Google (NASDAQ:GOOG) (NASDAQ:GOOGL) discovered a man was exchanging explicit images of children with another user over Gmail. The company alerted the National Center for Missing and Exploited Children who then notified Houston, Texas police officers. This cyber-tip helped police attain a warrant to search his electronic devices to uncover more abusive photos. KHOU-11 reported that the man has been charged with possession of child pornography and is awaiting trial.
Google computers actively crawl platforms for known child abuse imagery and it’s obligated to report suspected abuse to authorities under U.S. law. There’s also a human element to this active search. Google hires out contractors to sift through newly posted videos on YouTube and images uploaded to Google Images, Picasa, Orkut, Google search, and more. These people look at 15,000 images a day of not just child porn, but Al Qaeda beheadings, making sure users don’t see it.
It’s a great deed that Google has done and continues to do by saving children and closing in on those who would abuse them. But the means is a little alarming, even for those of us who have nothing to hide. If Google has the ability to scan user accounts for child pornography, what’s stopping it from looking for other things? Their slogan, “Don’t be evil,” is starting to sound more and more like a sarcastic remark. Google already scans accounts to provide ads within Gmail, so what’s stopping them from crawling those emails for other key words and divulging private information? Absolutely nothing.
Google’s terms of service states: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
There’s an expectation in this day and age that when you enter your search requests, emails, and other information through a third party, you forfeit your privacy and be monitored to provide better-tailored ads. But this point isn’t made clear when someone signs up for a Gmail account, unless you enjoy reading privacy policies. Most users are likely under the impression that the nudes you sent your boyfriend are private, but they aren’t. Google says it uses a robot to scan emails, but that hasn’t stopped some nefarious employee from breaching a user’s trust. Gawker reported on one particular incident where a Google engineer spied on four teenage girls, and this is the case we know about. There could be others that were dealt with internally.
The NSA had no qualms about passing around other people’s photos, according to Edward Snowden. He revealed that agents routinely passed nude and “sexually compromising” photographs around the office. But it’s not just internal employees users have to worry about–it’s the metadata attained by crawling through user accounts that could have adverse effects for people who say they have “nothing to hide.” This information, in the wrong hands, could be damaging.
In 2006, TechCrunch reported that AOL had released private data concerning its users’ searches. Usernames were changed into random numbered IDs, but let’s be honest we all Google or do a search for ourselves at some point. So, it wouldn’t be terribly hard to figure out who these “random” user IDs were attached to, and the internet did just that. Take user 17556639 for example, he looked up things like “how to kill your wife,” “wife killer,” “how to kill a wife,” and “pictures of dead people.” The Internet caught fire wondering what kind of twisted person user 17556639 could be — well, he was a screenwriter for the show Cold Case.
It would be easy for Google to quickly change its tune and expand its vigilante internet policing to include reporting searches like these, or worse–what if search results for something like this got out to the public like it did with AOL? Imagine the witch-hunt that could ensue over people or police misunderstanding a search a user did for “snuff films” when it could just be a grad student doing research for a paper.
The documentary Terms and Conditions May Apply (available on Netflix) highlighted a particular incident where a young boy made a Facebook post about how Obama should watch out after the Osama assassination. He didn’t mean it as a threat, but that’s not how the Secret Service interpreted it when they came into his school and questioned him.
When you send an email, you may be under the impression that you’re protected by the 4th Amendment from unwarranted search and seizure, but the electronic age has muddled things and dated documents can do little to stave off questionable legal practices. If you give your information over to a third party, the law sees that as you divulging information to the public. This kind of freedom for law enforcements officials and governments to access information could stop protests before they happen or misinterpret turns of phrase as a potential terrorist attack, turning police into some kind of pre-crime team out of Minority Report.
Obtaining information on data inquiries, like chat transcripts from GChat and Google Voice, only requires a subpoena–not a warrant. So someone like a divorce attorney (who are considered officers of the court in some states) could gain access to your digital records if it’s relevant to their case. Lee Rosen, a divorce lawyer in North Carolina, spoke with NPR about how he used to rely on private investigators to dig up dirt on opponents, now, he only need send a subpoena to gain access to text messages or other forms of correspondence.
Google leading police to a sex offender is a bitter-sweet victory. It’s wonderful that another predator is off the streets, but at what cost? There are steps you can take if you feel what’s being done is wrong. Vote by boycotting certain services and switch over to open source. There are plenty of alternatives to Google’s services that will protect your privacy.
Tor is an interesting piece of software. It helps keep your anonymity by bouncing you off several servers, so sites can’t pinpoint your location. So, you may bounce off a server in Norway or Cleveland, Ohio. The important thing is sites can’t learn your physical location and it prevents someone watching your internet connection from learning your habits.
Email is a little trickier and, unfortunately, there’s no easy way to go about setting up end-to-end user encryption on emails. Service providers will still be able to see who your sending to, but you can encrypt your messages to prevent prying eye from seeing the content of your correspondences. The other part of the problem is both users have to be on board and setup PGP encryption. So, you may be able to get some friends and family members on board, but have trouble convincing the people you work with.
Instant messaging is easier to encrypt. Once again, prying eyes will be able to see who you’re sending to, but won’t be able to crack your messages if you use OTR encryption. If you use Adium or Pidgin, both services have OTR options readily available and easy to enable.