see any way to look at this as a positive thing and to frame it in the context of relating to 'child abuse' is completely dishonest. Google have no legal obligation to take this kind of vigilante action against their customers.

        I must also question why Google are apparently more interested in making sure the guy down the road isn't looking at pictures in the privacy of his own home, than informing me an armed gang is planning to break into my home tomorrow, to rob me & murder my family. (For the record I don't think they should be doing either, but one seems quite obviously more important than the other if we're going to do this sort of thing).

      4. Alan Brown Silver badge

        The problem with hashes

        Is that simply twiddling the LSBs will vastly change the hash without noticeably altering the image.

        This is a difficult area to work in. I ran across a couple of such images 20 years ago and was pretty nauseated (the other overwhelming urge was murderous). Thankfully the cops were pretty good when it was reported and the person responsible was hauled in very quickly (as far as I know he's still in jail).

    2. Anonymous Coward
      Anonymous Coward

      They obviously supply software to police forces around the world who run it on their data base of images and generate the hashes / fingerprints. They do not need the actual image

    3. Dan 55 Silver badge

      They get a list of hashes from the IWF, although MD5 seems rather a bad choice given it was found to be flawed years ago.

      1. Crisp

        Re: MD5 seems rather a bad choice

        Especially due to the high number of hash collisions that would result from using that to identify pictures.

        1. Androgynous Cupboard Silver badge

          Re: MD5 seems rather a bad choice

          Why all the hate for MD5? It's been demonstrated that with a large amount of effort it's possible to create two items with the same hash, which makes it a bad choice for digital signatures, where that's what you're trying to do.

          For everything else it's fine, and collisions are no more likely to occur than SHA1 or SHA2. With 128 bits of hash, do the math and figure out how likely that is.

      2. This post has been deleted by its author

      3. Indolent Wretch

        Its flawed for creating cryptographic hashes sure, but it isn't flawed for generating a glorified signature/CRC which is all this really is. It's also simple, very fast, and generates a nice short hash. Sounds ideal.

  3. phil dude
    Black Helicopters

    slippery slope or lawsuit magnet?

    It is fair enough if all they use is MD5sums to check for signatures of images.

    It is probably fair game if known websites are scanned for - if that is even possible.

    However, it becomes murky when the police kick down your down door and drag you to the torture cells, if the information comes via "some algorithm in a box".

    In principle, is google liable for NOT finding criminal behaviour within their quite considerable data stores?

    I am not say "are they looking for criminals?".

    I wonder if they may be liable if they DO NOT scan for criminals if someone is hurt/injured/suffers loss , would they have cause to sue?

    Since prior to this event, I presume they had "safe harbour", and were just passing other peoples information around.

    Just a thought...

    P.

    1. AndyS

      Re: slippery slope or lawsuit magnet?

      Were you just glancing over the article, and did you miss the bit where it said the information from Google allowed law enforcement to gain a warrant, which allowed them to find all the other files and folders the guy had?

      1. 45RPM Silver badge

        Re: slippery slope or lawsuit magnet?

        @AndyS "the information from Google allowed law enforcement to gain a warrant"

        I see what you've done there. You've put the cart in front of the horse - which won't work nearly so well.

        It is the job of the law enforcement agencies to approach Google with a warrant, not for Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients.

        The Post Office isn't allowed to open mail and parcels without a warrant - why should email be treated any differently?

        I concede that, in this case, the right outcome was achieved - but I worry that this will make it harder for the right outcome to be achieved in the future, and that it could result (in an unpleasant future that is merely a repetition of unpleasant events from the past) in innocent people being persecuted for lifestyles that are none of anyone else's damn business. Like being Jewish, or Muslim, or Homosexual, or Christian, or Transgender, or Atheist or any one of a number of things that have resulted in abhorrent behaviour from wider society in the past.

        1. Dan 55 Silver badge

          Re: slippery slope or lawsuit magnet?

          Google tips them off because they're legally obliged to report suspected child abuse (so it is actually the job of Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients), police get a warrant to investigate presenting the evidence they were given in the tip off. What's the problem, exactly?

          1. JEDIDIAH
            Mushroom

            Re: slippery slope or lawsuit magnet?

            Google is not legally required to rifle through your stuff.

            People aren't complaining about the snitching but the fact that they were going through people's stuff to begin with. Google should not be poking through our stuff any more than UPS or the postal service should.

