Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Privacy

Dad Photographs Son for Doctor. Google Flags Him as Criminal, Notifies Police (yahoo.com) 241

"The nurse said to send photos so the doctor could review them in advance," the New York Times reports, decribing how an ordeal began in February of 2021 for a software engineer named Mark who had a sick son: Mark's wife grabbed her husband's phone and texted a few high-quality close-ups of their son's groin area to her iPhone so she could upload them to the health care provider's messaging system. In one, Mark's hand was visible, helping to better display the swelling. Mark and his wife gave no thought to the tech giants that made this quick capture and exchange of digital data possible, or what those giants might think of the images. With help from the photos, the doctor diagnosed the issue and prescribed antibiotics, which quickly cleared it up....

Two days after taking the photos of his son, Mark's phone made a blooping notification noise: His account had been disabled because of "harmful content" that was "a severe violation of Google's policies and might be illegal." A "learn more" link led to a list of possible reasons, including "child sexual abuse & exploitation...." He filled out a form requesting a review of Google's decision, explaining his son's infection. At the same time, he discovered the domino effect of Google's rejection. Not only did he lose emails, contact information for friends and former colleagues, and documentation of his son's first years of life, his Google Fi account shut down, meaning he had to get a new phone number with another carrier. Without access to his old phone number and email address, he couldn't get the security codes he needed to sign in to other internet accounts, locking him out of much of his digital life....

A few days after Mark filed the appeal, Google responded that it would not reinstate the account, with no further explanation. Mark didn't know it, but Google's review team had also flagged a video he made and the San Francisco Police Department had already started to investigate him.... In December 2021, Mark received a manila envelope in the mail from the San Francisco Police Department. It contained a letter informing him that he had been investigated as well as copies of the search warrants served on Google and his internet service provider. An investigator, whose contact information was provided, had asked for everything in Mark's Google account: his internet searches, his location history, his messages and any document, photo and video he'd stored with the company. The search, related to "child exploitation videos," had taken place in February, within a week of his taking the photos of his son.

Mark called the investigator, Nicholas Hillard, who said the case was closed. Mr. Hillard had tried to get in touch with Mark but his phone number and email address hadn't worked....

Mark appealed his case to Google again, providing the police report, but to no avail.... A Google spokeswoman said the company stands by its decisions...

"The day after Mark's troubles started, the same scenario was playing out in Texas," the Times notes, quoting a technologist at the EFF who speculates other people experiencing the same thing may not want to publicize it. "There could be tens, hundreds, thousands more of these."

Reached for a comment on the incident, Google told the newspaper that "Child sexual abuse material is abhorrent and we're committed to preventing the spread of it on our platforms."
This discussion has been archived. No new comments can be posted.

Dad Photographs Son for Doctor. Google Flags Him as Criminal, Notifies Police

Comments Filter:
  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Sunday August 21, 2022 @05:02PM (#62809285)
    Comment removed based on user account deletion
    • by david.emery ( 127135 ) on Sunday August 21, 2022 @05:07PM (#62809309)

      A related issue is having everything in "the cloud" makes you subject to (arbitrary) decisions by that cloud provider to remove your access.

      A lawsuit on this is likely, and that could well set some precedents on cloud provider liability for locking someone out of material that is clearly their property.

    • by Anonymous Coward

      this is an unfortunate result of a level of surveillance that would have previously been thought of as completely unacceptable without motive

      the fact that Google didn't correct the mistake is also a bad sign - there's too much power in centralized big tech

      • by ls671 ( 1122017 ) on Sunday August 21, 2022 @06:16PM (#62809515) Homepage

        I wonder about the doctor, did he get flagged too or does he have a special permit delivered to him by the new police state Google oligarchs?

      • Or with motive (Score:5, Insightful)

        by Anonymous Coward on Sunday August 21, 2022 @06:18PM (#62809517)

        We here in Europe used to call this "stasi-level surveillance". Those guys kept all sorts of information on just about everyone, down to discarded train tickets, in large warehouses. Using modern tech the NSA keeps more, way more, but digitally.

