Slashdot Mirror
Google Spots Explicit Images of a Child In Man's Email, Tips Off Police
mrspoonsi writes with this story about a tip sent to police by Google after scanning a users email. A Houston man has been arrested after Google sent a tip to the National Center for Missing and Exploited Children saying the man had explicit images of a child in his email, according to Houston police. The man was a registered sex offender, convicted of sexually assaulting a child in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston. "He was keeping it inside of his email. I can't see that information, I can't see that photo, but Google can," Detective David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told Channel 11. After Google reportedly tipped off the National Center for Missing and Exploited Children, the Center alerted police, which used the information to get a warrant.
The great things google can offer, 1984 saves the children!
(Yes it's good that pedophiles get hurt - But there is a very very bad precedent here...)
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I would have gotten first post, but I needed to delete some emails...
We don't do warrentless searches of email, for real! We catch sex offenders, too!
Google should tell all of its subsidiaries this, too. Or maybe Google should just hand YouTube over to the police and be done with it. I'm sick of searching YouTube for IT-related stuff and being given results with boobs, penises and other disgusting things in the video thumbnails.
This is chilling, not for pedophiles, fuck them, but for the average citizen. While, I absolutely believe it's google's job to report illegal activity they accidentally uncover to the police, this appears google is actively searching your e-mails for things to forward to the police, and that's a chilling thought for free speech, freedom, and prevention of abuse of power.
I don't want ANYONE looking in my email and I don't want to require my friends and email to have to set up security just to read emails from me. What's the best email service offering end-to-end encryption?
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
How does Google do this for one person? If they suddenly started scanning images for this, you think they would uncover a few thousand people at a time. Are we supposed to believe that they specially targeted him, or that he is the only person to ever send naked pictures of children through gmail?
Troll is not a replacement for I disagree.
I thought Google has said for years that it can't automatically identify copyrighted material and is therefore legally exempt from being required to block objectionable material. But now that it appears their algorithms can search email images and make the determination, then it proves Google is now capable of identifying pretty much anything, correct? Wow, this is going to open them up to a ton of liability!
Both to the pedophile and to the illusion of privacy people had when using Gmail.
(They have an obligation to report child porn if they find it, but they don't have an obligation to look. My suspicion is Google is not happy about what happened.)
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Agreed. Even good outcomes do not justify bad behaviour. We should not be happy that Google is perusing the content of our E-mail with anything but automated tools (for advertising, etc.)
An automated tool probably flagged the image, hopeful it wasn't simply probable nudity but probable nudity combined with some other alert, maybe something in the body of the text. Humans probably only review flagged images. The system is working as google has always intended, go read the terms of use. Working with local law enforcement when google deems it appropriate or legally required probably falls under what you refer to as "etc".
I can't agree more. I think more people should be up in arms over what Google has just done. I'm also sure someone is going to point out that in Google terms of service has some type of clause in it that states that they can search your emails and do anything they want to with them. I personally think Google has crossed the line. I'm not sure when Google went from being a corporation to being in law enforcement, but this really seems to me to be a very bad precedent.
This is type of search to me is how United States government has done an end run around the fourth amendment. All law enforcement has to do now is ask companies like Google, Facebook, Microsoft, or Yahoo to do searches and report back.
All I can say is "Fuck You Google!!"
I can't help but think that this was a calculated move by google. They could have had information on many other people this whole time, like people who talk about committing piracy in their conversation etc. By choosing the first "tip" to the government to be about a registered sex offender you can start the narrative off (in favour of surveillance is good) proving your point on a highly one sided extreme people will agree with. I just don't feel that this was done a whim, like they just came across this person's email content and without an agenda decided to report him for justice.
If he's going to use any type of webmail to share illegal child porn, he should be using Tor to mask his identity.
Suddenly I could care less if Tor usage invites gov't scrutiny. Thank you for helping me get off the fence on Tor.
Google said they do this, if you have a gmail account google owns it, scans it, base advertising off it, and sell it to others after 7 years.
Gmail allows for dot address matching. This is a *huge* problem that has never been addressed.
Apparently my first letter, last name gmail address happens to be pretty popular. So popular, I receive emails from at least 5 other people in my inbox. One from PA, another one in Florida, still another in New Zealand... I could go on and on, but you get the idea. Apparently, this seems to happen a bit to people.
Sadly, Google has no fix for it, no way to get it to stop. Their support address and site are useless, imho.
