As noble as their intentions may be, I see two problems right away. First, it only catches the dumb ones who don't encrypt their illegal activity, although that may very well be a large percentage. Second, if someone wanted to use the police to harass someone all they have to do is send them the appropriate image to produce the digital equivalent of swatting.
Google on Gmail child abuse trawl: We're NOT looking for other crimes
Google has said its scanning for child abuse images on Gmail and other services does not extend to searching for evidence of other crimes. US police recently arrested a registered sex offender after Google notified the authorities about illegal photos of children that were allegedly found in the 41-year-old's Gmail account. …
COMMENTS
-
-
-
This post has been deleted by its author
-
Tuesday 5th August 2014 23:42 GMT Thorne
Re: Do pure evil
"I think google aka screwgle should be severely punished for allowing such content to be traded or circulated through its systems."
Clearly you're stupid.
Google is no more responsible for the content than the mail service is for the same stuff sent by post. The only difference is Google has the ability to detect some of it from known samples and then report it.
-
This post has been deleted by its author
-
Thursday 7th August 2014 02:32 GMT Thorne
Re: Do pure evil
Of course they can block it and filter it and then the people can work around the blocks and filters.
Of course then Google would be tampering with evidence and filtering it out would alert the people that the police was onto them which would allow them to hide their collections and burn all proof plus teach them to be more careful when sending this stuff out.
In reality it's much hard to distribute this stuff from inside a prison cell.
Google is doing exactly the right thing and unfortunately you're just too thick.
How does your brain handle the tasks of breathing and typing at the same time?
-
-
Thursday 11th December 2014 21:09 GMT cipnrkorvo
Re: Do pure evil
Exactly. Google's role should be that of the postal service. This is very dangerous, because it opens up a bunch of questions about other reasons to let police/governments stick their noses in people's mail.
For example, if people are planning a massive terrorist attack, isn't that 1000* worse than child molesting? But then if governments were allowed to spy on people for child porn and terrorism, how about plots against the government, or planning protests? And since the U.S. gov considers everyone terrorists, that would justify anything. And why would it be Google's role to choose what's bad or not?
This is very dangerous and I hope it makes enough controversy that Google has to apologize for spying on people, child molester or not, terrorist or not, protester or not.
This is as if the postal service was asked to open every letter and look for nude pics. It's just wrong and similar to what Communist Germany was doing in the 70's.
(by the way, Microsoft also has a very strange policy to search for ANY nudity/partial nudity in your account/cloud and can suspend it even for containing a photo of a nude Picasso painting, but that's another story)
-
-
Wednesday 6th August 2014 08:25 GMT h4rm0ny
Re: Do pure evil
>>"I think google aka screwgle should be severely punished for allowing such content to be traded or circulated through its systems"
Firstly, it's Google aka Google, not "screwgle". Secondly, you must be trolling. You cannot put the onus on the carrier for what people send.
I don't have a problem with Google flagging this up based on image signatures. But it should really be focused on Sent Box, rather than Inbox, I would say. Otherwise it's far too easy to use child porn as a means of attacking people. And as some in this thread have said, they're afraid to report this stuff not because they want it, but because they fear having their computers impounded and, worst case scenario, being considered paedophiles themselves.
Maybe Google could block matching images on the receiver's end as "this image has been deleted as child porn". Then you have a two-pronged approach where senders can be reported and receivers don't get it.
-
-
This post has been deleted by its author
-
-
-
-
This post has been deleted by its author
-
-
Wednesday 6th August 2014 02:10 GMT Fibbles
Re: Hashing...
Tweak one pixel and you're in the clear again?
If they're only using hashes then yes. However, if Google have access to a copy of the offending image they could employ their reverse image search technology which can identify matches even when they've been scaled or saved to an alternate file format producing different compression artefacts.
-
Wednesday 6th August 2014 05:01 GMT dan1980
Re: Hashing...
@Charles Manning
Correct, 100%. Always has been the way, always will be.
Whenever politicians vote themselves another chapter of 1984, it's always sold as protecting children or, more recently, from "terror".
Yet somehow, these essential tools of justice and protection seem to find their way to pretty much any government department that asks. What's that? You're a local council that thinks someone's been dumping rubbish illegally? Here you go! You think someone's on benefits when they shouldn't be? Be my guest? Cruelty to animals, well, you're not actually a government body but, what-the-hell - go get 'em tiger.
