Sign in with
Sign up | Sign in

Op-ed: Email Scan Sends Child Predator to Jail

By - Source: KHOU | B 17 comments
Tags :

Houston, Texas' KHOU reports that 41-year-old John Henry Skillern was caught sending explicit images of a young, underage girl to a friend. David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told the station that Skillern believed he could get around being caught by sending those images via email. Clearly, he was wrong.

After receiving word of the images, local authorities grabbed a search warrant and investigated Skillern's house. They found child porn on his phone and tablet, and text messages and emails describing his obsession with children. He also had videos of children who visited Denny's where he served as one of the restaurant's cooks.

Skillern is already registered as a sex offender, as he was convicted of sexually assaulting an 8-year-old boy in 1994. He's now charged with one count of possession of child pornography and one count of promotion of child pornography. His bond has been set at $200,000, KHOU reports.

So who ratted this guy out? Google did. The company scanned his email and detected explicit images of a young girl. The company then contacted the National Center for Missing and Exploited Children, which got the ball rolling on getting this guy arrested.

This is a touchy subject. On one end, we have a potential child molester who clearly needs to serve more time behind bars. On the other end, we have a company that's scanning our emails. Which one is more in the wrong here? Skillern is of course, but it's scary to think that Google is peeking into its Gmail users' accounts. Then again, Google's actions pulled a child predator off the streets.

But what if Google makes a mistake? What if a father sends a picture of his teenage daughter, taken at the beach, to grandmom showing that the family is having fun on a vacation? There's nothing wrong with the picture, but Google spies the images and sends the local authorities banging on Dad's door. The man is innocent, but his reputation is damaged because now he looks like a predator to friends and neighbors. Yay Google.

With that, we'd like to ask Google just where the line is drawn. We'd like to ask how these attached pictures are scanned. Is Google reading our emails too? Is it scanning all of our images? Most importantly, has the company ever been wrong?

Don't take this article the wrong way; I'm not defending Skillern. If it hadn't been for Google, he would continue to hunt down innocent children. I applaud Google for cleaning up some trash, but I'm concerned about Gmail users and their right to privacy. If one email is scanned, then you can bet ALL emails are scanned to some extent.

“Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored,” Google’s Terms of Service for Gmail states.

UPDATE: After reports of Skillern’s arrest began to surface, Google came forward and briefly explained its image scanning policy. An email from a company representative explained that every child sexual abuse image is given a unique “fingerprint.” This allows the company to immediately detect illegal images without the staff having to actually to take a peek. This is the case with all Google properties, not just with Gmail.

"It is important to remember that we only use this technology to identify child sexual abuse imagery -- not other email content that could be associated with criminal activity (for example using email to plot a burglary),” the spokesperson told the AFP.

The National Center for Missing and Exploited Children (NCMEC), based outside Washington, said in a separate email to AFP that federal law requires companies like Facebook, Google and Microsoft to report suspected child porn to the “CyberTipline.” These reports are then sent to local authorities for a possible investigation.

“Google has a zero-tolerance policy against child sexual abuse imagery,” Google’s Gmail Program Policies currently states. “If we become aware of such content, we will report it to the appropriate authorities and may take disciplinary action, including termination, against the Google Accounts of those involved.”

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

Top Comments
  • 13 Hide
    InvalidError , August 4, 2014 3:49 PM
    Just a friendly reminder that anything you send or store on the internet in plaintext has no reasonable expectation of privacy. If you want to keep online stuff private, encrypt it at the source and leave it encrypted during transit and only decrypt it at the end-point where you want to use it.
Other Comments
  • 13 Hide
    InvalidError , August 4, 2014 3:49 PM
    Just a friendly reminder that anything you send or store on the internet in plaintext has no reasonable expectation of privacy. If you want to keep online stuff private, encrypt it at the source and leave it encrypted during transit and only decrypt it at the end-point where you want to use it.
  • 2 Hide
    killerchickens , August 4, 2014 4:51 PM
    Scroogled!!
  • Add your comment Display all 17 comments.
  • 8 Hide
    killerchickens , August 4, 2014 5:23 PM
    Google invented the naked erotic child picture detector, I wonder how they did that?
  • 1 Hide
    Darkk , August 4, 2014 6:02 PM
    I am happy to see Google put this scumbag behind bars where he belongs. Google have to be careful about what they report to the feds because if it turns out this guy is innocent (in this case he's obviously not) Google is liable for defamation of character and can be sued. Google can weather the storm but the guy's reputation is ruined. Google do have the right to scan for any illegal activity in the e-mails and the services they provide as stated in T.O.C.. Companies do the same thing with employee's e-mails and files stored on the servers as they have been told nothing is private as it can be monitored by I.T. to protect the company from liability.
  • 3 Hide
    f-14 , August 4, 2014 6:54 PM
    this story is 2 days old already and mr parrish blatantly leaves out the part where google spokesperson clearly stated the image was one google was scanning for from the list of images post on National Center for Missing and Exploited Children of a known exploited child photo as part of a cyber crime law enacted during the clinton era

    Detective David Nettles, from the Houston Metro Internet Crimes Against Children Taskforce, said Skillern used a Gmail account to e-mail a friend three explicit photos of a young girl.