            1. Dan 55 Silver badge

              Re: slippery slope or lawsuit magnet?

              Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included).

              If a post office worker at UPS or the postal service saw a postcard with an image on it, they would also be legally required to report it.

              If the US ever changes the law to make US companies report other suspected things, then maybe I might revise my opinion. But until then I really can't get bothered about this at all, apart from Google and the IWF using MD5sum which is flawed.

              1. heyrick Silver badge

                Re: slippery slope or lawsuit magnet?

                "Google is legally required to report suspected child abuse" - from my understanding, based upon a hash and the original file then deleted.

                While the person in question did turn out to have other material in his possession, surely it should be unlawful to have done any of this if the original content that kicked it all off could not be produced? Otherwise isn't it a bit like "we think you're guilty of something so we'll come up with a reason to shake you down"?

                1. DropBear
                  Facepalm

                  Re: slippery slope or lawsuit magnet?

                  " from my understanding, based upon a hash and the original file then deleted."

                  You seem to think that in a cloud service clicking "delete" or even "empty 'deleted' folder now" actually deletes anything (as opposed to simply flipping a bit somewhere)...

            2. TwistUrCapBack

              Re: slippery slope or lawsuit magnet?

              As they are not really looking through our stuff as such, but a robot is scanning it for known traces of bad stuff ..

              Isn't this akin to sniffer dogs running over bags at an airport ??

              Any illegal stuff detected, bags opened ..

              Just a thought ..

              And as long as they just use the "child pron dog" and keep the others caged, then im fine with it

          2. Anonymous Coward
            Anonymous Coward

            Re: slippery slope or lawsuit magnet?

            >What's the problem, exactly?

            When they are obliged to report evidence of drug use or online gambling or terrorism or un-American activities

        2. This post has been deleted by its author

        3. Steve Knox

          Re: slippery slope or lawsuit magnet?

          It is the job of the law enforcement agencies to approach Google with a warrant, not for Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients.

          But it is not illegal for Google to do so if they tell the client they might do so and the client agrees. When you sign up for gmail, you are agreeing to let them do all sorts of stuff with your data.

          If you're a witness to a crime, you are not necessarily required by law to report it, but that doesn't mean it's wrong for you to report it.

          I concede that, in this case, the right outcome was achieved - but I worry that this will make it harder for the right outcome to be achieved in the future, and that it could result ...blah blah blah.

          Do you have an argument that isn't based on the slippery slope fallacy?

          Something along the lines of, maybe, "Google's terms and conditions don't adequately spell out that they'll be scanning your images for child abuse images" or "<insert locality privacy law here> prohibits Google from performing this scanning" would be appropriate, if borne out by the evidence.

          I don't have a gmail account, so I can't be arsed to research this, but I think you'll find that Google has. They've been wrong before, though.

          1. 45RPM Silver badge

            Re: slippery slope or lawsuit magnet?

            @Steve Knox

            At no point did I suggest that Google was breaking the terms of its contract. And yes, ultimately, if you don't want Google to read your shit then don't sign up to it*. I was suggesting that this kind of data mining is not in the long term interests of society (although I am very persuaded by the postcard argument).

            As to the slippery slope, what is fallacious about it? If you had a time machine, would you argue with those who opposed (picking a suitably blown out of proportion example) Naziism, Soviet-style-communism, Fascism, McCarthyism and so forth that they were just subscribing to the slippery slope fallacy? Surely it's just a matter of how much slip you're prepared to accept before shouting 'foul'.

            *up to a point. I don't want Google to read my shit, but I send email to people who don't mind - so, ultimately, that's me fucked - and I didn't even sign their blasted contract.

            1. Steve Knox

              Re: slippery slope or lawsuit magnet?

              At no point did I suggest that Google was breaking the terms of its contract.

              I didn't say that you did. I was pointing out that what you said was "not Google's job" was also not prohibited, and so your using that to rebut AndyS's argument that law enforcement properly obtained their warrant was specious.

              I was suggesting that this kind of data mining is not in the long term interests of society (although I am very persuaded by the postcard argument).

              I think you need to be more specific about "this kind of data mining". Do you mean specifically what Google did to find out about these images? Does "this kind of data mining" extend to what the NSA's doing? What about to what Assange, Manning, and Snowden did? That was data mining, too.

              As to the slippery slope, what is fallacious about it?