-
-
Tuesday 5th August 2014 21:32 GMT Anonymous Coward
So Google are giving unknown authorities the ability to provide file hashes (which could be hashes of ANY file and we nor Google would never know) and Google will dutifully report back to them a list of their users who own said file?
I don't see any way to look at this as a positive thing and to frame it in the context of relating to 'child abuse' is completely dishonest. Google have no legal obligation to take this kind of vigilante action against their customers.
I must also question why Google are apparently more interested in making sure the guy down the road isn't looking at pictures in the privacy of his own home, than informing me an armed gang is planning to break into my home tomorrow, to rob me & murder my family. (For the record I don't think they should be doing either, but one seems quite obviously more important than the other if we're going to do this sort of thing).
-
Monday 1st September 2014 09:32 GMT Alan Brown
The problem with hashes
Is that simply twiddling the LSBs will vastly change the hash without noticeably altering the image.
This is a difficult area to work in. I ran across a couple of such images 20 years ago and was pretty nauseated (the other overwhelming urge was murderous). Thankfully the cops were pretty good when it was reported and the person responsible was hauled in very quickly (as far as I know he's still in jail).
-
-
-
-
Wednesday 6th August 2014 11:09 GMT Androgynous Cupboard
Re: MD5 seems rather a bad choice
Why all the hate for MD5? It's been demonstrated that with a large amount of effort it's possible to create two items with the same hash, which makes it a bad choice for digital signatures, where that's what you're trying to do.
For everything else it's fine, and collisions are no more likely to occur than SHA1 or SHA2. With 128 bits of hash, do the math and figure out how likely that is.
-
-
This post has been deleted by its author
-
-
-
Tuesday 5th August 2014 15:27 GMT phil dude
slippery slope or lawsuit magnet?
It is fair enough if all they use is MD5sums to check for signatures of images.
It is probably fair game if known websites are scanned for - if that is even possible.
However, it becomes murky when the police kick down your down door and drag you to the torture cells, if the information comes via "some algorithm in a box".
In principle, is google liable for NOT finding criminal behaviour within their quite considerable data stores?
I am not say "are they looking for criminals?".
I wonder if they may be liable if they DO NOT scan for criminals if someone is hurt/injured/suffers loss , would they have cause to sue?
Since prior to this event, I presume they had "safe harbour", and were just passing other peoples information around.
Just a thought...
P.
-
-
Tuesday 5th August 2014 15:40 GMT 45RPM
Re: slippery slope or lawsuit magnet?
@AndyS "the information from Google allowed law enforcement to gain a warrant"
I see what you've done there. You've put the cart in front of the horse - which won't work nearly so well.
It is the job of the law enforcement agencies to approach Google with a warrant, not for Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients.
The Post Office isn't allowed to open mail and parcels without a warrant - why should email be treated any differently?
I concede that, in this case, the right outcome was achieved - but I worry that this will make it harder for the right outcome to be achieved in the future, and that it could result (in an unpleasant future that is merely a repetition of unpleasant events from the past) in innocent people being persecuted for lifestyles that are none of anyone else's damn business. Like being Jewish, or Muslim, or Homosexual, or Christian, or Transgender, or Atheist or any one of a number of things that have resulted in abhorrent behaviour from wider society in the past.
-
Tuesday 5th August 2014 16:48 GMT Dan 55
Re: slippery slope or lawsuit magnet?
Google tips them off because they're legally obliged to report suspected child abuse (so it is actually the job of Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients), police get a warrant to investigate presenting the evidence they were given in the tip off. What's the problem, exactly?
-
Tuesday 5th August 2014 17:44 GMT JEDIDIAH
Re: slippery slope or lawsuit magnet?
Google is not legally required to rifle through your stuff.
People aren't complaining about the snitching but the fact that they were going through people's stuff to begin with. Google should not be poking through our stuff any more than UPS or the postal service should.
-
Tuesday 5th August 2014 18:03 GMT Dan 55
Re: slippery slope or lawsuit magnet?
Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included).
If a post office worker at UPS or the postal service saw a postcard with an image on it, they would also be legally required to report it.
If the US ever changes the law to make US companies report other suspected things, then maybe I might revise my opinion. But until then I really can't get bothered about this at all, apart from Google and the IWF using MD5sum which is flawed.
-
Wednesday 6th August 2014 10:07 GMT heyrick
Re: slippery slope or lawsuit magnet?
"Google is legally required to report suspected child abuse" - from my understanding, based upon a hash and the original file then deleted.