I have since moved all of my email off to my own domain and mail services not controlled by Google. I still keep the account open and forwarding to my new email address, so I still get their email, too. I do what I can to minimize problems by auto-deleting everything that hits my inbox that's obviously not for me.
Stories like this scare the shit out of me because, at any time, if one of those people I happen to receive email for suddenly decides to go into full-creep mode, I could be put in prison for a very, very long time. Not for anything that I have done, but for how gmail has been setup to allow for this.
Shouldn't two persons have been arrested? ie. both the sender and the receiver of the emails?
Taking the appropriate steps to hide your identity of course.
Microsoft has something called PhotoDNA which scours Bing, Outlook, etc. for child porn. I believe they also make it available to other companies. In fact, given the difficulty of getting images to train on, I wouldn't be surprised if Google was using Microsoft's PhotoDNA technology.
This implies *much* more than the simple scanning of email and image recognition. After all, is Google also reporting innocent pictures people take of their babies in, e.g., the bathtub to send to daddy while he's in China on a business trip? Or is it more likely that Google knew the guy was a sex offender and targeted the scanning of his email specifically?
--Jim (me)
With legal (or cracked) access to anyone's email account (sex offender or not) lets see how easy it is to plant evidence.
1. Access account, add a folder or label (preferably hidden buy being buried in default sort order or under another folder).
2. Set filter with obscure rule to automatically route certain emails to said folder.
3. Send "illicit" or "evidentiary" messages that match said filter. These can be sent from self or whatever generated entity seems appropriate.
4. Access account again from various public IP addresses (or from target's own wifi). Read already read email, plus messages in target folder.
5. Remove filter. Have Google 'find' the evidence. Arrest wrongdoer.
This is not that far fetched. The chain of evidence doe not prove that the target is guilty, but can be made to look enough like it to convince a judge or jury. From the vantage of Google or a jury, it looks as though the subject sent or had sent, expected, and read the messages.
Just about anyone here could do this with the creds to an account - which in most situations are not terribly hard to garner.
Before you say you would notice the folder in your account, think of this. I have over 100 folders in my email account, some rarely opened, and never all visible on the screen. I wouldn't have noticed - but I may have enough knowledge to fight - a little anyway. How about a novice, when a folder named 'Archived Messages' appears. Would he/she even think twice?
I did not RTFA, but I know google uses their image search algos for blocking known child porn sites. It is not a hard step to run that against email messages. How about when the NSA/CIA/FBI tells google (via a NSL) scan all messages for x terms. How about when said terms are sent to and from hacked accounts as a matter of course?
It is important to realize that absolutely no communication that is unencrypted is private, but how about whe forged open communications can make you a criminal?
Silence is a state of mime.
If they can do this for this cause, they can do this for any cause, or for no cause at all.
I can't say I am surprised.
Were they really snooping around this guy's email for no reason or do they check your attachments against a list of hashes of known child porn?
One would assume that Google has the right to make sure you're complying with their terms of service, and if in that (presumably automated) scan they find illegal activity, is it not their prerogative to report it to the authorities? On the flip side, is this much different from your leaving a stash of cocaine on the back seat when you take your car in for service? Do you expect that the mechanic wouldn't report it to the cops?
Do you really need reason for beer? Wingman Brewers
Also, how the fuck could anyone be dumb enough to use GMail for any kind of business purposes now that you know that they can simply poach competitive information right out of your communications, and not get arrested for it?
Read the full article. There's an agency ("National Center for Missing & Exploited Children") that provides hashes of known child porn images and videos to companies like Google. I don't think it's outside Google's purview to ensure files with hashes appearing on that list don't reside on their servers. Contrary to what the peanut gallery here has to say, Google aren't opening up individual mailboxes for a quick squiz. Not to mention that even if they aren't looking inside mailboxes for these images, they probably do scan messages traversing their network (i.e. incoming/outgoing) for files with known hashes.
Stolen word for word from another AC at
http://tech.slashdot.org/comments.pl?sid=5487261&cid=47596805
So before now you were pretty sure only good people could benefit from security? lol
Why can't they just remove the sexual areas of pedophile brains rather than jail them for 20 years (as an option)? Often they are otherwise normal people who abide by the law, show up to work on time, and pay taxes. Their craving is very specific such as to be relatively easy to "short circuit".