              The presumption that one instance will necessarily lead to another, which is necessarily worse. That's the definition, and the flaw, of a slippery-slope argument.

          2. Alan Brown Silver badge

            Re: slippery slope or lawsuit magnet?

            "If you're a witness to a crime, you are not necessarily required by law to report it, but that doesn't mean it's wrong for you to report it."

            Depending on the crime and the jurisdiction (france is far more strict for instance), failure to report a major crime is a criminal act in itself.

    2. Mark 85

      Re: slippery slope or lawsuit magnet?

      I think the slippery slope is upon us. Given that any of the 5eyes can pretty much do what they want to almost anyone's computer, if someone comes to their attention how hard would it be to plant the evidence, open a gmail account in their name and wait for Google to tip off the cops?

      Then again, why is Google even involved? Since all the agencies around the world are watching us, why aren't they the ones tipping off the cops?

      Maybe I'm being paranoid... (maybe? or really?) but this is going to come to no good end for many folks who never saw child porn. How can someone prove they didn't do it?

  4. 45RPM Silver badge

    In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender, I can't for the life of me see why online services should be treated any differently.

    It is right and proper that these offenders are caught of course, but it strikes me as something of a short term victory since scanning for crime in this manner will just drive the criminals deeper underground as a matter of course, making it harder for legitimate law enforcement agencies to gather evidence. In the future, the criminals will hide themselves out of reach of Google (and other service providers), and law abiding citizens will be further inured to the idea of giving Google, Facebook and so forth (mostly freetard services, to be honest) an all they can eat buffet of no-questions-asked data.

    And yes, they'll claim that its for our own good, and that they're not interested in our law-abiding private email. I'm pretty certain that other organisations in the last hundred years might have claimed something similar - organisations whose ends were definitely nefarious. And whilst our governments and corporations may be relatively benign* today who is to say that we won't slide towards Macarthyism, Facism, Communism or <insert evil government of your choice here> in the future, regimes which may be able to coerce Google et al into spilling the beans on each and every one of us.

    *or, then again, might just be pretending

    1. GBE

      Because you gave Google permission.

      "In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender, I can't for the life of me see why online services should be treated any differently."

      Because when you signed up for your "free" e-mail account, you paid for it by giving Google permission to sift through all your email and other data looking for whatever they want.

      1. 45RPM Silver badge

        Re: Because you gave Google permission.

        Not me. I pay for my email. But that doesn't matter does it? Because a great many of my friends, family and customers don't - and so a lot of my words are going to end up on Google anyway whether I like it or not.

      2. Charles Manning

        Post Office Terms of Use

        I think you'll find that the post office CAN open stuff itf they want to without a warrant. eg. if they suspect that a parcel contains illegal goods. If they do find something, they can report it.

        That particular evidence might not be permissible if it was gathered without a warrant, but the tip-off is then enough to secure a warrant for other investigations.

        It would seem pretty much the same has happened with Google and the kiddy porn. The Google filtered porn might not be useful as evidence, but it is enough for getting a warrant to either seize and search computers or to monitor future activity.

    2. Bluewhelk

      On the basis that non-encrypted email has no real security against being 'seen' en-route, I think that maybe a better analogy would be if a postcard with an illegal picture was spotted by the post office I would expect that they would notify the police.

      In a similar vein if photos being developed at the chemist were suspect they would be reported.

      I always work on the basis that anything sent 'in the clear' is liable to being scanned, checked, read or what ever on route. I figure actual people will generally not bother to read my emails en-route as my stuff would be lost in the sheer volume of other cruft as I'm just not that important, automated systems are likely to be fairly well targeted for similar reasons. MD5'ing attachments would cause minimal extra work over and above checking for viruses and spam.

      1. 45RPM Silver badge

        Of course, because MD5 is always unique for a given file, and no two files can have the same MD5 - that would be unthinkable. In fact, it's the most efficient compression algorithm even - reducing petabytes of data down to a few handfuls of bytes.

        Sorry. I'm bored of the MD5 argument now. MD5 doesn't come close to telling you what a file contains - its only purpose it to guarantee that something has gone wrong in a copy, in no way can it tell you if something has gone right. And it certainly can't be used to probe the content of a file.

        1. asdf

          MD5 is broken

          MD5 is for convenience not for forensics. Yes the info is from crapapedia but easy enough to cross reference the info.