        Now the likes of google and microsoft and amazon and apple have figured out a model where you "voluntarily" give up all your data and they scrutinize it for possible indications of could-be-badness and we just accept it. You even pay them for the privilege.

        We all saw it coming, but nobody outside our little world could be arsed to care. See "we lost the war", presentation given at 22C3, and note the date.

        Apparently the only way the people, even "engineers" like this guy, want to learn about how this works is the hard way. So here is the hard way. Share and enjoy.

        • About 15 years ago, as a young teenager, in school I saw the movie "Das Leben Die Anderen" (Lives of others).

          Then I came home, and looked at the running debug logs on the router, and was horrified by what I could know.
          Having grandparents and parents that lived through the "stasi-level" era, their horror stories became a warning to me.
          At least in that time, it cost the state manpower, now it costs next to nothing.

      • by arglebargle_xiv ( 2212710 ) on Monday August 22, 2022 @02:02AM (#62810277)

        It's not new, this has been going on for decades, it reached its peak in the 1980s and 1990s. The number of parents who were prosecuted for baby photos, a.k.a. creating child porn, was frightening, and like an accusation of witchcraft in the 1600s it effectively destroyed their lives once made. It just faded out for awhile with the rise of digital photography when you no longer had to take your film to a drugstore/chemist to be developed and they'd report you to the police for taking photos of your kids.

        It's also possible that the fading of satanic child abuse hysteria in the 1990s contributed to people no longer seeing every photo of a kid as child porn, although it's had a strong resurgence in the last five years or so. It's like being in the 1990s again, this exact headline could have run thirty years ago, substituting "drugstore employee" for "Google".

    • They must have had their settings set to upload all photos to Google Photos..

      It was most likely the default setting.

    • by Darinbob ( 1142669 ) on Sunday August 21, 2022 @05:57PM (#62809465)

      The default with android is, or at least was, to upload everything automatically until you find the settings to change that.

    • Don't use Google. (Score:5, Informative)

      by Brain-Fu ( 1274756 ) on Sunday August 21, 2022 @06:03PM (#62809487) Homepage Journal

      The services are free, leaving you with no leg to stand on when this sort of thing happens. Therefore, it is folly to rely on them.

      Paid email costs a few bucks a month. That is a pittance to pay for a provider that actually values your business and behaves reasonably when something like this happens.

      Whatever it is you need Google for, there is an alternative that is either free or totally affordable, that treats you much better and is much more reliable.

      I de-googled my life years ago, and have never regretted it.

    • Re: (Score:2, Flamebait)

      by fermion ( 181285 )
      First rule of the internet. Anything online is public. It is one thing for adults to post naked pictures, another for kids. Yes, this were appropriate photos and in the past would have been securely faxed with no harm. But the parents left them on their phone and potentially available to the public. If they had been leaked, there might have been irreparable harm.

      This is an unfortunate but cautionary tale. Cops can others can be really over zealous. I recall one case where an older brother was helping his

    • It's useful to automatically upload, in order to prevent aggressive police and security agents from erasing your records of their abuses. It's a trade-off between the safety of your local device, or the safety of the cloud.

    • by Charlotte ( 16886 ) on Sunday August 21, 2022 @09:40PM (#62809971)
      Try and figure out a way to get sensitive stuff to a stranger's computer without uploading it.

      So you say:

      1. "Oh wait, I'll put it on my computer before sending it, in a place that isn't backed up." Ok, try and explain that to your 86 year old dad.

      2. "Great, it's in ~/nobackup/, now let's send it via gmail and... oh, wait".

      3. "You know, I'll use my burner email address and send it to my wife". You've just uploaded it to a stranger's (email) server. I hope your wife doesn't have a gmail account or an Exchange based work address.

