Google, like all responsible service providers in the technology industry, takes the protection of children very seriously. It uses “proprietary technology to deter, detect, eliminate and report crimes,” including identifying child sexual abuse material in Gmail emails. When you sign up to use Gmail, you agree to Google’s terms and conditions that allow such searches. Now, a U.S. Court of Appeals for the Second Circuit has ruled that this does not mean that an additional search can be conducted once details of the initial findings are sent to authorities, in violation of the protections of the Fourth Amendment.

ForbesNew Google 2FA update warning: act now, the clock is tickingBy David Winder

How Google detects CSAM in Gmail messages

Google describes the Measures taken to identify and report child sexual abuse material in some detail online. This includes working with teams of Google specialists, along with technology solutions such as machine language classifiers and hash matching. It is the latter, hash matching, that is at the center of this new appeals court ruling. Think of a hash as a digital fingerprint left by any image or video file; Like fingerprints, these are unique to each specific file. Which means Google can detect hashes associated with known CSAM images and videos within Gmail messages without seeing the offensive and illegal material itself. “When we find CSAM, we report it to the National Center for Missing and Exploited Children,” Google said, “which serves as a liaison to law enforcement agencies around the world.” It is sad to report that this has proven to be a notable success; sad because so many images have been identifiedbut positive because it means that the authorities can take action against the people who distribute it.

In short, Google’s terms of service prohibit the use of any of its platforms, including Gmail, to store or share CSAM content. Hash matching technology allows Google to detect such content in Gmail messages without a human having to read the email and without even seeing the image itself, just the hash.

ForbesGoogle claims to be the first in the world when AI finds a 0-day security vulnerabilityBy David Winder

Child abuse material in Gmail reported to authorities: overreach of authorities and judicial rules

As collected by reporters at TechDirtA 2nd Circuit Court of Appeals ruled on a case that was appealed to the United States District Court for the Northern District of New York. This case revolved around a man who was convicted of possessing CSAM images, but who had appealed on the basis that the court order was “tainted by previous unconstitutional intrusions.”

The detected CSAM hash was passed to the National Center for Missing and Exploited Children and then to authorities for investigation and potentially prosecution. However, it was discovered that law enforcement had conducted a visual examination of the image of child abuse rather than just the hashish itself. “They went beyond the scope of Google’s private algorithmic search,” TechDirt reported, “as they learned more than the image hash value of the Maher file; “They learned exactly what was represented in that image.”

And that’s where the court ruling come in. The examination was conducted before obtaining a court order blocking the government’s claim, through law enforcement actions, to be the beneficiary of a private search because Google had never seen the Gmail CSAM image in question. The first time he was seen by anyone other than the perpetrator was when investigators opened him up. Unfortunately, authorities could have easily obtained a warrant using probable cause, the hashish itself, but for some reason they chose not to do so until after the additional search.

ForbesGmail 2FA Cyber ​​Attacks: Open Another Account Before It’s Too LateBy David Winder

The Gmail search rule

Therefore, Google’s terms of service state that you may review content and share it with a third party if necessary to comply with any applicable laws, such as when you have actual knowledge of CSAM on your platform. The court ruling simply advises that the perpetrator’s “reasonable expectations of privacy” for that content from government access are not overridden by Google’s terms. As TechDirt so eloquently explained, “agreeing to share things with third parties from private companies is not the same as agreeing to share the same things with the government any time the government wants to access content or communications.”

The good news is that the conviction constitutes a good faith exception applied to the search on this occasion. The best news is that it sends a message to authorities not to overdo it and apply the correct search warrant procedure when it comes to material found in Gmail. We all want these perpetrators to be brought to justice, and procedural errors that could prevent that from happening must be mitigated.