As a tax-payer, it would probably be cheaper to snip around in their brain than house them for 20 years.
Table-ized A.I.
A lot to this story and Google's interest are not adding up.
Sorry Google but you are as compromised as the "bait" you handed off.
Ka Ching Baby !
Summarized from the details:
Google has partnered with many anti-child-exploitation groups to see what it can do to help.
The way discussed here is by hashing known files. So, for example, whenever there's a huge child porn bust and gigs of files are discovered, google hashes the content (think md5, but maybe something image-specific in case it's resized).
Now, if it ever encounters that exact hash from a known bad file, that registers as a hit. If there are thousands of hits on a single account, or lots of sending/receiving activity, that might be cause for alarm.
Same shit I do when people upload malware to the hosting servers I used to administer - whenever I found some malware I'd hash it with ClamAV, then whenever anything new was uploaded it'd get scanned.
Disclosure: I actually read the article. I don't work for anyone involved, nor give too many fucks.
- You sir didn't mention your favourite meal in your emails for a while. What's changed? Don't you like steak any more? Would you like to see some adverts for burgers instead?
- Hey! You can't invade my privacy like that!
- Wait a minute! What did you say? Privacy? Boys! This guy hates children and he's probably a paedo too!
- No, no! Wait! That's not what I...
- And he probably hates charity! See? That's why we need those snooping laws! To stop pervs like this one! Who's with me? Who's with me?!
- This is madness! I know my rights and I...
- We cut off this man's internet access so that he can't spread his filthy evil lies any more. Freedom triumphs again! America! This is a real proof that democracy works! Now, go write about this in the papers for those who are not up to date with the latest propaganda dissemination services.
Suddenly I could care less if Tor usage invites gov't scrutiny.
Then you're anti-freedom and have no business living in any free country. The desire to sacrifice fundamental freedom and privacy for safety makes you no better than those who support the TSA, the NSA's mass surveillance, etc.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
http://tech.slashdot.org/comments.pl?sid=5487261&cid=47596805
Comment removed based on user account deletion
Comment removed based on user account deletion
So what else is Google looking for? Google confidential documents? Pictures of guns? Info about arms shipments?
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
How is he in "possession" of these images? Isn't the data on Google's servers, as in their actual physical possession? Not like they kicked down his door and found it on a Google Mail server in his closet.
that this was discovered via a known hash of known child pornagraphy images.
it seems to me that google must keep a hash table of alot of things sitting around on it's drives,
using hashes to reduce redundant storage requirements means that this very well have been discovered AUTOMAGICALLY, and thus required google to act on it.
i don't think the spin being placed here as it being an 'invasion' of privacy is accurate here considering my prior statement
you should thank google for helping to stop people invading the child's privacy by putting a stop to sharing of images like this
the methods potentionally employed in the discovery of this image are both automated and reasonable
and the reaction of google is not only reasonable and actionable, it's also commendable.
we all can keep our privacy if all they're doing is storage reduction through hash comparison.
fin.
So what we learn from this, is that whether:
* You're a pedophile
* You're NOT a pedophile
* You have porn in your mail
* You DON't have porn in your mail
The crucial point to take away from this is that Google is reading your email.
In case you missed that: GOOGLE IS READING YOUR EMAIL.
It seems National Center for Missing and Exploited Children has a database of hashes, or "fingerprints" of known child porn images. When you use Gmail, it checks attachments against a database of viruses and also apparently against this CP database.
A distinction can be made here. What the database does NOT do is any kind of image analysis to see if the picture LOOKS like child porn. It checks only against known, reported child porn, apparently.
And if that facility exists for "the children", then it exists for "the terrorists". Terrorists who pirate videos to support their terrorist agenda!
Seriously, it means that media companies and record companies probably do the same, provide hashes of their 'claimed' works and get tip offs for those. NSA probably has a nice little data feed from that.
These mass surveillance things always start 'for the children' or 'for your safety' and just creep from there.
A Houston man has been arrested after Google sent a tip to the Miniluv saying the man had explicit thoughtcrime in his email, according to Houston thought police. The man was a registered crimethink offender, convicted of thoughtcrime in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston. "He was keeping it inside of his email. I can't see that information, I can't see those seditious words, but Google can," Detective David Nettles of the Houston Metro thought police told Channel 11. After Google reportedly tipped off the Miniluv using Exploited Children, the Center alerted Big Brother, which used the information to prepare room 101.