      4. "Oh wait, I'll make her a burner account too". Ok, try and explain to your wife - who has a PhD in astrophysics - how to manually setup a new IMAP server on her MacBook Pro while bypassing the autoconfigure bit in Apple mail, while she's talking to a doctor who charges by the hour.

      4. "Oh wait, I'll encrypt it first". You've now sent an encrypted child pornography image through a stranger's (email) computer, possibly through burner email accounts. Someone might think that's suspicious or something.

      5. "Oh wait, I'll upload it to a burner URL protected by a name/password, then tell my wife the credentials and have her download it from there." You've just sent a (possibly encrypted) child pornography image to your own publicly accessible web server, and tried to hide the fact by exchanging a symmetric secret. This is just getting and better from the point of view of the public attorney. The jury and the judge start fidgeting as your public defender tries to illuminate the finer points of the HTTPS protocol. The EFF kindly sends in an amica brief no one can understand except you. Someone in the press googles "EFF Stallman".

      7. "Oh wait, I'll tell my wife to download it to her computer in a place that's not backed up." Groan...

      8. "Honey, now mail it to the doctor... oh wait." Create a burner account for the doctor, and.... wait, where was I?

      9. You give up and physically take the kid to the doctor's office.

      FTFY. Note that copying a file to another computer is the definition of uploading.

    • Wasn't there now a provision in those phones that any pics get "automatically inspected" for kiddy porn content. And don't you dare to be against that.

  • by Joe_Dragon ( 2206452 ) on Sunday August 21, 2022 @05:04PM (#62809299)

    what happens when an attorney's account get locked like this? and then it makes them unable to defend there client?

    • by Spazmania ( 174582 ) on Sunday August 21, 2022 @05:21PM (#62809349) Homepage

      This sort of thing is what attorneys were invented for. The whole matter could be resolved by a prompt letter from an attorney to Google's counsel costing maybe $200. You don't "ask" someone with power to reconsider when they screw up this badly. You hire a lawyer to demand it.

      • by NFN_NLN ( 633283 )

        Saul Goodman would have had his account reinstated and a huge settlement in this guys favor.

      • by djinn6 ( 1868030 ) on Sunday August 21, 2022 @07:04PM (#62809641)

        Under what law would they sue Google? Remember, the service is provided as-is and Google has the right to not serve anyone for any reason. Private business and all that.

        I'm not even sure there's a law that says they have give your data back.

        • by Spazmania ( 174582 ) on Sunday August 21, 2022 @07:32PM (#62809699) Homepage

          First off, $200 doesn't get you a lawsuit. It gets you a "wake up and pay attention" letter from a lawyer. 9 times out of 10, the implicit threat of further legal action posed by an official letter (and the explicit point that someone with a legal background has reviewed the matter and is making demands) is enough to get what you want.

          As for what law, any time you injure another by your intentional actions you face potential legal liability. It's called "common law," and it's the foundation of law for nearly every former English colony including the United States. If you actually sued, you'd need to find a precedent case on which to base your suit. That research would cost you more than $200 but I guarantee it exists. For that first simple letter you just need to insist that Google has unreasonably damaged you. Or more precisely, a lawyer has to insist on your behalf.

          Actually, the first letter would demand three things:

          1. That Google preserve a copy of the contents of your account as of their date of action pending consensus between you that the matter has been resolved.

          2. That Google explain in specificity and in good faith the basis for their action. If Google won't explain themselves upon lawyer's demand, they're acting in bad faith and judges really hate that. They tend to sanction the party who acted in bad faith. Bad faith can convert an easy win into a decisive loss.

          3. That Google reinstate your account pending review so as to avoid further damaging you. This sets a timestamp after which the damage Google does you is willful and subject to additional damages for its willfulness.

          Then you let Google's lawyer explain the legal exposure to Google's abuse team.

          • by djinn6 ( 1868030 )

            It sounds like you might be a lawyer.

            My layman's understanding is that harm caused by non-provision of service is not something you can take to court. You can't sue your grocery store for not stocking gluten-free bread, or your plumber for not coming in to fix your pipes, even if you have Celiac disease and your burst pipe is causing you tens of thousands of dollars in damages.

