GO
Loading...

Outraged by Google reading your gmail? Read this

Recently, Houston police arrested John Henry Skillern, a registered sex offender, on child pornography charges following a tip from Google to the National Center for Missing and Exploited Children that Google had detected child pornography in Skillern's gmail. This arrest leads to two questions:

1. How did Google detect the child pornography in the e-mail?

2. What other content does Google read in the course of transmitting millions of gmail messages each day?


Daniel Acker | Bloomberg News | Getty Images

Google released a statement revealing that they detected Skillern's child pornography through a technology called "hashing." Hashing is the process by which a document or image is converted into a single hexadecimal value that is unique to that document or image. Law enforcement authorities and the National Center for Missing and Exploited Children have indexed thousands of known child pornography images and created hashes for them. These hashes (as opposed to the images) are distributed to e-mail providers, such as Google to screen email and attachments. Apparently, Google detected one of the known hashes and alerted the authorities.

Read MoreAre 6-year olds more tech-savvy than you?

The federal law against child pornography requires anyone (including Internet providers) to immediately alert law enforcement if they knowingly possess or transmit child pornography. The law also requires the immediate destruction of the images. Anytime Google's system detects a "hash" tied to an offending image, it must immediately disclose that discovery to law enforcement.

No legal ground to sue in this case

An individual whose email is disclosed to law enforcement for containing child pornography would not have a basis to sue Google for making that disclosure. Google's privacy policy makes it clear that Google reserves the right to make disclosures as required by law:

"We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: meet any applicable law, regulation, legal process or enforceable governmental request."

Read MoreHow much is your stolen password worth?

Although the child pornography laws are not specifically referenced, knowledge of the law is presumed by courts.

In addition to "hash"-based detection of child pornography, Google uses an automated system to scan email sent or received by gmail users for key words that are used to (1) create targeted advertising based upon the content of the e-mail and (2) build user profiles. Google also uses its automated scanning on email systems that it provides for Internet providers or educational institutions, although that information is only used to build user profiles, not create targeted advertising.

Google has been sued for violation of the federal wiretap statute and state wiretap statutes for its automated scanning of the email that it transmits. Google sought to dismiss that case, arguing that (1) Google was shielded from the wiretap law by the exception allowing for reading of messages in the "ordinary course of business" and (2) gmail users consented to scanning of their email by accepting the Google's Terms of Use, which state that users:

"give Google (and those [Google] work[s] with) a worldwide license to use … create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services) … and distribute such content."

Not so fast, Google

In a ruling last September, Judge Lucy Koh of the United States District Court for the Northern District of California denied Google's motion to dismiss and allowed the case to proceed towards trial. Judge Koh held that (1) the "ordinary course of business" exception did not shield Google's scanning of emails for the purposes of targeting advertising or creating user profiles, but only those functions necessary to send and receive the email itself and (2) Google's "Terms of Use" did not adequately disclose the types of scanning that would be done. Judge Koh subsequently denied Google's request for permission to take an immediate appeal of her ruling. She also denied the motion for class certification, so the case is heading towards trial on behalf of the individual plaintiffs only.

Read MoreGoogle must face US lawsuit over consumer privacy

At this point, it is difficult to predict whether the plaintiffs will prevail in their case against Google. The trial court has only ruled that Google's defenses do not require that the case be dismissed. There will be extensive factual discovery and (if the case is not settled) a trial. Even after trial, there could be an extensive appeals process that could go all the way to the United States Supreme Court. There may be different rulings for individuals who choose G-mail as their provider, as opposed to those who (1) send email to a gmail account or (2) send email to an account that is not labeled "@gmail.com" but is administered by Google.

While the case is winding its way through the federal courts, Google has continued its policy of automated scanning of e-mail. So, if you notice that the ads you read online seem to closely track what you are discussing in your email, it is not an accident.

Commentary by Mitchell Epner, an attorney specializing in white-collar crime, sports and entertainment law and intellectual property. He's also a former Assistant United States Attorney in the District of New Jersey. Follow him on Twitter @mitchellepner.