Google

Google turns in a user for allegedly possessing criminal material

Find out how Google detected illegal activity on their systems and how they responded to the discovery.

Google

The lines between good and bad don't get much clearer than this. It was recently reported that Google alerted the National Center for Missing & Exploited Children (NCMEC) when they detected evidence of alleged child pornography being sent via a user's Gmail account. The NCMEC then contacted local police and the user, a Houston Texas resident previously convicted of sexual assault, was subsequently arrested after child pornography was found on devices that he owned.

Very few law-abiding citizens would object to such a measure, but nevertheless, the comments on various news sites, Facebook, and other sources began heating up almost immediately:

"This leads down a path that will end up eventually violating everyone's right to privacy." (Ryan Byers on the CNET.com Facebook page)

"The idea of privacy is an illusion. The big picture is that we are monitored and given the illusion of freedom." (Richard Ibah on the CNET.com Facebook page)

"I'm all for privacy, but the core of freedom is if it does not harm or infringe upon the rights of others." (Robert Riggs on the CNET.com Facebook page)

Most people reacted positively to Google's move, and the rest can largely be described as extreme privacy advocates who objected to Google "snooping" on people's email, or those concerned with false accusations (it bears repeating that further evidence was found in possession of the accused, confirming the police department's suspicions).

It's spelled right out in Google's Terms of Services, which state "You may use our Services only as permitted by law, including applicable export and re-export control laws and regulations. We may suspend or stop providing our Services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.... we may review content to determine whether it is illegal or violates our policies, and we may remove or refuse to display content that we reasonably believe violates our policies or the law."

Then there's Google's privacy policy, which informs users "We collect information to provide better services to all of our users — from figuring out basic stuff like which language you speak, to more complex things like which ads you'll find most useful or the people who matter most to you online.... when you use our services or view content provided by Google, we may automatically collect and store certain information in server logs. This may include details of how you used our service, such as your search queries."

Furthermore, Google states "we will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request."

It's important to keep in mind the accused man in question was allegedly conducting illegal activities on services owned by Google. This is a far cry from the much less realistic threat that Google technicians could look at confidential business or personal information in a Gmail account and possibly leak details to someone else with malicious or financial intent (such as through blackmail).

In addition, Google is not the government — it's a business. Nobody is forced to use its services. It would be one thing if the FBI required that all system administrators provide them with on-demand access to email databases and logs; the privacy outcry would be legitimate and valid.

Just how Google discovered the alleged criminal material isn't entirely clear, but an article that appeared on the Telegraph news site last year by David Drummond, the Chief Legal Officer of Google, states that Google is committed to finding and removing this material, and it hinted at the possibility of certain scanning algorithms "that trawl other platforms for known images" that are then verified as illegal content by human inspection. In other words, they don't have a spy assigned to each mail user to monitor what they're doing.

The privacy-first crowd usually makes valid points about topics similar to this, or at least they bring up issues worthy of consideration regarding the overstepping of big businesses, the danger in keeping confidential material on someone else's systems, and the unknown factor behind offsite data. However, this isn't one of those blurry areas of "Should they/should they not?" It involved illegal behavior that Google had a moral duty to prevent (especially since their systems were being misused). I, for one, salute Google for helping to protect the public.

Where do you stand on this issue? Share your opinion in the discussion thread below.

About

Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.

Editor's Picks