            • by Spazmania ( 174582 ) on Sunday August 21, 2022 @08:07PM (#62809791) Homepage

              If you have a fire and your insurance company cancels your coverage because of it (and not anybody else's, just yours), you probably have a case against them. If you have an ongoing maintenance contract with your plumber through which they give you priority and suddenly this time they don't do it, you probably have a case against them. If the grocery store advertises that soft drinks are on sale this week, they run out, and they refuse to give you a rain check at the sale price, you definitely have a case against them.

              Sudden non-provision of a service that you ordinarily provide, that a reasonable person would expect you to provide, and for which your sudden non-provision is damaging is very much actionable.

              • by XXongo ( 3986865 ) on Sunday August 21, 2022 @09:19PM (#62809931) Homepage

                If you have a fire and your insurance company cancels your coverage because of it (and not anybody else's, just yours), you probably have a case against them.

                You are paying them. They do not give you the service you paid for. That's your case.

                This person was not paying google.

                If you have an ongoing maintenance contract with your plumber through which they give you priority and suddenly this time they don't do it, you probably have a case against them.

                You are paying them. They do not give you the service you paid for. That's your case.

                This person was not paying google.

                If the grocery store advertises that soft drinks are on sale this week, they run out, and they refuse to give you a rain check at the sale price, you definitely have a case against them.

                No, you most certainly don't.

                You might be able to complain to the FTC about false advertising (or to your state), but don't hold your breath.

                Sudden non-provision of a service that you ordinarily provide, that a reasonable person would expect you to provide, and for which your sudden non-provision is damaging is very much actionable.

                Not unless there's an agreement, no.

                And if you violate the explicit terms of service you agreed to (remember those things you clicked "yes" on ages ago when you signed up? Those.)-- you're SOL.

            • The difference between this situation and the grocery store is that your hypothetical customer didnâ(TM)t already own the gluten free bread the store didnâ(TM)t stock, but they are the owner of the photos, e-mails, and other content that Google was just the custodian of. Unless of course Googleâ(TM)s TOS states that they are in fact the legal owner of all data stored on their servers. I donâ(TM)t know what exactly that fine print says in this case. IANAL.

        • How about libel and defamation? Filing a false police report is also supposed to be a crime. One way or another, *someone* must be made to pay. I'm not normally normally one to cite scripture; but this particular sort of bullshit has been considered so heinous, so universally, and for so long, that there's a commandment on the topic.

          • by Spazmania ( 174582 ) on Sunday August 21, 2022 @07:59PM (#62809779) Homepage

            Truth is an absolute defense against libel/defamation. Actual truthful facts can't legally be defamation. Google reported to the police that you sent a picture and here's the picture you sent.

            Same with false police reports -- the information provided to the police has to actually be false. It's not enough that it means something different than you think it means, the information itself has to be false.

            Someone doesn't always have to "pay." The courts accept mistakes made in good faith so long as the mistakes are promptly corrected. The letter from the lawyer sets a hard deadline for the recipient to demonstrate good faith.

        • by dgatwood ( 11270 )

          Under what law would they sue Google? Remember, the service is provided as-is and Google has the right to not serve anyone for any reason. Private business and all that.

          I'm not even sure there's a law that says they have give your data back.

          How about invasion of privacy, filing a false police report, and defamation for starters? Probably tortious interference for preventing other companies from their contractual obligations to give him access to his data.

          The very FIRST thing when accused of a crime is to hire a lawyer. PERIOD. A lawyer can advise you of your rights and represent you, ensuring the best possible outcome against companies that don't give a f**k about you.

          At this point, he's probably well over a year too late to get back any of

          • You consult a lawyer. Immediately. Every time. And they send a letter for you. You don't sue right away for three reasons:

            1. You don't have to. The lawyer already has the company's attention and is likely to negotiate a favorable outcome.

            2. It's expensive. More expensive than letting the lawyer do the job his way. And your adversary's behavior has to have been unusually egregious before you've any chance of getting the lawsuit expenses back, even if you win.