If he's going to use any type of webmail to share illegal child porn, he should be using Tor to mask his identity.
Suddenly I could care less if Tor usage invites gov't scrutiny.
Then you're anti-freedom and have no business living in any free country. The desire to sacrifice fundamental freedom and privacy for safety makes you no better than those who support the TSA, the NSA's mass surveillance, etc.
** Woosh **
Think about it, it shouldn't be hard to figure out your error. Assuming you have half a brain, which may be an overly generous assumption given your tone and content.
Think about it, it shouldn't be hard to figure out your error.
There was no error that I see. If that person was intending to be sarcastic, then they should have picked something that real people would never believe, rather than something that actual people say all the time. I respond to such sarcasm as if they're not being sarcastic because there's a real chance that they're not being sarcastic, and because there are plenty of people who agree with it anyway.
If it's something else, then I don't know what you're talking about.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
he prolly clicked 'compose email'
then 'upload attachment'
then 'save as draft'
step #2 is where it would hit the hash filter
step #3 would count as 'stored on server'
the people in this thread crying about people going into 'full-on-creep-mode' by sending photos out like this don't understand the technology,
the image most likely would be intercepted prior to it leaving a google account and hitting another inbox
incoming mail from non-google would also likely hit the filter first keeping you worrisome little toads safe.
google's got our backs here, leave them be.
No, you don't have to prove innocence! The prosecution needs to prove guilt beyond a reasonable doubt. The fact that Google snooped brings up questions, so if this is the only evidence they have the guy will walk (assuming he goes to Jury trial and does not accept a plea).
The intent to distribute you just make up out of thin air, stop with the hand waiving and stick to the case.
Based on the arresting officers comments, they were tracking this guy because he was previously convicted. They were not able to catch him doing anything wrong, which should bring up even more questions about Google finding something when investigators could not. I don't believe it would have been difficult for a cop to get a warrant on the guy if there was actually suspicion.
If this was a random Google employee that was accidentally mailed the photo I may feel differently. I have been working on Servers for over 25 years, and I have never gone though people's mailboxes or files. I have complied with warrants and provided copies of data, but never gone though someone's crap. With no warrant, I think Google did wrong. I'm not biased, I think any company that volunteers your data to law enforcement without a warrant is at least violating the trust of their customers.
Before you "but but.. murder" how would you like to be arrested because you sent a still image from Saw2 to a friend (or any of the millions of murders depicted on tv or in movies, and a measurable percentage of those are children being murdered)? I personally am not into movies so don't worry too much about that one, but I know people that are.
Anyone that trusts a Government known for parallel construction (framing people) or Google (a company known to be handing 3 letter agencies private data) should have their head examined. On this site, I should not have to mention how easy it is to forge file ownership, date stamps on files, email, chat, and logs for the latter two. In case you are not a techie, it's pretty damn easy.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
This is chilling, ...
Look on the bright side, maybe Google can repurpose the technology to scan for Android malware.
The desire to sacrifice fundamental freedom and privacy for safety makes you no better than those who support the TSA, the NSA's mass surveillance, etc.
Nice strawman you got there. By the same token you are no better than those who support jihadists.
I don't think it's outside Google's purview to ensure files with hashes appearing on that list don't reside on their servers.
Given the huge numbers of files passing through their servers what are the chances of a hash collision? Hashes are not unique and you do not want someone innocent to end up even vaguely associated with a crime like this.
I thought Google lived by their "Do no evil" motto, but I guess "Think of the Children!" is more important.
Good thing I only use my gmail as backup. My real mail is handled by my very own private mailserver. Of course a MITM attack is possible against traffic to and from the server but then they need to be explicitly investigating me and then I guess it's okay.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Nice strawman you got there.
Where is the straw man? He made it perfectly clear that he's willing to sacrifice freedom and privacy for safety: "Suddenly I could care less if Tor usage invites gov't scrutiny." Do you know what a straw man is? It seems not.
By the same token you are no better than those who support jihadists.
Only if I support jihadists, but I don't. The common unifying theme between people like him and people who support the TSA and NSA surveillance is that they all support trading fundamental liberties for security. Try to keep up.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
There was no error that I see.
That is sad.
Next time google could tip the Chinese police and send the police information on dissidents.
"Well at least they helped us!" the police may say.
Notice Yahoo have already done the mentioned and resulted in the jail of Shi Tao:
https://duckduckgo.com/?q=yahoo+chinese+dissident
The problem is not about what the consequence it achieve.