    Google's terms of service clearly state that e-mails are analysed, and that any lawbreakers will be reported to the authorities.

    'Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection,' the terms say.

    Information the firm gathers can be passed on for a number of reasons, including to 'protect against harm to... our users or the public as required or permitted by law'.

    Since 2008 Google has used technology known as 'hashing' to tag known child sexual abuse images.

    That allows copies of those images elsewhere to be detected by computer software without humans having to view them again.

    Each image is encrypted, catalogued and assigned a unique ID number which is then tested against images being sent from Gmail accounts to see if they match.

    More sophisticated ways of detecting abuse images are being detected all the time.

    Last summer Google revealed it was launching a Child Protection Technology Fund worth $2million to encourage the development of more precise software.

    Source: Google

    electronic communications privacy act
    The Electronic Communications Privacy Act (ECPA) [18 U.S.C. Sections 2510-2521, 2701-2710], which was signed into law in 1986, amended the Federal Wiretap Act to account for the increasing amount of communications and data transferred and stored on computer systems. The ECPA protects against the unlawful interceptions of any wire communications--whether it's telephone or cell phone conversations, voicemail, email, and other data sent over the wires. The ECPA also includes protections for messages that are stored--email messages that are archived on servers, for instance. Now, under the law, unauthorized access to computer messages, whether in transit or in storage, is a federal crime.

    There is a clause in the ECPA, however, that permits employees at an internet service provider (ISP) to read the messages in order to maintain service or to immure the provider itself from damage. For example, if an ISP suspects that a virus is being disseminated via its systems, it has a right to intercept messages to determine whether its service is, indeed, a carrier of a virus.

    Like traditional wiretapping, the ECPA allows the government to obtain a warrant to access electronic communications or records. The first "data wiretap," for example, was used to apprehend some of the principal actors in the Phonemasters case.

    Interestingly, the ECPA itself was amended by Congress in 1994 when the Communications Assistance for Law Enforcement Act (CALEA) was passed. The amended ECPA required telecommunications carriers to modernize their equipment so that they comply with authorized electronic surveillance. Three prominent advocacy groups--the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and the Electronic Privacy Information Center (EPIC)--opposed the law. In a 1998 joint statement, the organizations said that they "continue to oppose the funding of [CALEA], an FBI-backed law that--despite the record levels to which law enforcement wiretapping has soared--would require the telecommunications industry to build enhanced digital wiretapping capabilities into the Nation's telephone system."

    Other Federal Laws

    There are other laws in the federal statutes that have been applied to hacker cases. These laws aren't designed specifically to counter computer crime, but have been applied to certain cases when existing law has proved inadequate in scope:

    Economic Espionage Act

    Enacted in 1996, the Economic Espionage Act (EEA) has both domestic and international components and condemns foreign espionage as well as theft of trade secrets. It has been used to prosecute industrial espionage through traditional means as well as the newer electronic pilfering methods. In essence, the EEA makes it a federal crime to take, download, receive, or possess trade secret information obtained without the owner's authorization.

    Wire Fraud Act

    The Wire Fraud Act makes it illegal to use interstate wire communications systems, which ostensibly includes the internet, to commit a fraud to obtain money or property. In addition, computer-aided theft involving the use of interstate wires or mails is considered criminal.

    National Stolen Property Act

    The National Stolen Property Act (NSPA) prohibits the transportation in interstate commerce of "any goods, wares, securities, or money" valued at $5,000 or more that are known to be stolen or fraudulently obtained. Computerized transfers of funds have been covered by this law.

    Identity Theft and Assumption Deterrence Act

    The Identity Theft and Assumption Deterrence Act (ITADA) [18 U.S.C. Section 1028(a)(7)] was passed by Congress in 1998. It criminalizes identity theft and allows courts to assess the losses suffered by individual consumers. According to the act, identity theft is defined as follows:

    Whoever knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or otherwise promote, carry on, or facilitate any unlawful activity that constitutes a violation of federal law ...
    Therefore, anyone who steals any name or number that may be used to identify a specific individual is committing a federal crime and may be forced to pay damages. While the CFAA covers certain aspects of identity theft, the ITADA addresses restitution and relief for the victims.

    state laws

    According to a March 1999 study in Information & Communications Technology Law, 33 states have enacted their own laws to combat computer crime, while 11 more have laws pending in state legislatures. The laws from state to state vary widely in structure and wording, but not in intent. Almost all of the present state laws criminalize the unauthorized access to or use of computers and databases, using a computer as an instrument of fraud, and known and foreseeable acts of computer sabotage.