            3. Once you sue, adversarial legal protocols kick

            • by dgatwood ( 11270 ) on Sunday August 21, 2022 @08:43PM (#62809867) Homepage Journal

              You consult a lawyer. Immediately. Every time. And they send a letter for you. You don't sue right away for three reasons:

              1. You don't have to. The lawyer already has the company's attention and is likely to negotiate a favorable outcome.

              2. It's expensive. More expensive than letting the lawyer do the job his way. And your adversary's behavior has to have been unusually egregious before you've any chance of getting the lawsuit expenses back, even if you win.

              3. Once you sue, adversarial legal protocols kick in and slow the process way down. Even if the company decides to give you what you want, they can't do it until they negotiate you into dropping the suit.

              While technically true, there's a *big* catch when it comes to dealing with tech companies. Most Internet companies have a short retention window. For example, Google's retention period for deleted data (which presumably includes deleted accounts) is only one month [google.com]. ("This often includes up to a month-long recovery period in case the data was removed unintentionally.") Once an account gets closed, the clock starts ticking, and you likely have thirty days or less to either get them to reinstate the account or get a judge to order them to retain your data until the conclusion of legal action against them.

              In other words, if you want to get your data back, you need a lawyer within 72 hours, they need to reach the company's legal department within 72 hours, and they need to give no more than a 72 hour deadline for the company to reinstate service, to ensure that if they fail to do so, your lawyers have at least a couple of weeks to get a judge to issue an emergency injunction followed by a permanent injunction against discarding your data if they fail to reinstate the account. There is *no* time to waste. So although you're right that you shouldn't immediately file a lawsuit, you should absolutely be prepared to go from zero to lawsuit within two weeks, because if they don't back down, that's the only way you're ever getting your data back.

      • This is optimistic. Google's attorneys have considerable experience wasting people's time and money, and to justify their own income. Much of it is women into their voice email and automated web forms.

        • 9 times out of 10 getting your lawyer to talk to the adversary's lawyer will cause the adversary to dial their position back to something reasonable. The 10th time is what courts, judges and lawsuits are for.

          And they don't tell lawyers to talk to the web form -- they can get away with that interacting with you but legal notice has it's own process that doesn't care how Google prefers to communicate.

    • by ArchieBunker ( 132337 ) on Sunday August 21, 2022 @05:23PM (#62809351)

      Depends if the attorney has deeper pockets than google.

      • by sfcat ( 872532 )
        That's not how the cost/benefit analysis works in this case. It depends on how much it costs Google to defend the lawsuit vs settling it now. I'm guessing turning on this guy's account would have been far cheaper. But Google blew that chance, and now they get to spend their money on a lawsuit. And yes Google has tons of money but try being the employee that wasted a couple million of that and see how your career goes. Eventually there will be a class action lawsuit about these terrible review processes
        • by narcc ( 412956 )

          Industries with heavy regulation often have earned that regulation

          A very sobering truth...

    • If you attorney is relying on ad-supported services as part of their core business IT infrastructure, you should find a new attorney.

    • No attorney in their right mind would use a free service to store sensitive documents. Attorneys where one of the biggest users of the old "on-prem" Blackberry secure servers. IANAL, but back in the day I had a friend who was a sysop for a decent size firm, and they had to be quite serious (as far as that goes) on ensuring private documents stayed that way. I'm sure these days they have to be even MORE vigilant.

      Google is just following the laws of the land, is it there fault that there is no legal mechan
  • by jhaygood86 ( 912371 ) on Sunday August 21, 2022 @05:08PM (#62809319)
    If a company does this, and it's determined by proper authorities (the legal system) that nothing illegal occurred, companies should be required to reinstate access to accounts.
    • We don't need new laws, we need less witch hunt and more privacy. And we ALL need to realize Google's customers are not the people using Google's services.
      • Ahhh, but we DO need a new law that specifically and explicitly calls for damages in cases like this.
        It's the threat of damages that cause google et al to put policies in place to prevent this happening.
        It was the threat of damages if they DIDN'T do this that brought about the scanning.