There is more than one party involved in email. If you're curious whether automated tools were really used, just email pictures to all google employees and see if any more tips go to the police.
Nice job pointing out the error.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
All right, there's been the NSA gaffs already, Julian Assange has talked about it, and Google here even plainly looked through someone's email without a warrant.
What is it going to take for people to stop using Gmail? Why don't people understand that cribbing about a free (as in beer) service is not going to help. You have the choice to stop using it.
Entia non sunt multiplicanda praeter necessitatem.
big brother google
The NSA collecting much data as possible to protect us and they still miss this.
Philadelphia is wrong on many levels. Thus, good on Google. However, there is a lot to think about here. Namely, what if some spammer sends me photos of minors and Google sees it? Will I be reported? Or more realistically, what if someone that I have a poor relationship with sends me illegal images and Google sees it? Will I be held accountable for my that person's actions too?
We don't even know the full story. Calm down internet.
is commercial IT services in USA should never be used as you are playing Russina Rulette with your life using them.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
for letting us know how Google check hashes for child porn image so that anyone can frame anyone who uses Gmail with child pronpgraphy. I'm sure no one will ever exploit this now.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
So all I need to do is get an image that Google knows to be child porn and send it to people I don't like. Political assassinations have just become very easy.
I have been vary of Google for a while but now they have gone too far.
What is next? Calling the police because I send someone a mail about cannabis, sex with men or anything that is illegal in some countries.
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
I'm excited at the endless possibilities of this! I bet soon your Android phone will tip off the police if you exceed the speed limit.
So do they have an index of known child porn images, how did they know this image was here?
Did they get a tip off? Does someone just randomly peruse attachments from time to time? Was the filename "child_porn.jpg"? What's the deal here? What happens when your wife is on holiday and emails you a picture of.... well who knows what? Yes I know they CAN see it, my question is, what flags people to look / investigate?
This is a very very bad precedent, save the children or not.
If thy send illegal material via gmail (or any public mail provider), you deserve to be caught and punished.
It's like trying to breaking into a police station during day time to steal guns. Makes no sense.
I don't think "Google" tipped anyone off. More than likely this was an employee who, discovered the photo's during the normal course of their work and just basically cared more about the kid than the fucking rules. Basically he wasn't an extremist and put people before principle.
Google is not browsing your e-mail, just checking your attachments' hashes against known illegal content's hashes. And it netted one sicko, well done. Nothing to see here, except how much sympathy do paedophiles gather among the slashdot crowd. What are you nerds hiding, hmmm?
IOTW, a malevolent person can screw anyone (on gmail) by sending an email with a child porn image attached. Normal reaction (99% of people) will be be to immediately delete the mail, but that probably isn't enough to avoid prosecution (because google doesn't delete it immediately).
I understand your concern about corporations breaching your 4th amendment rights, but your reasoning is misplaced. In fact, this case is a great example of the 4th amendment being followed, not circumvented.
The 4th amendment does not guarantee protection against search and seizure; it limits when and how searches and seizures can be exercised. Here's a portion of the 4th amendment for you: "...no Warrants shall [be] issue[d], but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” In this case, Google's tip was not used as evidence to convict this man of a crime. Google's tip was used by police to justify probable cause that a crime had been committed. (This does not mean he's guilty of the crime, only that there's a greater likelihood that he committed it than he didn't.) The police used this information to obtain a search warrant. I'm sure that the evidence they used to convict him was gathered through the exercise of that warrant.
Google's tip is no different than a tip coming from any other source. Say a bank teller (for association's sake, let's say the bank was incorporated) was just depositing some money for a customer who drove up to her window, and she saw in her security camera what she believed to be a missing child. She calls police and reports what she saw. The police go to the bank and look at the recorded camera footage and agree that the image captured does resemble a missing child. They grab the license plate number from the footage, trace the registration to its owner, obtain a search warrant, go to the owner's residence, search the premise, find the child, confirm it's the missing child, and convict the individual of kidnapping (and probably a host of other charges to boot). In this circumstance, private information (whether an e-mail sitting on Google-owned servers or a bank's CCTV DVR) shared with police is used to meet probable cause and obtain a warrant. And in both circumstances, a search and seizure is warranted.