          The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).[25] Further, there is also a chosen-prefix collision attack that can produce a collision for two inputs with specified prefixes within hours, using off-the-shelf computing hardware (complexity 239).[26] The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16–18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.[27]

          These hash and collision attacks have been demonstrated in the public in various situations, including colliding document files[28][29] and digital certificates.[9]

          1. Anonymous Coward
            Anonymous Coward

            Re: MD5 is broken

            Can semi-confirm. I did some looking around with respect to this subject matter some years back and there were a number of applications out there which would append additional strings onto a modified executable (or any file, really) until a collision was found with the original MD5 of said executable. Thus you could distribute a modified executable with virus payload et al and it would match the MD5 which was provided by the original author of said executable.

            Now of course you can strictly speaking do this with any hashing algorithm but the speeds at which you could accomplish this with MD5 is what makes everyone declare MD5 as "cracked".

            As a side note even the use of SHA-1 should be discouraged these days especially for hashing passwords. Personally I use SHA-256 for file checksums, SHA-512 with salt and high round counts for the storage of low security account credentials and BCRYPT for the storage of high security account credentials.

            1. Pascal Monett Silver badge

              Re: "append additional strings onto a modified executable "

              Which is why you always check the MD5 hash and the size of the file to the reference size, which any serious website is going to post alongside the MD5.

              If either one do not concord, you bin the file.

              So MD5 is not really broken, it's just not secure enough on its own.

      2. DropBear

        "On the basis that non-encrypted email has no real security against being 'seen' en-route..."

        Then I guess the actual question is why is it even possible to send un-encrypted email at all in the 21st century...?

    3. Alan Brown Silver badge

      "In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender,"

      If a parcel is split and the contents turn out to be illegal (or it passes through customs and they find illegal material whilst inspecting) then they are required to call in the police.

      Admins sometimes have to eyeball stuff. Even metadata might be enough to raise suspicions to the point where the police are called in (Directories or filenames relating to kiddy porn, forinstance - and yes, people ARE that dumb.)

  5. Anonymous Coward
    Anonymous Coward

    Slippery slope this could be....

    While there is no way you can defend someone who abuses children, or those who view images of children being abused, it is not hard to imagine this being extended to anything that the government deems 'bad' or 'incorrect'..

    Next it will be any photo of a child naked, and what parent doesn't have a few pictures of their kids naked when they were young?

    1. Anonymous Coward
      Anonymous Coward

      Why would a parent's images of their child be on the child exploitation database, therefore creating the hash that Google searches for?

      If the parent is uploading those pictures to abuse websites, then they probably should be investigated.

      1. Anonymous Coward
        Anonymous Coward

        Oh of course I agree with you on all those points.

        But just because right now they use a hash, it doesn't mean they won't try to find new images in future and be forced to extend the search parameters...

        Even the IWF has blocked some images and then back peddled when they realised a mistake was made, and these are people trained so they know what is right or wrong and they make mistakes!

      2. Preston Munchensonton
        Flame

        There are already examples of Facebook forcibly taking down parents' pictures of their children showing bare bottoms or similar. If you have never had a child running around the house with no pants, screaming and giggling, then you aren't in any position to criticize these parents.

        Feel free to critcize them for thinking their children are special or that anyone else wants to publicly see such pictures. But don't criticize someone for sharing an intimate family photo with the rest of their family. That's a completely insipid level of criticism.

        1. Anonymous Coward
          Anonymous Coward

          "But don't criticize someone for sharing an intimate family photo with the rest of their family"

          Who was doing that? (although with most child abuse happening by family members or trusted friends I would also expect you to be careful about this)

    2. Old Handle
      Stop

      For all we know this picture WAS simple a naked child. Though obviously it had to be one that was reported and determined (by somebody) to be illegal in the past. "Child abuse images" is just the politically correct term for child pornography now, don't assume it actually means the pictures show abuse.

    3. ecofeco Silver badge

      "Next it will be any photo of a child naked, and what parent doesn't have a few pictures of their kids naked when they were young?"

      This has in fact already happened. Several times with film processing companies.

  6. Anonymous Coward
    Anonymous Coward

    Not much sympathy for child abusers; but is anyone else getting that "paedophiles today, littering tomorrow" mission creep feeling?

    1. keith_w

      Doesn't the UK already have RIPA for that?

  7. Shaha Alam

    if they're going to be going through emails anyway

    they might as well be fighting crime at the same time.

    still, it's a creepy feeling.