        • Being locked out of a Google Account is a favor done by Google. These people can now take steps to get away from Google. Sounds like they should embrace this opportunity to learn how their devices work and why uploading and syncing your phone to the cloud is fucking stupid.

          Of course Google is wrong here but they are rich so not really.

          Avoid using cloud services if you don't want to deal with terrible tech companies. Lesson learned. Shame it had to be this difficult.

          • by hjf ( 703092 )

            That's like saying "well you got run over by a rich BMW driver, he's rich so you have no recourse now. Lesson learned, never get out of your house anymore. sorry you had to learn the hard way".

      • by ufgrat ( 6245202 )

        We have laws. But Google (and Apple) are de facto monopolies in their ability to do harm to people's lives, and they need to be classified as such.

        Big corporations have spent the last 50 years perfecting the art of dodging responsibility. Time to reverse that trend.

    • by AmiMoJo ( 196126 )

      Could the guy sue them for the hassle he has experienced?

      • Sure, you can sue anyone. But, they likely agreed to all the Google Terms of Service. Let's say best case scenario: they can get a FULL REFUND of everything they paid to Google. Oh wait, this is an ad-supported "free" product, and they aren't really a "customer", and have no contract? Welp, good luck with that.

    • by blarkon ( 1712194 ) on Sunday August 21, 2022 @05:38PM (#62809407)
      Google believes it is the proper authority. Google believes it should be running the world and your soul and rights are just another terms of service violation.
      • by gweihir ( 88907 )

        Pretty much, yes. Unless and until Google gets forced to reverse such a bad decision and gets to pay for any and all damage caused, this crap will continue.

        • by hjf ( 703092 )

          And judging by half of the comments in this post, this is what people want. "Welp, you shouldn't have used google"

          Imbeciles believing that it's all reduced to "it's free so there's nothing you can do because the best you could get is your money back".

          Imagine slipping on a sidewalk because someone decided to wash it with soap and suing and being told "well sir, you didn't really buy anything from this business so there's really nothing we can award you. case dismissed".

    • Legal authorities do not determine nor state that nothing illegal occurred. Rather they determine 'not enough evidence to convict' or go to trial. Huge huge difference. It is extremely rare for a legal authorities to explicitly and officially state that someone is 'innocent' - one of the rare examples was the security guard at the olympics.

  • by devslash0 ( 4203435 ) on Sunday August 21, 2022 @05:12PM (#62809327)

    Okay, so sending a dickpic to someone is one thing, but sending a dickpic of a minor to a nurse, and with your wife's permission is a completely new level of a kink.

  • Seems odd (Score:4, Insightful)

    by Slashythenkilly ( 7027842 ) on Sunday August 21, 2022 @05:18PM (#62809333)
    I wonder if Google has any policies regarding their own false allegations of abuse, being willing to defer judgement until an actual investigation can be made, and restoring someone's account once they are cleared. We are living in a new age of guilty until proven innocent but the second part really isnt our problem.
    • by sjames ( 1099 )

      Interestingly, Google's actions actually impeded the investigation by preventing the detective from talking to the dad.

    • Re:Seems odd (Score:5, Interesting)

      by AmiMoJo ( 196126 ) on Sunday August 21, 2022 @05:37PM (#62809405) Homepage Journal

      It seems to be policy that closed accounts are never reinstated, under any circumstances. It just doesn't seem to be possible. There is no path to recovery.

      As such I've started considering Google accounts to be a risk. They could be lost at any time, without warning. All data stored there must be backed up, and all services must be replaceable at a moment's notice.

      • Re:Seems odd (Score:5, Insightful)

        by c-A-d ( 77980 ) on Sunday August 21, 2022 @05:49PM (#62809441)

        > As such I've started considering Google accounts to be a risk.