If you want to minimize your risk of a warrant being issued against you, don't display evidence of a crime outside of your own home. (And when the police come knocking on your door and politely ask you, "May we come in?", unless they flash a warrant in your face, don't be polite back.) And while IANAL, for more information about the 4th amendment and warrants as written by one, I strongly recommend you read The Illustrated Guide to Law. Very, very informative.
If google would just tell everyone what they are doing, such as hashing all files being sent and comparing them to known badguy stuff, most would be ok with it.
It makes good business sense to give the public a feeling that their email isn't coming from the same place other people are sending this type of content from, google is about business.
I actually agree with google on this one.
This is cool information to know about, however the knowledge of it by everyone probably means that it will become a less effective means of catching persons that are doing illegal/wrong things. This is where I think that reporters need to use some judgement in reporting information. Does getting the information out there for readership outweigh the benefits of not reporting the information. It doesn't sound like Google is doing anything illegal. In fact, it appears that Google is doing something proactive to catch wrong doers. The courts will have to decide if this is an illegal use of the information that Google has access to.
Yes, they saved half a dozen children from a child molester. Though abhorrent on several levels, those children would probably survive and recover and return to normal lives.
They sentenced several billion other children to a totalitarian Big Brother state with no privacy, no personal expression without monitoring, fear of arrest / detainment for any infraction that's not even yet defined, because Google remembers what you did twenty years ago.
What kind of world do you want your children to have? It's being chosen now ...
if you have an Android smartphone you are REQUIRED to have a GMail account
That hasn't been the case for years. I think it stopped being the case when Android Market became Google Play Store in March 2012, soon after the release of Android 4.0 "Ice Cream Sandwich". Android Market required a Gmail account; trying to use any other Google account resulted in a "chester@example.com does not use Gmail" message followed by the "Add Gmail to your Google account" flow. Google Play Store requires only a Google account with an e-mail address at any domain.
If you don't read incoming e-mail without first exchanging addresses out of band, then how should someone get in touch with you to license the copyright in one of the works of which you are the author?
So, in light of this, I figured out an easy, sure-fire way to screw pretty much anyone with a Gmail account over: using a library computer, copy of Tails, and throwaway email, send some known CP to anyone you don't like's Gmail account, then call Google and tell them you suspect the person has it. Done deal.
Let me guess your next question: How do you get the CP without getting caught yourself? Well, therein lies my point - what social group is expected to and known to have access to tons of that garbage?
If you guessed "Law Enforcement," you win a cookie.
'Fruit of the poisoned tree' is an appropriate reference here, I think.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
If Google has a method of identifying and reporting one file that violates a law why shouldn't it be expected to use that same method to identify files that violate other laws, particulary if the hashes of those other illegal files are provided to Google?
Time is what keeps everything from happening all at once.
Even if the innocent recipient deletes it as irrelevant spam, the Great and Wize Google has already seen it and alerted police. It's well demonstrated that even an unfounded charge of pedophelia can destroy someone's career and relationships.
That's the last straw. Goodbye gmail.
I agree that the act of scanning email is pretty big brother-y...but a lot of people have activated Google Now which is MEANT to scan your email and other communications and data for information gathering.
If this perv piece of trash had Google Now turned on then what do you expect?--or any of you fine folks have it active? That no human will ever come across data that is freely accessed by their software?
Just saying.
he demonstrated by A plus B minus C divided by Z that the sheep must be red, and die of the rot
If the person is a paedophile as reported then it is up to law enforcement to do what they get paid to do catch criminals. The trouble with Google Gmail is we know from the Guardian http://www.theguardian.com/wor... that GCHQ, and the NSA were attaching pictures to emails to discredit people by sending those emails with the pictures attached to the persons contact list. Homo pictures and child porn were the most popular sent by GCHQ, as they say in the document discredit and blackmail. I'm not a television type of person but I think there was a film with Arnold Schwarzenegger, called the running man? when they make it appear that he has killed people when he had not. Fantasy turned into reality in today's world. You cannot believe companies like Google or English speaking authorities. Add Russia, to that one as of yesterday they are threatening people but unlike the English speaking ones they are not threatening them with indefinite prison without trial yet.
You are confusing freedom with getting away from accountability. Tor being monitored by law enforcement is a very good thing in general. That simply enables them to do their job. Therefore for civilized countries it's definitely helpful.
