Forgot your password?
typodupeerror
Google Crime Privacy

Google Spots Explicit Images of a Child In Man's Email, Tips Off Police 790

Posted by samzenpus
from the do-not-pass-go dept.
mrspoonsi writes with this story about a tip sent to police by Google after scanning a users email. A Houston man has been arrested after Google sent a tip to the National Center for Missing and Exploited Children saying the man had explicit images of a child in his email, according to Houston police. The man was a registered sex offender, convicted of sexually assaulting a child in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston. "He was keeping it inside of his email. I can't see that information, I can't see that photo, but Google can," Detective David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told Channel 11. After Google reportedly tipped off the National Center for Missing and Exploited Children, the Center alerted police, which used the information to get a warrant.
This discussion has been archived. No new comments can be posted.

Google Spots Explicit Images of a Child In Man's Email, Tips Off Police

Comments Filter:
  • by evilviper (135110) on Sunday August 03, 2014 @11:29PM (#47596703) Journal

    Automated software to detect it? How the fuck do they even do that?

    You're kidding, right? Ever heard of Google Image Search or TinEye? You give it a URL, or upload a photo, and it'll give you a list of identical and highly-similar images...

    From there, it's a no-brainer to feed the system with URLs of known pedo sites... either ones Google employees have identified, or those they've gotten law-enforcement requests to take-down.

    And even without the TinEye type system, it's still a no-brainer to checksum/hash all those images, and see if an exactly identical one shows up on your servers, somewhere, somehow.

  • by BradMajors (995624) on Sunday August 03, 2014 @11:35PM (#47596733)

    email your friend encrypted pdf files and tell him the pdf file password over the telephone.

  • by suprcvic (684521) on Sunday August 03, 2014 @11:37PM (#47596741)
    I use runbox. Secure email based out of Norway. https://runbox.com/why-runbox/... [runbox.com]
  • by Anonymous Coward on Sunday August 03, 2014 @11:48PM (#47596805)

    An automated tool probably flagged the image, hopeful it wasn't simply probable nudity but probable nudity combined with some other alert, maybe something in the body of the text. Humans probably only review flagged images. The system is working as google has always intended, go read the terms of use. Working with local law enforcement when google deems it appropriate or legally required probably falls under what you refer to as "etc".

    Read the full article. There's an agency ("National Center for Missing & Exploited Children") that provides hashes of known child porn images and videos to companies like Google. I don't think it's outside Google's purview to ensure files with hashes appearing on that list don't reside on their servers. Contrary to what the peanut gallery here has to say, Google aren't opening up individual mailboxes for a quick squiz. Not to mention that even if they aren't looking inside mailboxes for these images, they probably do scan messages traversing their network (i.e. incoming/outgoing) for files with known hashes.

  • by Anonymous Coward on Monday August 04, 2014 @12:05AM (#47596891)

    The article says specifically that they are comparing email attachments against a list of known hashes of child porn.

  • by c6gunner (950153) on Monday August 04, 2014 @12:15AM (#47596937)

    Gmail allows for dot address matching. This is a *huge* problem that has never been addressed.

    It hasn't been addressed because there is no such problem. All of the incidents described in the link you provided, as well as your own experience, seem to be explained by user stupidity. No need to invent some mysterious google-bug in order to explain it.

    I had a similar experience; some idiot used my google email address, with a dot in the middle (no dot in mine), as his recovery e-mail for a bunch of his other accounts. So I kept getting periodic emails letting me know when he's signed in from a new location. Confused the shit out of me at first. After I contacted him to let him know about it, it turned out he was misspelling his own e-mail address.

    When the choice is between user stupidity and a systemic problem, always pick user stupidity.

    Stories like this scare the shit out of me because, at any time, if one of those people I happen to receive email for suddenly decides to go into full-creep mode, I could be put in prison for a very, very long time.

    Nonsense. If this were true, any pissed off person who knows your e-mail address could get your arrested by spamming you with kiddie-porn from an anonymous e-mail provider. You're not going to go to jail just for receiving e-mail.

  • Re:This is chilling (Score:4, Informative)

    by jeIIomizer (3670945) on Monday August 04, 2014 @12:19AM (#47596965)

    not for pedophiles, fuck them

    Pedophiles are simply people who have a sexual attraction towards children. Being a pedophile does not mean you molest children or even look at child porn.

    The term "pedophile" is being misused by people who don't even know what it means, to the detriment of many people who have never harmed anyone.

    While, I absolutely believe it's google's job to report illegal activity

    Not all laws are just, so don't pretend that they are.

  • by zephvark (1812804) on Monday August 04, 2014 @12:21AM (#47596983)

    Why wouldn't you convict if a server admin presented a file, with logs, timestamps, and permissions that demonstrate the owner, creator, and time which that person had it?