While the person in question did turn out to have other material in his possession, surely it should be unlawful to have done any of this if the original content that kicked it all off could not be produced? Otherwise isn't it a bit like "we think you're guilty of something so we'll come up with a reason to shake you down"?
-
Wednesday 6th August 2014 11:36 GMT DropBear
Re: slippery slope or lawsuit magnet?
" from my understanding, based upon a hash and the original file then deleted."
You seem to think that in a cloud service clicking "delete" or even "empty 'deleted' folder now" actually deletes anything (as opposed to simply flipping a bit somewhere)...
-
-
-
Wednesday 6th August 2014 14:26 GMT TwistUrCapBack
Re: slippery slope or lawsuit magnet?
As they are not really looking through our stuff as such, but a robot is scanning it for known traces of bad stuff ..
Isn't this akin to sniffer dogs running over bags at an airport ??
Any illegal stuff detected, bags opened ..
Just a thought ..
And as long as they just use the "child pron dog" and keep the others caged, then im fine with it
-
-
-
This post has been deleted by its author
-
Tuesday 5th August 2014 18:16 GMT Steve Knox
Re: slippery slope or lawsuit magnet?
It is the job of the law enforcement agencies to approach Google with a warrant, not for Google to approach law enforcement agencies and suggest that they might want to take a warrant out on one of their clients.
But it is not illegal for Google to do so if they tell the client they might do so and the client agrees. When you sign up for gmail, you are agreeing to let them do all sorts of stuff with your data.
If you're a witness to a crime, you are not necessarily required by law to report it, but that doesn't mean it's wrong for you to report it.
I concede that, in this case, the right outcome was achieved - but I worry that this will make it harder for the right outcome to be achieved in the future, and that it could result ...blah blah blah.
Do you have an argument that isn't based on the slippery slope fallacy?
Something along the lines of, maybe, "Google's terms and conditions don't adequately spell out that they'll be scanning your images for child abuse images" or "<insert locality privacy law here> prohibits Google from performing this scanning" would be appropriate, if borne out by the evidence.
I don't have a gmail account, so I can't be arsed to research this, but I think you'll find that Google has. They've been wrong before, though.
-
Tuesday 5th August 2014 18:29 GMT 45RPM
Re: slippery slope or lawsuit magnet?
@Steve Knox
At no point did I suggest that Google was breaking the terms of its contract. And yes, ultimately, if you don't want Google to read your shit then don't sign up to it*. I was suggesting that this kind of data mining is not in the long term interests of society (although I am very persuaded by the postcard argument).
As to the slippery slope, what is fallacious about it? If you had a time machine, would you argue with those who opposed (picking a suitably blown out of proportion example) Naziism, Soviet-style-communism, Fascism, McCarthyism and so forth that they were just subscribing to the slippery slope fallacy? Surely it's just a matter of how much slip you're prepared to accept before shouting 'foul'.
*up to a point. I don't want Google to read my shit, but I send email to people who don't mind - so, ultimately, that's me fucked - and I didn't even sign their blasted contract.
-
Wednesday 6th August 2014 03:42 GMT Steve Knox
Re: slippery slope or lawsuit magnet?
At no point did I suggest that Google was breaking the terms of its contract.
I didn't say that you did. I was pointing out that what you said was "not Google's job" was also not prohibited, and so your using that to rebut AndyS's argument that law enforcement properly obtained their warrant was specious.
I was suggesting that this kind of data mining is not in the long term interests of society (although I am very persuaded by the postcard argument).
I think you need to be more specific about "this kind of data mining". Do you mean specifically what Google did to find out about these images? Does "this kind of data mining" extend to what the NSA's doing? What about to what Assange, Manning, and Snowden did? That was data mining, too.
As to the slippery slope, what is fallacious about it?
The presumption that one instance will necessarily lead to another, which is necessarily worse. That's the definition, and the flaw, of a slippery-slope argument.
-
-
Monday 1st September 2014 09:35 GMT Alan Brown
Re: slippery slope or lawsuit magnet?
"If you're a witness to a crime, you are not necessarily required by law to report it, but that doesn't mean it's wrong for you to report it."
Depending on the crime and the jurisdiction (france is far more strict for instance), failure to report a major crime is a criminal act in itself.
-
-
-
-
Wednesday 6th August 2014 03:36 GMT Mark 85
Re: slippery slope or lawsuit magnet?
I think the slippery slope is upon us. Given that any of the 5eyes can pretty much do what they want to almost anyone's computer, if someone comes to their attention how hard would it be to plant the evidence, open a gmail account in their name and wait for Google to tip off the cops?