Unfortunately not everywhere law enforcement is doing just that, catching criminals that is. In many countries they are used to maintain questionably legitimate governments and their established regimes. In those cases Tor and VPN services are the tools of freedom and their lack of transparency helps to spread information that otherwise would've been blocked.
Now think about it, do you as a citizen of a free country think that a) pedofiles, hitmen, large drugs distributors and all credit card thieves should be totally safe doing their business right under noses of law enforcement who you're paying your taxpayer's money while they can't do shit with that encrypted traffic; or b) provide an unreliable communication channel to the rebels or oppressed opposition of some other countries while their government would in the end just block everything by default (hint: China)?
The thing is, HTTPS and VPN are mainly used to protect your privacy and they have been working really well. While Tor is mainly used to avoid accountability.
"There are few better measures of the concern a society has for its individual members and its own well being than the way it handles criminals."
US Attorney General Ramsey Clark, 1967
You are confusing freedom with getting away from accountability.
No, I mean what I said. Unconstitutional spying is wrong. I'm not confusing anything with anything.
The fact that Tor could be abused means absolutely nothing. I would rather 'criminals' get away en masse and have freedom and privacy than surrender freedom and privacy. That's what it means to live in 'the land of the free and the home of the brave.'
Tor being monitored by law enforcement is a very good thing in general.
Most of their methods are unconstitutional, so it can't be a good thing. Fuck you. You obviously don't understand the importance of privacy and ignore the hundreds of millions of innocents throughout history that were abused and/or murdered by governments. You think the 'democratic' governments are full of perfect angels, and you couldn't be more wrong.
That simply enables them to do their job.
You know what else would do that? Allowing law enforcement to break into any houses they wanted without a warrant. We place restrictions upon our governments because they can't be trusted with much of anything, and that's how it should be. The prime concern is not and never should be to make the government's law enforcement job easier.
Now think about it, do you as a citizen of a free country think that a) pedofiles, hitmen, large drugs distributors and all credit card thieves should be totally safe doing their business right under noses of law enforcement who you're paying your taxpayer's money while they can't do shit with that encrypted traffic;
I'm not the least bit scared of terrorists, pedophiles, hitmen, or any other bogeymen you mindless drones can think of. I'm more afraid of losing freedom and privacy because cowards like you insist that everyone surrender it in the name of security.
Seriously, are you parodying someone? Because this is Poe's law material right here. It looks like your post was constructed just to make me think you're utterly devoid of intelligence, what with the mentions of authoritarian nonsense "accountability" in the context of Tor, how Tor is so evil because Bad Guys use it, and how we should all be afraid of the bogeymen. You're like the average mindless drone personified.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Also, China's little schemes aren't as effective as some believe. You're also ignorant of the technological aspects of Tor. I think it's time for you to move to North Korea.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
If I want to have google snitch on someone I don't like, I just send that person an email with child porn attached from an anonymous eastern europe email address and google does the work for me??
Are you sure you replied to the correct post? I'm sorry, but your comment doesn't follow Joe and the AC's comments. You talk about previous convictions, while they're talking about the comprehensiveness of the system in catching CP images.
IE the system is limited, it can only find old known images.
I don't read AC A human right
If Google can see this, maybe they can see the XXX photos my legal-aged wife/girlfriend* and I are sending each other, which frankly is none of their business.
This is yet another reason to encourage widespread adoption of end-to-end encryption.
*okay, okay, HYPOTHETICAL wife/girlfriend - this is news for nerds, after all.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Under federal Protect Our Children Act, ISP's are required to search, if able, and report child porn files. Verizon and Dropbox have both filed reports which have led to convictions, including a camp counselor using computer at camp.
see:
http://arstechnica.com/information-technology/2013/03/how-verizon-found-a-child-pornographer-in-its-cloud/
http://www.newsobserver.com/2014/06/13/3934041/former-orange-county-camp-counselor.html
How long until Google starts scanning your Android device for illegal MP3 and tips off the the police?
Some googler was trying to have a good time watch peoples nudes in mail and encountered this.
He was obviously targeted or framed.
This is a good reason to host your own email server with domain name. There are plenty of howtos out there. Hosted vms can be had cheap too.
Was this an email he sent? Or an email he received?
In the former case, absolutely glad he got pinged. In the latter case, I do not understand why he's in trouble. Anyone can send anything to any email address. The contents of the email are NOT the responsibility of the recipient.
