It's common knowledge that Google scans your Gmail content to better target you with ads. But when the company recently turned over a Gmail user to authorities for possessing indecent images of children, it also shined a spotlight on the question of how much privacy you can have on the service.
John Henry Skillern, 41, has been charged with possessing child pornography after the National Center for Missing and Exploited Children received a tip from Google that he had three pornographic images of children in his email. According to KHOU Houston, Skillern was emailing an explicit picture of a young girl when Google picked up on the incident and alerted authorities.
Police later said that Skillern, a registered sex offender convicted of assaulting a young boy nearly 20 years ago, had child pornography on his phone and tablet, as well as text messages and emails that expressed interest in child porn. He's currently being held on $US200,000 bail and is charged with one count of possession and one count of promotion of child porn material.
"The law requires companies to report child pornography if they come across it," Michelle Collins, vice president of the exploited children division of the National Center for Missing and Exploited Children, said. "We get between 10,000 and 15,000 tips each week on Cybertupline.com of child exploits found on the internet, ranging from children being enticed to trafficking kids."
The specific law — 18 U.S. Code 2258a — requires companies to report these crimes if they happen upon it. It's the same law that forces Walmart to turn over child pornography photos developed at its stores — but it's not perfect.
In one case last year, an Arizona couple sued Walmart for mistaking bath time photos of their kids as child porn.
It's unknown exactly how Google was able to recognise Skillern's pictures as child porn — but once that connection was made, under US law Google was required to notify the center. It's possible Skillern's account was under higher scrutiny since he is a registered sex offender, but Google has not yet responded to queries.
Google has been transparent about the practice of scanning its users' email for some purposes.
Google's Terms of Service explicitly says its "automated systems analyse your content (including emails)...." The policy statement adds that the company does this to "provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored."
The news comes less than a year after Google announced it would start blocking links to sites with child pornography. In an op-ed written by Google executive chairman Eric Schmidt in the Daily Mail last year, he outlined a major initiative — along with the help of Microsoft, Internet Watch Foundation (IWF) and the National Center for Missing and Exploited Children — to crack down on child pornography and abuse on the internet.
"We actively remove child sexual abuse imagery from our services and immediately report abuse to the authorities," Schmidt said. "This evidence is regularly used to prosecute and convict criminals."
Still, the incident has raised the topic of email privacy concerns. Many who learned about the case turned to Twitter to express their conflicted stance on the issue.
Well, google may be reading our emails, but at least we get an email cop to go along with our lack of privacy http://t.co/9z3vFmPKCZ — Eric-Shabazz Larkin (@EricShabazz) August 4, 2014
Child porn discovered by Google. I'm not sad but I'm not sure I understand privacy anymore. http://t.co/mi1Xusv411 — Anne Schwartz (@sophgermain) August 4, 2014
Probable : Even if you are not a pedofile google is checking all the images in your emails, automatically #privacy http://t.co/TUgrMqLWpj — Climate Babes (@climatebabes) August 4, 2014
While Google scans mail to serve ads and build personal profiles about users, its profiling activities are somewhat obscure.
"Drawing a line about email scanning is not simple — no one seems to object if email is scanned for malware, but once you move beyond that, it's much more difficult," Robert Gellman, a privacy and information policy consultant, said.
As Gellman points out, if you buy something from Amazon and receive an emailed receipt, Google knows about your purchase, and if a doctor emails you test results, Google knows your medical condition. But uncovering an illegal crime taking place is another story.
"Reading email to turn over to law enforcement opens a whole different can of worms," Gellman said.
"No one defends child porn, but the principle that an email provider will read mail looking for criminal activities is problematic. It raises concerns over what standards apply and which crimes are included."
Gellman points out the US Postal Service isn't allowed to open a first class letter without a warrant.
"What's needed here is clearer rules and better defined notices and expectations," he said. "Google may be interested mostly in improving its advertising, but once you start reading someone's email, you can find yourself in a difficult position. No one wants to protect child porn users, but once you open the email, you face the possibility of being seen as supporting it because you know about it."
Other companies such as Microsoft have been at the center of privacy debates over how to use the information they have access to. In March, news surfaced that Microsoft secretly broke into the Hotmail email account of one of its users for security purposes (related to whether a former employee stole trade secrets).
The company has since updated its security policies, saying it will now contact law enforcement if it needs access to a user's email account instead of doing the investigation themselves.
Mashable is the largest independent news source covering digital culture, social media and technology.