    1. MrXavia

      Re: if they're going to be going through emails anyway

      I would be more concerned if they shift to other 'crimes'.

      Would it be the law of the country you are IN or the country the server resides in that prevails?

      it would be very easy to violate a law you don't even know exists...

      1. Preston Munchensonton

        Re: if they're going to be going through emails anyway

        "Would it be the law of the country you are IN or the country the server resides in that prevails, or the US?"

        There, I fixed it.

    2. e^iπ+1=0

      Re: if they're going to be going through emails anyway

      Maybe it's time to plan ahead - cut down already on the amount of evidence of any kind of criminal activities YOU send via gmail.

      1. asdf

        Re: if they're going to be going through emails anyway

        >cut down already on the amount of evidence of any kind of criminal activities YOU send via gmail.

        Did you not read the posts above yours? The Chinese Communist Party are a bunch of asshats whose great founder Mao killed 50+ million fellow Chinese due to a combination of gross negligence and pure malevolence. Guess what? I put that in a Gmail letter and I just committed a criminal act in some jurisdictions.

        P.S. 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 - posting that in an email at one time (maybe still) also was breaking US law.

  8. Hans 1

    If anyone here thinks any of the online email services (free or paid) guarantee any king of privacy, you are deluded.

    Shit, the data is on their servers, they do as they please ... My mate used to work at a data center, he also could read into the data that was flowing through the data center ... in the pub, he would talk about it until I told him to shut up and stop peeking at the shit at work, that he would lose his job if caught ... They would add a drive and clone it in the SAN.

    1. asdf

      Yep and the only solution is not only never use those services but blacklist sending any email to other people using those services as well. Can be done but not convenient for everyone.

    2. DropBear
      Trollface

      Actually....

      ...I kind of like how that sounds. "king of privacy"... I think I shall start putting that on my card.

  9. Anonymous Coward
    Anonymous Coward

    Won't somebody think of the children!?

    The same tactics are used time and time again; people start to complain when privacy is violated so the people pulling the strings wheel out the Terrorists and the Paedos and say "So, you want these to go free do you? Do you? If you want freedom and privacy, that means you want terrorists and paedos to roam freely.... wait a minute, you're not one of them are you? Quick, check his Watsapp <police officer does a quick check> Oh dear oh dear, what have we got here".

    The public are caught between a rock and a hard place because nobody wants a paedo to be free to do what he or she does, and the same goes for terrorists who want to kill innocent (and if you believe the Tories, hard working) people of our lands so this is exactly what the governments want. We follow the rules that they make and everybody's happy..... unless you're a paedo or a terrorist.

    Remember, if you see something, say something.

  10. Don Quioxte
    Unhappy

    And if Google sells this as a service to MPAA & RIAA? (Jail As A Service)

    I don't think we can see where or how far this is going to take us.

    What if Google sells this as a service to the MPAA & RIAA? We will scan users emails for pirated content and report it either to them or the police...all for a modest fee of course? What if Facebook gets into the business? Do you trust them as much as Google? Call this "Jail as a Service (JAAS)".

    Not to put too fine a point on it, do we trust corporations to carry out those things we screamed about when Snowden told us the government was doing them? Government versus Corporations, shouldn't both get out of the business or surveillance?

    1. This post has been deleted by its author

  11. Paul Smith

    re: Lawsiut magnet

    Does this mean that I could sue Google for not alerting the police that scumbags were planning to break into my flat? Or for allowing some tosser to park in my parking space? Maybe any lawers here could say if they would be complicit by having the information and not acting on it, or merely accessories after the fact by providing indirect assistence? After all, they have now proved that they are happy to read peoples mail in search of potential crime.

    Google might think they were doing the right thing in this case, but I suspect that the harm they have done by proactivly playing at Big Brother will end up causing a lot more damage to society then one sicko ever could. If nothing else, sicko's lawyer can probably get the sicko off scot free by claiming that Google is the actual criminal here by knowingly transporting and delivering contraband material to his equipment without his knowledge or consent.

    1. This post has been deleted by its author

    2. phil dude
      Black Helicopters

      Re: re: Lawsuit magnet

      That was the majority gist of my point, the other part is the sheer volume that Google has. \

      If information is provided for X and turns out to be WRONG and my door gets kicked down. Lawsuit?

      If information is NOT provided for Y and I get harmed and it is flagged, is this liability, since they were able to provide information for X to the police is it now with holding evidence?