Then again, why is Google even involved? Since all the agencies around the world are watching us, why aren't they the ones tipping off the cops?
Maybe I'm being paranoid... (maybe? or really?) but this is going to come to no good end for many folks who never saw child porn. How can someone prove they didn't do it?
-
-
Tuesday 5th August 2014 15:32 GMT 45RPM
In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender, I can't for the life of me see why online services should be treated any differently.
It is right and proper that these offenders are caught of course, but it strikes me as something of a short term victory since scanning for crime in this manner will just drive the criminals deeper underground as a matter of course, making it harder for legitimate law enforcement agencies to gather evidence. In the future, the criminals will hide themselves out of reach of Google (and other service providers), and law abiding citizens will be further inured to the idea of giving Google, Facebook and so forth (mostly freetard services, to be honest) an all they can eat buffet of no-questions-asked data.
And yes, they'll claim that its for our own good, and that they're not interested in our law-abiding private email. I'm pretty certain that other organisations in the last hundred years might have claimed something similar - organisations whose ends were definitely nefarious. And whilst our governments and corporations may be relatively benign* today who is to say that we won't slide towards Macarthyism, Facism, Communism or <insert evil government of your choice here> in the future, regimes which may be able to coerce Google et al into spilling the beans on each and every one of us.
*or, then again, might just be pretending
-
Tuesday 5th August 2014 16:02 GMT GBE
Because you gave Google permission.
"In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender, I can't for the life of me see why online services should be treated any differently."
Because when you signed up for your "free" e-mail account, you paid for it by giving Google permission to sift through all your email and other data looking for whatever they want.
-
Tuesday 5th August 2014 19:13 GMT Charles Manning
Post Office Terms of Use
I think you'll find that the post office CAN open stuff itf they want to without a warrant. eg. if they suspect that a parcel contains illegal goods. If they do find something, they can report it.
That particular evidence might not be permissible if it was gathered without a warrant, but the tip-off is then enough to secure a warrant for other investigations.
It would seem pretty much the same has happened with Google and the kiddy porn. The Google filtered porn might not be useful as evidence, but it is enough for getting a warrant to either seize and search computers or to monitor future activity.
-
Tuesday 5th August 2014 16:16 GMT Bluewhelk
On the basis that non-encrypted email has no real security against being 'seen' en-route, I think that maybe a better analogy would be if a postcard with an illegal picture was spotted by the post office I would expect that they would notify the police.
In a similar vein if photos being developed at the chemist were suspect they would be reported.
I always work on the basis that anything sent 'in the clear' is liable to being scanned, checked, read or what ever on route. I figure actual people will generally not bother to read my emails en-route as my stuff would be lost in the sheer volume of other cruft as I'm just not that important, automated systems are likely to be fairly well targeted for similar reasons. MD5'ing attachments would cause minimal extra work over and above checking for viruses and spam.
-
Tuesday 5th August 2014 18:22 GMT 45RPM
Of course, because MD5 is always unique for a given file, and no two files can have the same MD5 - that would be unthinkable. In fact, it's the most efficient compression algorithm even - reducing petabytes of data down to a few handfuls of bytes.
Sorry. I'm bored of the MD5 argument now. MD5 doesn't come close to telling you what a file contains - its only purpose it to guarantee that something has gone wrong in a copy, in no way can it tell you if something has gone right. And it certainly can't be used to probe the content of a file.
-
Tuesday 5th August 2014 20:46 GMT asdf
MD5 is broken
MD5 is for convenience not for forensics. Yes the info is from crapapedia but easy enough to cross reference the info.
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).[25] Further, there is also a chosen-prefix collision attack that can produce a collision for two inputs with specified prefixes within hours, using off-the-shelf computing hardware (complexity 239).[26] The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16–18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.[27]
These hash and collision attacks have been demonstrated in the public in various situations, including colliding document files[28][29] and digital certificates.[9]
-
Wednesday 6th August 2014 03:37 GMT Anonymous Coward
Re: MD5 is broken
Can semi-confirm. I did some looking around with respect to this subject matter some years back and there were a number of applications out there which would append additional strings onto a modified executable (or any file, really) until a collision was found with the original MD5 of said executable. Thus you could distribute a modified executable with virus payload et al and it would match the MD5 which was provided by the original author of said executable.
Now of course you can strictly speaking do this with any hashing algorithm but the speeds at which you could accomplish this with MD5 is what makes everyone declare MD5 as "cracked".
