5 comments

[ 3.0 ms ] story [ 24.6 ms ] thread
Wait, what? Gmail is reading the content of email messages, and giving them to law enforcement? There are a bevy of constitutional issues with this.

Now, I will preface this by saying that child molesters are despicable, no one will argue that. But because they are so vile, they make great test cases for pushing the boundaries of search and seizure law.

But the problem is that once the courts create a legal rationale to justify Google reading the child molester's email, that rationale can be applied to anyone.

So there's a whole host of defenses that could be raised:

1. The Wiretap Act - prohibits interception of electronic communications by private entity. Even Google's automated scanners, if applied to Gmail, could fall afoul of this law.

2. The Stored Communications Act - The Fourth Amendment creates very limited protections for stored electronic communications like email under the "third party doctrine." The third party doctrine essentially states that you have no privacy rights under the Fourth for any information you voluntarily send to another company or individual. The rationale being that, since you knowingly transmitted it, there is no reasonable expectation of privacy.

However, The Stored Communications Act, part of ECPA, creates several statutory quasi-Fourth Amendment rights for stored electronic communications, especially email.

3. Agent of the State

This is the weakest argument, but essentially the defendant could argue that Google was acting at the behest of the government, and thus full constitutional protections would attach. The rationale here is that Google and law enforcement were working so hand-in-glove that Google was a de facto state agent. This would make it very messy, as more powerful Constitutional protections would attach.

Now, the bottom line here is that Google is reading content and transmitting it to law enforcement. I'm sure the right to read your email is in their ToS, but that could be successfully challenged if the language is either too narrow or overly broad as to be vague and thus void (two mistakes highly-paid attorneys make quite often.)

EDIT, in response: Yes, that's true. You'd need to show sufficient public-private nexus to have a chance in the criminal prosecution. But if you can brush Google back off the plate a bit using the private causes of action in #1 and #2, you may be able to get the discovery you need to prove the state-agent argument. For example, I guarantee Google has government Powerpoints floating around about activities certain agencies would like reported.

Actually, #3 is the only thing like a "defense" that can be raised. #1 and #2 might provide legal causes of action against Google, but unless Google is acting as an agent of the state, the exclusionary rule doesn't apply, because the exclusionary rule only applies to information that results from an illegal search and seizure by the state (including private parties acting as state agents), not to evidence illegally obtained by a private party acting independently of the state which is then transferred to the state. So, even if the information was illegally obtained by the arguments that fall in categories #1 and #2, that's not something that's useful to the defense in a criminal prosecution without #3.
This is where the ethics around privacy get really difficult. On the one hand Google should respect everyone's privacy, but on the other the man is a child pornagrapher.
The universal disdain for child pornography allows society and law enforcement to push the boundaries of law enforcement in a way that will be universally agreed with.

What worries me is that once these boundaries are crossed for one very important reason, the precedent can become justification for crossing them for other less universally-acknowledged reasons.

If Google knows the content of this guy's email account based on hashes of attachments, that means they have hashes for ALL of the images in his account, and only flagged the ones that were on the list for child porn content. But I'm pretty sure the ability to identify all other content in his account by hash is laughably easy. In order to know what content isn't kosher, you have to be able to tell what content IS.

Say someone has pirated digital content in their account - an archived movie or mp3 or something. What would stop Google from coughing up the email addresses of everyone that had that particular attachment in their account in response to some zillion-dollar lawsuit by the entertainment industry?

And if your immediate response would be "but they wouldn't do that", why would you think not? Short of the morals or ethics of the human beings at the switch, what would stop them? The technology is there, and obviously working, why not use it to further advantage?