Google’s Crime Tip Raises Privacy Concerns

logo11w“Hey did you read that email I sent you?”

“Nope, but I bet Google did.”

For those who think Google can do anything, it turns out you may be on to something. A tip from Google led to the arrest of a man from Texas named John Henry Skillern. He was arrested by local police for possession of child pornography. 

The exact story of what happened does appear to change a bit from site to site, but the overall concept can be outlined as such:

  • John Skillern’s email contained at least one explicit image of a child.
  • Google became aware of such content by “scanning” the email.
  • Google tipped off the National Center for Missing and Exploited Children.
  • The center brought the tip to the local police.
  • The local police acquired a warrant with the help of the tip. (As well as the fact that Mr. Skillern was already a convicted sex offender.)
  • The police made the arrest of Mr. Skillern.

Obviously, arresting someone for child pornography is an ideal result, but some have voiced concerns as to just how the tip from Google originated.

As of last year, it stopped being a secret that Google “processes” the emails that come through its servers. Additionally, earlier this year, Google amended its terms of services to better clarify what it does:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.” (Google

This modification to the terms and services was in response to a class action lawsuit regarding the company’s practice of scanning emails. (The case was dismissed earlier this year.)

Essentially what this means is that Google can read what is passed through their servers, whether the messages are sent from a Gmail user or to a Gmail user. Although there are a few pending law cases that contest Google’s legal capacity to undertake this practice, in the abstract it appears to be legal. Google is not a governmental entity, it is a private company. This means that Google is not held to the same standards or rules as the government and can make decisions about the content they ferry about the internet.

Google is a third party that has formed a contract with its users. Whenever you sign up for one of their services or make an account you agree to their conditions. It is interesting to point out that some minds in the legal world believe that by merely clicking accept on a terms and services page (a contract that you probably did not read), you in actuality are not binding yourself to those terms. For the sake of debate, we will consider that such an agreement is binding.

Basically Google is allowed to scan your email because you as a user consent to them doing so. The contract between two parties (you and Google) is in effect creating private laws that the parties agree to submit to.

“[A] person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” [Quoting majority opinion of the court by Justice Blackmun. Smith v. Maryland]

Now, some of these laws we as users are agreeing to are not out in the open. Google refuses to release details on what they look for or their specific criteria. They cite that the information is suppressed because they don’t want criminals to get around them. A noble thought, but one that leaves the rest of us in an unstable position — a position that requires us to trust Google.

With government agencies, we are allowed to lean on our rights and to fight legislative fire with fire. Individuals may not always trust the government, but at least there can be open debates that can affect such policies. This is not the case with a private company such as Google. We are suppose to trust that Google will use the information it acquires from our interactions with the Google services for “good.” Well good is a very arbitrary concept and your view of what is good may not always align with what Google views as such.

It is quite tempting to go down the slippery slope of just where Google will draw the line with their searching and probing of email. After all, it is a scary notion to think that a for profit company gets to make decisions about our personal correspondence. Some relief can be had in the fact that the specific type of image for which John Henry Skillern was arrested is something Google keeps an eye out for:

Since 2008, we’ve used “hashing” technology to tag known child sexual abuse images, allowing us to identify duplicate images which may exist elsewhere. Each offending image in effect gets a unique ID that our computers can recognize without humans having to view them again. Recently, we’ve started working to incorporate encrypted “fingerprints” of child sexual abuse images into a cross-industry database. This will enable companies, law enforcement and charities to better collaborate on detecting and removing these images, and to take action against the criminals. Today we’ve also announced a $2 million Child Protection Technology Fund to encourage the development of ever more effective tools.” (Via Google’s Official Blog)

It is unclear if this is the technique used by Google to determine the email contents in the Skillern case, Google refuses to comment on personal accounts. No matter what technique they used to come across the information, the fact that they did come across it meant that  they were legally compelled to notify a child support center. Under United States law, companies such as Google are required to report possible child abuse evidence.

The concern is that Google isn’t legally required to actively look for illegal content, but they do. In a case such as Skillern’s, it is hard to see fault in a preactice that helped take down a person that committed such a sick crime. This time, Google used its powers for “good.” That we can agree on.

The following quote was made in reference to child abuse images. However, I urge you to think about this quote in the abstract and how it could apply to essentially anything, including the comics and pop culture we enjoy:

“We’re in the business of making information widely available, but there’s certain “information” that should never be created or found. We can do a lot to ensure it’s not available online — and that when people try to share this disgusting content they are caught and prosecuted.” –Jacquelline Fuller, Directer of Google Giving (Via Google’s Official Blog)

At what point in time might Google decide the the manga and comics “information” you enjoy via email or online is something that “should never be created or found”? Given that comics are an easy target for would be censors because of their visual nature, it doesn’t seem impossible that Google’s “processing” could affect comics, manga, or other artwork that is otherwise protected under the First Amendment. Such images would not necessarily be protected from Google’s scanning because Google is within their rights to do so as a private company.

We can’t say whether Google or another email provider will report a user for drawn images, so it’s important to read and understand the privacy and user policies for your provider. If you do want to learn more about just what you agreed to with Google, I would highly recommend reviewing their privacy policy. Quite a fun read, in a dark 1984 sort of way.

We need your help to keep fighting for the right to read! Help support CBLDF’s important First Amendment work by visiting the Rewards Zone, making a donation, or becoming a member of CBLDF!

James Zachary Swartz is a law student with a comic book problem.