As a side note even the use of SHA-1 should be discouraged these days especially for hashing passwords. Personally I use SHA-256 for file checksums, SHA-512 with salt and high round counts for the storage of low security account credentials and BCRYPT for the storage of high security account credentials.
-
Wednesday 6th August 2014 06:55 GMT Pascal Monett
Re: "append additional strings onto a modified executable "
Which is why you always check the MD5 hash and the size of the file to the reference size, which any serious website is going to post alongside the MD5.
If either one do not concord, you bin the file.
So MD5 is not really broken, it's just not secure enough on its own.
-
-
-
-
-
Monday 1st September 2014 09:37 GMT Alan Brown
"In the same way that the post office doesn't open letters and parcels unless a warrant has been received concerning the recipient or sender,"
If a parcel is split and the contents turn out to be illegal (or it passes through customs and they find illegal material whilst inspecting) then they are required to call in the police.
Admins sometimes have to eyeball stuff. Even metadata might be enough to raise suspicions to the point where the police are called in (Directories or filenames relating to kiddy porn, forinstance - and yes, people ARE that dumb.)
-
-
Tuesday 5th August 2014 15:43 GMT Anonymous Coward
Slippery slope this could be....
While there is no way you can defend someone who abuses children, or those who view images of children being abused, it is not hard to imagine this being extended to anything that the government deems 'bad' or 'incorrect'..
Next it will be any photo of a child naked, and what parent doesn't have a few pictures of their kids naked when they were young?
-
-
Tuesday 5th August 2014 16:21 GMT Anonymous Coward
Oh of course I agree with you on all those points.
But just because right now they use a hash, it doesn't mean they won't try to find new images in future and be forced to extend the search parameters...
Even the IWF has blocked some images and then back peddled when they realised a mistake was made, and these are people trained so they know what is right or wrong and they make mistakes!
-
Tuesday 5th August 2014 16:22 GMT Preston Munchensonton
There are already examples of Facebook forcibly taking down parents' pictures of their children showing bare bottoms or similar. If you have never had a child running around the house with no pants, screaming and giggling, then you aren't in any position to criticize these parents.
Feel free to critcize them for thinking their children are special or that anyone else wants to publicly see such pictures. But don't criticize someone for sharing an intimate family photo with the rest of their family. That's a completely insipid level of criticism.
-
-
Tuesday 5th August 2014 23:38 GMT Old Handle
For all we know this picture WAS simple a naked child. Though obviously it had to be one that was reported and determined (by somebody) to be illegal in the past. "Child abuse images" is just the politically correct term for child pornography now, don't assume it actually means the pictures show abuse.
-
-
-
-
-
Tuesday 5th August 2014 20:52 GMT asdf
Re: if they're going to be going through emails anyway
>cut down already on the amount of evidence of any kind of criminal activities YOU send via gmail.
Did you not read the posts above yours? The Chinese Communist Party are a bunch of asshats whose great founder Mao killed 50+ million fellow Chinese due to a combination of gross negligence and pure malevolence. Guess what? I put that in a Gmail letter and I just committed a criminal act in some jurisdictions.
P.S. 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 - posting that in an email at one time (maybe still) also was breaking US law.
-
-
Tuesday 5th August 2014 16:25 GMT Hans 1
If anyone here thinks any of the online email services (free or paid) guarantee any king of privacy, you are deluded.
Shit, the data is on their servers, they do as they please ... My mate used to work at a data center, he also could read into the data that was flowing through the data center ... in the pub, he would talk about it until I told him to shut up and stop peeking at the shit at work, that he would lose his job if caught ... They would add a drive and clone it in the SAN.
-
Tuesday 5th August 2014 16:27 GMT Anonymous Coward
Won't somebody think of the children!?
The same tactics are used time and time again; people start to complain when privacy is violated so the people pulling the strings wheel out the Terrorists and the Paedos and say "So, you want these to go free do you? Do you? If you want freedom and privacy, that means you want terrorists and paedos to roam freely.... wait a minute, you're not one of them are you? Quick, check his Watsapp <police officer does a quick check> Oh dear oh dear, what have we got here".
The public are caught between a rock and a hard place because nobody wants a paedo to be free to do what he or she does, and the same goes for terrorists who want to kill innocent (and if you believe the Tories, hard working) people of our lands so this is exactly what the governments want. We follow the rules that they make and everybody's happy..... unless you're a paedo or a terrorist.
Remember, if you see something, say something.