      Note, both X and Y are illegal activities. The fact that X may be "legally required to report", is simply going to raise the false positives for X, since the risk of NOT reporting has a legal cost perhaps it is safer just to give in. People associated with doing X might well be doing Y and Z.

      By extension, these things do not stay isolated, when permission is given, abuse often follows. The issue just as with the recent "overreach of the NSA", once a facility is created to "send information to the police based upon what passes through our servers", is likely to be the box that Pandora was on about...

      P.

  12. Mike Flugennock
    Devil

    "Google has said..."

    "Google has said its scanning for child abuse images on Gmail and other services does not extend to searching for evidence of other crimes...

    So, they're totally doing it, then.

    1. ecofeco Silver badge

      Re: "Google has said..."

      Exactly.

      What is the first rule of being able to tell if a company or government is lying?

      Their lips are moving.

  13. James 100

    Slippery slope - we're already sliding down it

    Of course, we've already seen Microsoft doing something very similar with a Hotmail account regarding a leak of trade secrets. We had Google irritating some malware researchers with over-zealous malware scanning of attachments (it's standard to exchange malware samples in encrypted ZIP files with a password of 'infected' - and Gmail started eating those). What will it be next ... terrorism? Copyright?

    There's a Google Docs spreadsheet in my account with a few dozen MS product keys. (Legitimate ones, as it happens, issued through MSDN - but that isn't obvious from a look at the list.) Will Google be sending the police round to investigate my "piracy ring"?

    For me, the idea of having my account searched automatically for illegal content is distasteful. Not because I have any, or because I'm opposed to hunting for it - which, in fact, has formed part of $DAYJOB lately, working with Police Scotland - but for exactly the same reason I object to the idea of random searches on the street: the police are only supposed to be allowed to search you with a good reason to suspect you, not on the off-chance of finding something.

    "Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included)."

    That's concerning - apart from anything else, if true that means Google and co are bound (in the US) by 4th amendment constraints, on the very sensible basis that if the police aren't allowed to search something, it would be far too great a loophole if they were allowed to ask or order someone else to do that search for them.

    1. Gannon (J.) Dick

      Re: Slippery slope - we're already sliding down it

      "Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included)."

      I saw that, and it concerns me too. There are "Good Samaritan" laws and you can be charged with a "failure to render aid" for ignoring an accident victim, for example, and I know Teachers are "required" to report child abuse, but in that case you are a witness to some misfortune or crime and a Prosecutor is required to name you as such. Other things being equal, "Confidential Informant" is a legal status not an assumption.

      Your concerns have long since been observed in the wild: When one of Apple's resident geniuses left an iPhone prototype in a bar, the San Fransisco Police were led to a location and stood outside while Apple Security conducted a "search".

    2. ecofeco Silver badge

      Re: Slippery slope - we're already sliding down it

      The 4th Amendment died in the 1970s from the "War of Drugs" and corporations became above the law of civil rights in the 1980s.

      You have problem with Corporate Communist Capitalism©®™, comrade?

  14. Hargrove

    A practical technical consideration

    As a couple of other readers have observed, there are some practical problems.

    The best and most accessible discussion of the problem of data classification is in a couple of papers by Tom Fawcett. These deal with something called ROC curves. ROC originally stood for "receiver operating characteristic", referring to the ability of a receiver to classify targets in noise. An analogous phenomenon occurs in pattern matching in digital data, where the term "relative operating characteristic" is used.

    The problem boils down to one of true detection and false alarm rates. You can have an arbitrarily high true detection rate if you can live with an arbitrarily high rate of false alarms. You can reduce the number of false alarms to an arbitrarily low level. But, only at the cost of missing an arbitrarily large percentage of true targets.

    The phrase "No such thing as a free lunch" is occasionally used in the literature to describe this.

    Googling "Tom Fawcett" ROC analysis] (without the brackets) should produce relevant results in the first few hits.

    1. Hargrove

      Re: A practical technical consideration--addendum

      As to why it matters.

      If, upon inspection, the ratio of true detection to false alarms for this kind of trawling is out of whack with the stated purpose for doing it, a logical presumption is that it is being done for some other unstated purpose.

      Then again as someone observed in another thread. . ."One should not attribute to malice what can be explained by mere stupidity."

      To which Grandpa Hargrove would say, "In the end it doesn't matter whether you're the victim of a knave or a fool. The damage they inflict will be the same."