        You're only figuring this out now?

        • by AmiMoJo ( 196126 )

          Perhaps I should have said "an *unacceptable* risk".

          We all rely on services that could go away, including due to a mistake by the service provider. Even if you handle your own email with a dedicated server, there is a decent chance that it will become unusable became it ends up on some spam blocklist or the datacentre decides to kick you out. Most ISPs block port 25, and most people don't have a great deal of choice over which ISP they use anyway.

          So all you can do is evaluate the risk and decide how much ef

    • I wonder if Google has any policies regarding their own false allegations of abuse, being willing to defer judgement until an actual investigation can be made, and restoring someone's account once they are cleared. We are living in a new age of guilty until proven innocent but the second part really isnt our problem.

      I can definitely understand the automatic disabling, I suspect there's a lot of nasty stuff getting sent around on a regular basis. But given that the guy had a good and easily verified explanation it should have been pretty trivial for him to get his account fully reinstated. I don't imagine many child porn traders are reaching out to Google and bringing more attention to themselves.

    • This whole article is the best argument I have ever seen against using a specific phone service provider. I will never, ever purchase Google Fi or Google Fiber after having read this.
    • I wonder if Google has any policies regarding their own false allegations of abuse

      I don't know what Google's policy is but given that they are alleging child abuse when there clearly was absolutely none there are laws about libel and falsely accusing someone of child abuse is about the most personally damaging sort of libel you can imagine.

  • If I was the dad I'd sue for illegal viewing of the contents and unwillingness to review the appeal.
  • by clawsoon ( 748629 ) on Sunday August 21, 2022 @05:27PM (#62809365)

    All the sci-fi about AI running the world assumed it would be super-smart, figuring things out that were beyond are understanding. But it turns out that we invented idiot AI which we use for things like catching child predators because it's cheaper, and that has produced a whole different and stupider dystopia than what our science fiction imagined.

    Presumably there are also some dumb humans involved in this dumb chain of events.

  • EULA? (Score:5, Insightful)

    by AlanObject ( 3603453 ) on Sunday August 21, 2022 @05:28PM (#62809367)

    I read somewhere that if the average consumer were to read all the ELUAs to which they have implicit agreed it would take six months of time. Obviously, only specialized classes of users will ever read them. Paid attorneys working for a business or civil rights group mostly.

    So as a Google, Apple, Microsoft user I freely admit I have never read any of their ELUAs either, nor any of the endlessly repeated/updated "Privacy Policies" that come with not only those services but every financial service I use online. Dozens if not hundreds of documents. So I make certain assumptions about what is in them and act accordingly. I expect:

    1. They own the copyright on anything I upload that is made publicly visible. At very least I can't sue them for copyright infringement.

    2. They will use anything I upload that to make money with. Unless otherwise explicitly agreed I have no claim on that money.

    3. They are not liable for anything no how no way no never ever no matter what with regard to the integrity or security of stuff I upload to their servers. The user is responsible for any desired backups. You get phished successfully it is your problem. They get phished successfully it is your problem. Your private stuff goes public it is your problem.

    4. They will help law enforcement enforce laws against me for anything I do that they think is illegal.

    Anyone care to add to the above?

    If it works out in fact that the ELUA/Privacy Policy is actually more in favor to the user then fine. Otherwise assume the worst.

    Now with regard to the story posted, it seems pretty clear that the victim thought they were using a private communication service like a telephone/fax, and what they actually did was post an image to a service that is potentially viewable by the public. And yes if it is anywhere near underage naughty bits then heebie-jeebies are expected and they will take action to protect profit. Their business plan says no heebie-jeebies. If this case is actionable on a right-to-privacy basis then those details are what it will hinge upon.