-
Tuesday 5th August 2014 16:39 GMT Don Quioxte
And if Google sells this as a service to MPAA & RIAA? (Jail As A Service)
I don't think we can see where or how far this is going to take us.
What if Google sells this as a service to the MPAA & RIAA? We will scan users emails for pirated content and report it either to them or the police...all for a modest fee of course? What if Facebook gets into the business? Do you trust them as much as Google? Call this "Jail as a Service (JAAS)".
Not to put too fine a point on it, do we trust corporations to carry out those things we screamed about when Snowden told us the government was doing them? Government versus Corporations, shouldn't both get out of the business or surveillance?
-
This post has been deleted by its author
-
-
Tuesday 5th August 2014 16:42 GMT Paul Smith
re: Lawsiut magnet
Does this mean that I could sue Google for not alerting the police that scumbags were planning to break into my flat? Or for allowing some tosser to park in my parking space? Maybe any lawers here could say if they would be complicit by having the information and not acting on it, or merely accessories after the fact by providing indirect assistence? After all, they have now proved that they are happy to read peoples mail in search of potential crime.
Google might think they were doing the right thing in this case, but I suspect that the harm they have done by proactivly playing at Big Brother will end up causing a lot more damage to society then one sicko ever could. If nothing else, sicko's lawyer can probably get the sicko off scot free by claiming that Google is the actual criminal here by knowingly transporting and delivering contraband material to his equipment without his knowledge or consent.
-
This post has been deleted by its author
-
Wednesday 6th August 2014 10:16 GMT phil dude
Re: re: Lawsuit magnet
That was the majority gist of my point, the other part is the sheer volume that Google has. \
If information is provided for X and turns out to be WRONG and my door gets kicked down. Lawsuit?
If information is NOT provided for Y and I get harmed and it is flagged, is this liability, since they were able to provide information for X to the police is it now with holding evidence?
Note, both X and Y are illegal activities. The fact that X may be "legally required to report", is simply going to raise the false positives for X, since the risk of NOT reporting has a legal cost perhaps it is safer just to give in. People associated with doing X might well be doing Y and Z.
By extension, these things do not stay isolated, when permission is given, abuse often follows. The issue just as with the recent "overreach of the NSA", once a facility is created to "send information to the police based upon what passes through our servers", is likely to be the box that Pandora was on about...
P.
-
-
Tuesday 5th August 2014 19:13 GMT James 100
Slippery slope - we're already sliding down it
Of course, we've already seen Microsoft doing something very similar with a Hotmail account regarding a leak of trade secrets. We had Google irritating some malware researchers with over-zealous malware scanning of attachments (it's standard to exchange malware samples in encrypted ZIP files with a password of 'infected' - and Gmail started eating those). What will it be next ... terrorism? Copyright?
There's a Google Docs spreadsheet in my account with a few dozen MS product keys. (Legitimate ones, as it happens, issued through MSDN - but that isn't obvious from a look at the list.) Will Google be sending the police round to investigate my "piracy ring"?
For me, the idea of having my account searched automatically for illegal content is distasteful. Not because I have any, or because I'm opposed to hunting for it - which, in fact, has formed part of $DAYJOB lately, working with Police Scotland - but for exactly the same reason I object to the idea of random searches on the street: the police are only supposed to be allowed to search you with a good reason to suspect you, not on the off-chance of finding something.
"Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included)."
That's concerning - apart from anything else, if true that means Google and co are bound (in the US) by 4th amendment constraints, on the very sensible basis that if the police aren't allowed to search something, it would be far too great a loophole if they were allowed to ask or order someone else to do that search for them.
-
Tuesday 5th August 2014 21:29 GMT Gannon (J.) Dick
Re: Slippery slope - we're already sliding down it
"Google is legally required to report suspected child abuse, as are all other US companies (Yahoo and Outlook.com included)."
I saw that, and it concerns me too. There are "Good Samaritan" laws and you can be charged with a "failure to render aid" for ignoring an accident victim, for example, and I know Teachers are "required" to report child abuse, but in that case you are a witness to some misfortune or crime and a Prosecutor is required to name you as such. Other things being equal, "Confidential Informant" is a legal status not an assumption.
Your concerns have long since been observed in the wild: When one of Apple's resident geniuses left an iPhone prototype in a bar, the San Fransisco Police were led to a location and stood outside while Apple Security conducted a "search".
-
-
Tuesday 5th August 2014 19:15 GMT Hargrove
A practical technical consideration
As a couple of other readers have observed, there are some practical problems.