  15. Jim-234

    Today Google is reporting you for images of one type to the government

    But surely as humans are predictable, it won't be long before Google is turning you over to the government for other "thought crimes" as deemed needed for proper control of society by your loving overlords.

    1. RyokuMas
      Devil

      Thought crimes

      it won't be long before Google is turning you over to the government for other "thought crimes"

      Only insofar as Google need a puppet body to act for them in actually passing laws and sentencing people. Behind the scenes it's the lobbying that counts and any laws Google doesn't like, they'll just ignore.

  16. btrower

    Google should hire somebody with a moral compass and a lick of sense.

    We already have laws against doing the things that harm children. We do not have to make it so that everybody lives in a panopticon.

    We also have privacy laws, which, if they are to have any meaning, have been broken.

    We need to firm up our laws so that people who do what Google has done are punished commensurate with the damage they do. In this case, it is a lot. Reading the mail of a billion people because you know that one of them is 'bad' does not fly with me and it should not with you either.

    We know for goddamn sure that in the half-billion people to a billion people or more whose mail passes through their systems there are crimes aplenty. Exhaustive analysis of that database would reveal all sorts of wrongdoing. That does not give anybody license to go trawling through that mail system looking to gain leverage over people. It is wrong.

    There is a sure quick fix to this and that is to criminalize this type of perversion of law and order and to make any fruit from a poison tree like this absolutely inadmissible as evidence. In a sane world, Google would be charged with obstruction of justice by poisoning what would otherwise be legitimate evidence.

    If we allow companies like Google to do as they have done here then we open the door to all sorts of abuse and once that door is open the abuse will soon follow. If you look at every jurisdiction in the world, probably most of us are in breach of a law somewhere. Is it OK to provide information to Islamic theocracies that will result in people being stoned to death, beheaded or having their hands chopped off?

    We have already established that it is possible right now for a perfectly innocent Canadian boy to be held and tortured for years without even being charged, then charged with a crime confessed under torture and subsequently convicted without anything approaching due process. It is easy to find the most vile stuff on the Internet and easy to plant that into someone's mail system or hard disk. We might as well dispense entirely with the pretense of law and order and admit we live in a tyrannical police state that makes 1984 look like the optimists version of the future.

    We know for a fact that within living memory, all sorts of state entities have committed the most horrific crimes under the banner of fraudulent abuse of state authority. Tossing through every citizen's mail in order to provide a pretense under which to imprison them is just such a fraudulent abuse.

    Most people are witless enough to think that it just can't happen to them. They are wrong. It can happen to them at any time. The less likely you think it is, the more exposed you are. If you think it cannot happen to you, you expose not only yourself, but the rest of us too.

    It is not something I would ever do, but there are plenty of people out there with skills similar to mine that could set you up in a heartbeat, on a whim. How likely are you to get any help if you have been wrongly accused of a crime that everyone thinks is so horrendous they convict on accusation alone?

    Kim DotCom is a rich, powerful, resourceful and intelligent man and he is not without allies. Look at the trouble that an accusation alone has brought to his doorstep. He is accused of giving storage to people violating copyrights. If they do that to someone allowing people to store data that appears to be copyrighted songs, how do you think you would fair if you were being accused of molesting children on the basis of disgusting images planted on your computer?

    It is disturbing that a community that ought to know better finds there is a debate here at all. This is not a matter of opinion. It is a matter of knowledge. We have a social covenant that allows the legal system certain latitude. It does not allow this. It specifically forbids this type of thing. It is also disturbing that Google would do this profoundly evil thing. It opens the door to something worse than isolated aberrant behavior that tragically affects a few. It opens the door to systemic damage that affects every single one of us. In a world where tyrants hold absolute sway, you can bet that children are not going to be better off.

    What we have codified in law is that searches without probable cause are illegal. This is a search without probable cause, not of a few people, but of hundreds of millions of people, myself included. Any evidence thus gathered should be thrown out and all the players involved in this shameful practice punished for basically giving god knows how many pedophiles a free pass because, like the pedophiles, they are morally retarded.

    It does not matter what Google or anyone else places in their terms of service. Things that are wrong by their nature are null and void. For all *most* of us know, since we never read all the terms of service that bind us, some of them may say that we are obliged to allow Google to publish our mail, including any ill advised pictures we have taken that cast us in an unfavorable light.