  • by blahbooboo ( 839709 ) on Sunday August 21, 2022 @05:48PM (#62809433)
    The doctor should have known better to never send patient material via email. In fact, all health systems have tons of electronic blocks, education/training, and postings telling the doctor to not communicate with the patient outside the EHR communication pathway. So while Google was pretty horrible, the doctor was a complete moron or worked for a shit healthcare system.
    • Technically, it was the doctor's nurse who suggested sending photos. We don't know if the doctor was in the decision-making loop.

      Regardless, it seems like there was plenty of naivete / stupidity to go around.

      • And if the nurse wasn't paying attention to the actual problem area involved, it may have been an innocent mistake. If a hand or eyeball was swollen no one would think anything of it.
    • by dszd0g ( 127522 ) on Sunday August 21, 2022 @06:13PM (#62809511) Homepage
      I don't think you read the article or summary. "Mark’s wife grabbed her husband’s phone and texted a few high-quality close-ups of their son’s groin area to her iPhone so she could upload them to the health care provider’s messaging system." It sounds like the doctor was likely using a HIPAA compliant messaging system, not email. The only mistake the nurse (they spoke to an advice nurse according to the article) made was to instruct the parents to upload genital photos of a minor. Not a lot of nurses are experts at telehealth and the issues of tech companies being pressured to implement safeguards against child porn and exploitation.
    • This is bullshit. Email is far more secure than the usual fax machine that most doctors offices use for most communications. Your emails are going to be sent over an encrypted channel and even if unencrypted require much greater technical proficiency to decode than a fax which could be intercepted with a basic phone tap and minimal extra technical sophistication.

      Moreover, these laws exist for the protection of the patient not to make it harder for the patient. If the patient prefers to send photos over e

      • Yes, I realize this isn't what happened in the actual case but this shit irks me. It's security theater not a real defense of patient privacy and we all have to pay for it in increased doctor bills.

        I'm far more concerned about the extra people who have access to my medical information because some IT professional is now involved to manage the doctor's practice and medical website than I am about the possibility someone will hack into my doctor's gmail account. Fuck, I think it's kinda a greater danger sin

  • by Sebby ( 238625 ) on Sunday August 21, 2022 @05:51PM (#62809445)

    ...when you let a Privacy Rapist have access to all your data.

  • by klipclop ( 6724090 ) on Sunday August 21, 2022 @06:09PM (#62809503)
    You're their PRODUCT! It sounds like this was all a misunderstanding, but now he's a radioactive product that Google doesn't want to monetize anymore. I personally switched to non google products years ago and this is just a reminder to people why you should opt for a paid service provider.
  • From Google's perspective, they locked out one user - sorry, product.

    It's easier and cheaper for them to blanket ban rather than set up a system for appeals.

  • I really hope this guy sues Google. The only good thing about this mess it makes people aware of is just how bad Google is. I avoid all Google products/services as much as possible..and the last outfit I would trust with private documents is Google or photos.
  • A big problem with situations like this is we have technology companies running behind "common carrier" protections if something happens that might get them in trouble, then using some other provision in law when it suits them. They are taking advantage of the ambiguity of law, an ambiguity that exists because all of this is still quite new.

    Had these companies just declared themselves a "common carrier", like a phone company or airline, then they could run to that if anyone complains of kiddy porn on their

  • Sounds like a well intended CP detection algorithm led astray because of missing context.

    Google needs to have a human supervisor monitoring its fleet of computers that can process appeals.

    Here's a good appeals algorithm: Have as part of the appeals form the police report number. Make sure anyone filing a false appeal has a way to get burned with the authorities for fibbing.

    As for common carrier status internet access is itself becoming so critical to society at large it was high time it was classified as a

  • What now? TFA says they texted it. MMS messages are open. They sent medical information over an unsecured channel. Worse yet, the physician may have asked for it to be sent this way. Either way, we need a PSA about SMS/MMS and the fact that they are completely in the clear.

    The only way I would send such information is through a HIPAA protected patient data portal. The law is from 1996 and the data portals are pretty much ubiquitous at this point, with a variety of vendors providing software solutions for ex

It's hard to think of you as the end result of millions of years of evolution.

Working...