The best and most accessible discussion of the problem of data classification is in a couple of papers by Tom Fawcett. These deal with something called ROC curves. ROC originally stood for "receiver operating characteristic", referring to the ability of a receiver to classify targets in noise. An analogous phenomenon occurs in pattern matching in digital data, where the term "relative operating characteristic" is used.
The problem boils down to one of true detection and false alarm rates. You can have an arbitrarily high true detection rate if you can live with an arbitrarily high rate of false alarms. You can reduce the number of false alarms to an arbitrarily low level. But, only at the cost of missing an arbitrarily large percentage of true targets.
The phrase "No such thing as a free lunch" is occasionally used in the literature to describe this.
Googling "Tom Fawcett" ROC analysis] (without the brackets) should produce relevant results in the first few hits.
-
Tuesday 5th August 2014 19:26 GMT Hargrove
Re: A practical technical consideration--addendum
As to why it matters.
If, upon inspection, the ratio of true detection to false alarms for this kind of trawling is out of whack with the stated purpose for doing it, a logical presumption is that it is being done for some other unstated purpose.
Then again as someone observed in another thread. . ."One should not attribute to malice what can be explained by mere stupidity."
To which Grandpa Hargrove would say, "In the end it doesn't matter whether you're the victim of a knave or a fool. The damage they inflict will be the same."
-
-
-
Wednesday 6th August 2014 07:53 GMT RyokuMas
Thought crimes
it won't be long before Google is turning you over to the government for other "thought crimes"
Only insofar as Google need a puppet body to act for them in actually passing laws and sentencing people. Behind the scenes it's the lobbying that counts and any laws Google doesn't like, they'll just ignore.
-
-
Tuesday 5th August 2014 21:43 GMT btrower
Google should hire somebody with a moral compass and a lick of sense.
We already have laws against doing the things that harm children. We do not have to make it so that everybody lives in a panopticon.
We also have privacy laws, which, if they are to have any meaning, have been broken.
We need to firm up our laws so that people who do what Google has done are punished commensurate with the damage they do. In this case, it is a lot. Reading the mail of a billion people because you know that one of them is 'bad' does not fly with me and it should not with you either.
We know for goddamn sure that in the half-billion people to a billion people or more whose mail passes through their systems there are crimes aplenty. Exhaustive analysis of that database would reveal all sorts of wrongdoing. That does not give anybody license to go trawling through that mail system looking to gain leverage over people. It is wrong.
There is a sure quick fix to this and that is to criminalize this type of perversion of law and order and to make any fruit from a poison tree like this absolutely inadmissible as evidence. In a sane world, Google would be charged with obstruction of justice by poisoning what would otherwise be legitimate evidence.
If we allow companies like Google to do as they have done here then we open the door to all sorts of abuse and once that door is open the abuse will soon follow. If you look at every jurisdiction in the world, probably most of us are in breach of a law somewhere. Is it OK to provide information to Islamic theocracies that will result in people being stoned to death, beheaded or having their hands chopped off?
We have already established that it is possible right now for a perfectly innocent Canadian boy to be held and tortured for years without even being charged, then charged with a crime confessed under torture and subsequently convicted without anything approaching due process. It is easy to find the most vile stuff on the Internet and easy to plant that into someone's mail system or hard disk. We might as well dispense entirely with the pretense of law and order and admit we live in a tyrannical police state that makes 1984 look like the optimists version of the future.
We know for a fact that within living memory, all sorts of state entities have committed the most horrific crimes under the banner of fraudulent abuse of state authority. Tossing through every citizen's mail in order to provide a pretense under which to imprison them is just such a fraudulent abuse.
Most people are witless enough to think that it just can't happen to them. They are wrong. It can happen to them at any time. The less likely you think it is, the more exposed you are. If you think it cannot happen to you, you expose not only yourself, but the rest of us too.
It is not something I would ever do, but there are plenty of people out there with skills similar to mine that could set you up in a heartbeat, on a whim. How likely are you to get any help if you have been wrongly accused of a crime that everyone thinks is so horrendous they convict on accusation alone?
Kim DotCom is a rich, powerful, resourceful and intelligent man and he is not without allies. Look at the trouble that an accusation alone has brought to his doorstep. He is accused of giving storage to people violating copyrights. If they do that to someone allowing people to store data that appears to be copyrighted songs, how do you think you would fair if you were being accused of molesting children on the basis of disgusting images planted on your computer?