    This is precisely the tightening noose that provides power to the police state and such a state ultimately ends up serving nobody at all.

    You cannot justify whatever you wish to do, no matter how outrageous, 'because children'.

    Google should hire somebody with a moral compass and a lick of sense.

  17. The Vociferous Time Waster

    Some Snowdenesque plot

    In some Snowdenesque plot (or maybe the Lady Bothering Couch Surfer because Snowdon was more tech savvy with encryption) a file is being transferred to a journo somewhere. Grubbymint spooks know all they have to do is pass an MD5 hash of the file to Gurgle and they will provide the deets of the email sender or recipient. Might not be flagged as a peed but will give them the time to supress the information in more traditional ways with a staged suicide or a car accident in a tunnel.

  18. Old Handle
    Facepalm

    I was just thinking, you know what's ironic? They talk about protecting children, but this will only catch the lowest lever child porn users. Think about it, if someone is actually molesting a child and sharing the pics with their pedo pals, those pictures won't be in the database! The one guy who it would actually do some immediate good to arrest is the one who has the least to fear from this.

  19. Shannon Jacobs
    Holmes

    Of course you aren't, you EVIL lying sons of...

    It was only a few years ago that I thought google was a good thing. Now it makes me feel so innocent and naive. EVIL is the rule of business in America, and google has become as EVIL as any of them.

    Hey, google, would you like to get your soul back? You'd have to sacrifice a tiny fraction of your profits. Oh, not interested. Why am I not surprised?

  20. Breen Whitman

    I am safe I think. The 8 prostitutes I have killed, dismembered and gmailed pictures of were all well over 18.

    1. asdf

      Have an upvote because the moral police won't get the admittedly dark joke.

      1. Gannon (J.) Dick

        Jack, is that you ?

        Here's another upvote

    2. MrXavia

      I think your safe, because people magically turn into an Adult at 18 don't they?

  21. WibbleMe

    Times like these it is good for Big Brother to be snooping on our data.

    But I have to say if you are that dum to put an image like that there you deserve to be caught.

  22. Colin Miller

    Automatic Google Image Search?

    Did Google use a hash of the image, which is easily changed by small changes to the photo, or do they run all photos in GoogleMail through Google Image Search, and alert their kiddyporn team to possible illegal photos?

  23. Andrew Meredith

    Do it yourself

    The only thing I use my Goggle account for is as a username/password pair for the likes of Android Play.

    A fairly simple Linux/Postfix/MailScanner/Dovecot/Apache setup with 4096 bit PKI; giving users a highly encrypted closed IMAPS/SMTPS email service, ensures that users messaging within the system can chat away to each other to their hearts content and send whatever they like to each other without let or hindrance.

    If Google et al continue down the aforementioned low friction gradient, more and more criminal gangs are also going to do this sort of thing. Squirrel your machine away on a cloud service with filesystem encryption turned on .. maybe even set it up from an anonymous crypto-mail service and pay with bitcoin. The faster the authorities spin up better mousetraps, the more sophisticated the mice will become; leaving the rest of us, as mentioned above, under more and more scrutiny and almost certainly being picked up for lesser and lesser crimes.

    One day they will have subjected us all to so much over-observation that it will be routine for the kind of measures I spoke of to be used to simply keep ones messaging private. Then the data taps will all dry up and the TLAs will be totally lost.

    i would suggest that the big mistake here was not scanning the mails, which we all know happens with the free services, or even to report the scroat for kiddy fiddling, he had it coming; the big issue is that they told us it had happened. We then of course go off down the road of "What else are they scanning for" and this whole thread leaps into being.

  24. sssputnik
    Joke

    Midgets.

    Will I get a knock on the door? I love gimp masked midget pr0ns !

    1. Gannon (J.) Dick

      Re: Midgets.

      Knock, Knock,

      Just wanted to say ...

      Hiding behind the Joke Alert. Nice touch. Use that one myself all the time.

  25. ecofeco Silver badge

    Well, back to POP3

    We really should all go back to POP3. The hard part is now just figuring out which port our ISPs allow for POP3.

    You think it's the same port everywhere? Oh, non, non, non.

    Oh wait, the only ISPs available for most people are the "other" big corporations. Who will also read your email.

    Hmm, so in order to use email almost anywhere in the free world (old joke) there is no real alternative to no privacy. And this makes it "signed up of own free will" how, exactly?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like