Common carrier status? Well done, you've just demonstrated how good you can be at monitoring the content passing through your servers. You've just given yourself a good hard shove down the slippery slope. Oh well, that's something for your ever growing legal department to grapple with. At least you have the funds for it.
I'm on the fence between "nice catch" and "the ends don't justify the means." I do fear a future where the mere use of encryption is cause for "suspicion" and that's why we need to have every damn thing encrypted in layers, so it becomes the rule and not the exception. There are other ways to catch the bad guys, like good old fashioned police work.
Speaking of good old fashioned police work, I will point out that this guy is a convicted child predator, so I'm not clear on why he wasn't on law enforcement radar already. You generally don't have to twist a cop's arm when it comes to checking up on people like this, and it really surprises me when they claim that if not for the tipoff that they "would have been in the dark."
Aye, Google's is also matching part(s) of the image and not the whole pic.
I tried to find a larger version of an old poster I have. It was from a fair or something so seemed reasonable there might still be copies around. It was actually done as a manipulated photo. Anyways, Google found a zillion matches where someone recreated(and a thousand people copied) that photo in photoshop for iPhone screensavers, impressive and correct. It also found a bunch of photos like the main subject but the entire photo/context is very different and that subject is only 10% of my photo.
It never did find info on the actual photo partly because the free screensavers buried everything else. I had to take it out and search with the photographers name, etc to find out it's not as common as I thought. I seem to have a lot of things Google doesn't have a clue about. Too bad rare doesn't always mean Insanely Expensively :(
This thing is going to happen again and again. Data you put there isn't really yours anyway, no matter what the T&Cs say.
No wonder personal LAMP servers with Postfix/Dovecot are springing up everywhere again.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The one used in this case is a database of in images where they know who the kids are. So not just "obviously underage", but "that's Megan Smith, who is 9 years old". More in info can be found here:
http://www.missingkids.com/CVI...
Other systems exist for "looks like probably". They are mostly useful when you don't want any porn, so Facebook and YouTube could use them. YouTube uses such a system as a pre-check, then has him humans manually confirm. At least, they DID. They could have stopped using it an hour ago and I wouldn't know.
I wonder how those that are comfortable with the checking of file hashes would feel about Google using their increasingly impressive neural networks (AI) to scan content?
I like how a bunch of people bitch about Google sharing information, but I'm guessing they've never even glanced at Google's ToS:
https://www.google.com/intl/en/policies/privacy/
Specifically:
For legal reasons
We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
meet any applicable law, regulation, legal process or enforceable governmental request.
enforce applicable Terms of Service, including investigation of potential violations.
detect, prevent, or otherwise address fraud, security or technical issues.
protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.
Google is a company, not a mail carrier. Anything you store on their servers is theirs. Not yours. You all should know this, especially the ones who shun cloud services since the information is not on your own servers and could be shared. That's what GMail is! It's a God-damn cloud service, and you do NOT own any of the information they store.
Border security (and the post office as well, I believe) have the authority to search certain suspicious types of packages. Part of those tests are automated, and many generally involve machine scanning (X-ray with pattern recognition, residue detection, etc). The machine can flag a suspicious package for further (human) investigation, and then a human can involve authorities for further investigation and possible prosecution.
In this case the "package" is an email message, but the process is in many ways similar. Saying it will be used for speeders an tax evaders (how, exactly, does one fingerprint a tax-evader or speeder's email?) is a pretty far stretch.
There are opportunities for abuse in pretty much any industry. I don't see the post-office flagging "potential speeders" if they order a radar-detector in the mail. Currently I don't see Google doing such either.
Hashes would not protect against a clever perpetrator, just add some noise to the dataset and just about any hash would be completely different. But then again... A clever perpetrator would NEVER use third party and unencrypted e-mail solutions anyway. They may catch a few of the stupidest perpetrators this way, but not the most clever ones.
The smart ones, if they collect evidence of their own abuse at all ( which I doubt ), store it in a basement computer that is offline at all times and encrypted X times over.
Child Porn is largely a made up scaremongering tactic by businesses which are afraid of what a threat a free and open internet can pose to their interests...
The problem is that there is no way to sign "without prejudice" when clicking the "Agree" button.
Good of Google to contact the center for missing and exploited children and let them contact the police. Direct contact with police, on issues such as this, all to often are not handled as they should be. BUT anything that might possibly yield large amounts of cash they can 'confiscate' ...wellll that demands immediate attention doesn't it :|