It is disturbing that a community that ought to know better finds there is a debate here at all. This is not a matter of opinion. It is a matter of knowledge. We have a social covenant that allows the legal system certain latitude. It does not allow this. It specifically forbids this type of thing. It is also disturbing that Google would do this profoundly evil thing. It opens the door to something worse than isolated aberrant behavior that tragically affects a few. It opens the door to systemic damage that affects every single one of us. In a world where tyrants hold absolute sway, you can bet that children are not going to be better off.
What we have codified in law is that searches without probable cause are illegal. This is a search without probable cause, not of a few people, but of hundreds of millions of people, myself included. Any evidence thus gathered should be thrown out and all the players involved in this shameful practice punished for basically giving god knows how many pedophiles a free pass because, like the pedophiles, they are morally retarded.
It does not matter what Google or anyone else places in their terms of service. Things that are wrong by their nature are null and void. For all *most* of us know, since we never read all the terms of service that bind us, some of them may say that we are obliged to allow Google to publish our mail, including any ill advised pictures we have taken that cast us in an unfavorable light.
This is precisely the tightening noose that provides power to the police state and such a state ultimately ends up serving nobody at all.
You cannot justify whatever you wish to do, no matter how outrageous, 'because children'.
Google should hire somebody with a moral compass and a lick of sense.
-
Tuesday 5th August 2014 23:00 GMT The Vociferous Time Waster
Some Snowdenesque plot
In some Snowdenesque plot (or maybe the Lady Bothering Couch Surfer because Snowdon was more tech savvy with encryption) a file is being transferred to a journo somewhere. Grubbymint spooks know all they have to do is pass an MD5 hash of the file to Gurgle and they will provide the deets of the email sender or recipient. Might not be flagged as a peed but will give them the time to supress the information in more traditional ways with a staged suicide or a car accident in a tunnel.
-
Tuesday 5th August 2014 23:59 GMT Old Handle
I was just thinking, you know what's ironic? They talk about protecting children, but this will only catch the lowest lever child porn users. Think about it, if someone is actually molesting a child and sharing the pics with their pedo pals, those pictures won't be in the database! The one guy who it would actually do some immediate good to arrest is the one who has the least to fear from this.
-
Wednesday 6th August 2014 02:01 GMT Shannon Jacobs
Of course you aren't, you EVIL lying sons of...
It was only a few years ago that I thought google was a good thing. Now it makes me feel so innocent and naive. EVIL is the rule of business in America, and google has become as EVIL as any of them.
Hey, google, would you like to get your soul back? You'd have to sacrifice a tiny fraction of your profits. Oh, not interested. Why am I not surprised?
-
Wednesday 6th August 2014 13:56 GMT Andrew Meredith
Do it yourself
The only thing I use my Goggle account for is as a username/password pair for the likes of Android Play.
A fairly simple Linux/Postfix/MailScanner/Dovecot/Apache setup with 4096 bit PKI; giving users a highly encrypted closed IMAPS/SMTPS email service, ensures that users messaging within the system can chat away to each other to their hearts content and send whatever they like to each other without let or hindrance.
If Google et al continue down the aforementioned low friction gradient, more and more criminal gangs are also going to do this sort of thing. Squirrel your machine away on a cloud service with filesystem encryption turned on .. maybe even set it up from an anonymous crypto-mail service and pay with bitcoin. The faster the authorities spin up better mousetraps, the more sophisticated the mice will become; leaving the rest of us, as mentioned above, under more and more scrutiny and almost certainly being picked up for lesser and lesser crimes.
One day they will have subjected us all to so much over-observation that it will be routine for the kind of measures I spoke of to be used to simply keep ones messaging private. Then the data taps will all dry up and the TLAs will be totally lost.
i would suggest that the big mistake here was not scanning the mails, which we all know happens with the free services, or even to report the scroat for kiddy fiddling, he had it coming; the big issue is that they told us it had happened. We then of course go off down the road of "What else are they scanning for" and this whole thread leaps into being.
-
Friday 8th August 2014 02:41 GMT ecofeco
Well, back to POP3
We really should all go back to POP3. The hard part is now just figuring out which port our ISPs allow for POP3.
You think it's the same port everywhere? Oh, non, non, non.
Oh wait, the only ISPs available for most people are the "other" big corporations. Who will also read your email.
Hmm, so in order to use email almost anywhere in the free world (old joke) there is no real alternative to no privacy. And this makes it "signed up of own free will" how, exactly?