    Because, as an occasional server admin, I'm perfectly aware that it's easy to change the logs, timestamps, and permissions. Do you not know what a computer is? It's a tool for manipulating data. This is not reliable forensic evidence, it's something that anyone with fairly modest skills could fake up in fifteen minutes.

  • by danheskett (178529) <danheskett@@@gmail...com> on Monday August 04, 2014 @12:22AM (#47596987)

    If all the evidence came from Google, I would absolutely not vote to convict. It is far, far, far more dangerous to trust a single entity with detecting and providing the sole evidence to convict a person of a serious crime than it is to allow one child predator to go free.

    After learning that the DEA and other agencies of government have knowingly and continue to knowingly lie and create false histories of how evidence or alleged evidence came to be, I have upped my personal tolerance for the idea that government, in a fascist alliance with big business, is able to corrupt the legal process with impunity.

    I've already had one chance to exercise that judgement, and to let the prosecutor know that was why, and I hope to have many more opportunities in the future.

    For anyone who is going to jury duty: no matter what the judge or prosecutor says, you have the unassailable, unreviewable, unabridged right to acquit anyone, of any charges, for any reason you wish. They will threaten you, lie to you, and mislead you, but you have the ultimate power. It is an awesome power, and even if the person on trial is guilty, you should consider handing down a not-guilty verdict, just to keep the powers that be in check. You will sleep better at night.

  • Re:This is chilling (Score:5, Informative)

    by danheskett (178529) <danheskett@@@gmail...com> on Monday August 04, 2014 @12:28AM (#47597015)

    Not according to the courts. The Courts have said that an un-read, e-mail stored on a server, is like an envelope containing a letter. A warrant is required to do anything other than examine the header (i.e. the face) of the letter.

    Once read, it is no longer like a letter, it is business correspondence, and a warrant is no longer required.

    This is extremely relevant in law. Recently, the former head of the CIA used unsent drafts stored in a drafts folder to communicate with a lover. This has profound legal implications. It is also how some terrorists were communicating - not sending e-mails, but storing drafts in a folder. This is important because those drafts are even more protected because they are not "in transit" (even though the data is in transit, the message was not "sent", therefore, it can't be put through all sorts of special NSA/CIA dragnets).

    What this means in effect is that services like Lavabit are only part of what is needed. What is really needed if you want your email security is end-to-end encryption, where the unencrypted document is never stored anywhere but your computer. Anything else, and once read, your email can be legally produced to any government agency with only a subpoena or national security letter, no warrant needed.

  • the ARTICLE states (Score:5, Informative)

    by Anonymous Coward on Monday August 04, 2014 @12:58AM (#47597123)

    that this was discovered via a known hash of known child pornagraphy images.

    it seems to me that google must keep a hash table of alot of things sitting around on it's drives,
    using hashes to reduce redundant storage requirements means that this very well have been discovered AUTOMAGICALLY, and thus required google to act on it.

    i don't think the spin being placed here as it being an 'invasion' of privacy is accurate here considering my prior statement
    you should thank google for helping to stop people invading the child's privacy by putting a stop to sharing of images like this

    the methods potentionally employed in the discovery of this image are both automated and reasonable
    and the reaction of google is not only reasonable and actionable, it's also commendable.
    we all can keep our privacy if all they're doing is storage reduction through hash comparison.
    fin.

  • by raymorris (2726007) on Monday August 04, 2014 @12:58AM (#47597127)

    It seems National Center for Missing and Exploited Children has a database of hashes, or "fingerprints" of known child porn images. When you use Gmail, it checks attachments against a database of viruses and also apparently against this CP database.

    A distinction can be made here. What the database does NOT do is any kind of image analysis to see if the picture LOOKS like child porn. It checks only against known, reported child porn, apparently.

  • by T-Bone_142 (917711) on Monday August 04, 2014 @01:36AM (#47597245)
    They already do stuff worse then this, its called Parallel Construction [wikipedia.org]. Its standard operating procedure.
  • by ShanghaiBill (739463) on Monday August 04, 2014 @01:50AM (#47597297)

    What if someone at Google suddenly doesn't like you and they forward the contents of Mr. Convict to your e-mail address? Oh, and then the police get an "anonymous" call.

    Except, in this case, the call was not anonymous. Furthermore, the police used the email as evidence to get a warrant to search his devices, and found other images. So, he is not being charged based on just one email.

    Who believes you now, mate?

    Most likely, no one will believe him. Why should they?

  • by Cyberdyne (104305) * on Monday August 04, 2014 @04:49AM (#47597853) Journal

    That means only the most incompetent pedos aren't already randomly tweaking their jpgs - the smart ones are doing it in the EXIF section so it won't even change the picture.

    The smart implementations probably hash the image payload excluding EXIF, for exactly that reason - maybe downsample and reduce the colorspace too, so trivial tweaks won't have that effect any more.

    (In fact, the implementation I'm working with right now for exactly this purpose - I have a small research project underway with the police in Scotland as part of their Offender Management work - just hashes HTTP payloads for the moment - although refining this is on the drawing board for later.)

    I do find this very disturbing in principle though. Is absolutely everything in your mailbox entirely innocent? I have, for example, a list of various Microsoft product keys in mine. As it happens, those are legitimate - all issued to me by Microsoft via MSDN subscription, then I stuck them all in a spreadsheet to keep track of which key was in use for what - but would Google or the police know that just from looking at the list? They might turn up with a warrant looking for the piracy ring I'm obviously running, just because Google got nosy and went vigilante!

    This isn't the first time, though; I recall a malware researcher getting rather upset after Google started eating samples from his Inbox [ghettoforensics.com] - even when they were inside password-protected ZIP files. I can see that they mean well, but to me that crosses a line.

  • by IamTheRealMike (537420) <mike@plan99.net> on Monday August 04, 2014 @07:00AM (#47598321) Homepage

    You think anyone who does not conform to your morale standard is "sick" and needs help? You're arrogant, egocentric and intrinsically extremely manipulative.

    He is either well informed or (more likely) simply able to point out the obvious in a world where most don't dare. It is proven beyond doubt that brain tumours can cause paedophilia [newscientist.com]. That article is a summary of one well known and notorious case, but note that he checked himself into the hospital just one day before he was going to prison. The chances are great that there are more people like him rotting inside the prison system.

    Given that the sex drive is an inherently biological thing that evolution has given tremendous influence over people's behaviour, the fact that a malfunctioning sex drive might have a biological root cause should not surprise anyone. And yes, it's absolutely a malfunction and obviously so - the purpose of sex is to reproduce and create offspring that survive to adulthood. The chances of having a child that grows up to be a strong adult by having sex with another child is massively reduced or close to zero, so from an evolutionary perspective it makes little sense.

    You condescendingly show "sympathy", but you have absolutely no respect. You say child molesters suffer from a mental illness? Strange, isn't what some people are saying about gays?

    Yes, some people do say that, and for all we know they might be right. Homosexuality is another biological dead end that doesn't lead to offspring. However this kind of deviation from the sexual norm is something most enlightened societies have got over because it doesn't harm anyone. OK, those people will not have kids. So be it. They aren't hurting anyone so it's unreasonable and unjustified to cause them problems.

    Child abuse is a more complicated area. People tend to think of the "we know it when we see it" type cases, you know, 40 year old men trying to have sex with 8 year olds. Unfortunately the laws are badly written enough that all kinds of other basically harmless behaviour gets tangled up with it. For example, I know for a fact that the NCMEC database contains cartoons. Having a racy cartoon in your Gmail account is now enough to get busted by the police. Other cases of idiocy around these laws include the UK where the legal age of consent is 16 but the age to be considered not child porn is 18, meaning two people can legally have sex but can go to jail if they take a photo of themselves doing it. Cases where two teenagers have a relationship and the older one ends up being busted for child abuse have been reported in the USA. The harm in these cases is hard to see but it all gets dumped into the same bucket, legally.

  • Re:Hash Collision (Score:5, Informative)

    by petermgreen (876956) <plugwash@p10link ... inus threevowels> on Monday August 04, 2014 @08:03AM (#47598543) Homepage

    Finding an "incidental collision" (that is a collision that happened in a case other than people deliberately setting out to construct a collision). is most certainly noteworthy. Lets run some ballpark numbers.

    There are less than 2^33 people in the world. Most of them probablly don't use google but lets assume that they do. Further lets make a wild ass guess that each one has 2^17 files in googles database (from some googling i'm pretty sure this is an overestimate). That would mean a total of 2^40 files.

    Lets further assume that the hash functions are ideal "random oracles".

    With 2^40 files there are approximately 2^79 pairs of files. With a 128 bit hash (like md5) then assuming it's ideal the probability of a pair of files having colliding hashes is 1 in 2^128 so with our 2^40 files the probability of a collision anywhere in the set is approximately 1 in 2^49.

    For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks

    An incidental collision even in MD5 either means something incrediblly unlikely happened or (far more likely) there is a serious flaw in the uniformity of the hash function's output. That is certainly newsworthy.

    In SHA1 and higher any collision even a deliberately constructed one would be noteworthy (the MD5 ones certainy were when they were first found, they are old news now of course).

  • by chfriley (160627) on Monday August 04, 2014 @08:46AM (#47598767) Homepage

    Kind of like all the systems, procedures, and protections that prevent this type of thing at the NSA.

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...