    By nature, however, state laws are limited in scope. While most law enforcement has historically been left to the states, states are ill-equipped to deal with the extraterritoriality of computer crime. State law enforcement agencies cannot execute search warrants, subpoena witnesses, or make arrests beyond their own borders. Yet computer crimes are hardly ever confined to a specific locality. The "Morris Worm," for example, ultimately crippled 6,200 computers all over the country.

    Most experts agree that the CFAA affords the broadest protection against computer crimes.

    pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html
  • 3 Hide
    alextheblue , August 4, 2014 8:18 PM
    Quote:
    Just a friendly reminder that anything you send or store on the internet in plaintext has no reasonable expectation of privacy. If you want to keep online stuff private, encrypt it at the source and leave it encrypted during transit and only decrypt it at the end-point where you want to use it.
    Yes because encryption is foolproof and doesn't ever draw unwanted attention. :p 
  • 8 Hide
    InvalidError , August 4, 2014 8:21 PM
    Quote:
    Yes because encryption is foolproof and doesn't ever draw unwanted attention. :p 

    If everyone did it, it wouldn't!
  • -1 Hide
    Marcel Hardy , August 5, 2014 1:20 AM
    Absolutely! While i believe in a perfectly free and open Internet it clearly is prudent and responsible to monitor traffic. I run a tor relay and have been for years but if these young paranoid spoiled twenty-somethings think I do it so they can buy illicit guns,
    drugs, porno and much more they're wrong. And their attitude is spoiling the concept of an open Internet. I run it as a means for those in censored and blocked country's
    for the sake of freedom of speech. Too many want to use that for every illicit possibility they can for the sake of it. Who raises these punks? a: Mommy.
    spoiled little selfish whining creeps without much backbone to hold up their whining big mouths. And they're all male little twits. Without any real maturity.
  • 3 Hide
    virtualban , August 5, 2014 1:49 AM
    If you got nothing to hide, there is no need to hide. So, let's say, publicly available legal porn collection, publicly available masturbatory habits, publicly available shopping list, publicly available vacation schedule... hmmm... nothing to hide indeed.
  • 0 Hide
    IndignantSkeptic , August 5, 2014 4:52 AM
    Quote:
    If you got nothing to hide, there is no need to hide. So, let's say, publicly available legal porn collection, publicly available masturbatory habits, publicly available shopping list, publicly available vacation schedule... hmmm... nothing to hide indeed.


    People do have the right to hide certain things especially considering there are still some powerful people in even the USA government who wish to persecute and even prosecute people for being gay. Thankfully USA does not currently execute gays like some countries do.

    Also, you are forgetting industrial espionage. Companies spend billions of dollars to research and invent things and if someone secretly can just access all their top secret data, then that billions of dollars could have been completely wasted and put them into crippling debt that they may never recover from which will bankrupt them and utterly destroy them to the point where scientific advancement could cease to exist with apocalyptic consequences for humanity.
  • 2 Hide
    hoofhearted , August 5, 2014 5:48 AM
    Nice of Google to have that kind of unchecked power. They may have did something good this time, but wait until some tech weasel within Google begrudges one of us.
  • 2 Hide
    virtualban , August 5, 2014 5:55 AM
    I wonder whether do I need the '/sarcasm' tag when commenting obvious sarcasm.
  • 0 Hide
    Fr33Th1nk3r , August 29, 2014 5:54 PM
    So when me and my wife sends me nudes when I'm on the oil rig in my gmail this goes to a database that google employees can jerk it to. Great. lol
  • 0 Hide
    christinebcw , August 29, 2014 6:01 PM
    At some point, society either protects kids or not. Is the right of adults superceding the rights of children?
  • 0 Hide
    USAFRet , August 29, 2014 6:02 PM
    Quote:
    So when me and my wife sends me nudes when I'm on the oil rig in my gmail this goes to a database that google employees can jerk it to. Great. lol


    Email is like sending a postcard. Anyone along the line can see what it says or contains.

    In reality, though....gmail/google is comparing an attached file to a database of known 'bad' files. Does the filesize/filename/filetype/md5 hash match something in the DB? Flag it for further review.

    They are not looking at your wifes boobs.
  • 0 Hide
    Fr33Th1nk3r , August 29, 2014 6:09 PM
    Quote:
    At some point, society either protects kids or not. Is the right of adults superceding the rights of children?


    Actually I think all child predators should be hung and removed from society. My point was obviously not stated clearly enough.
  • 0 Hide
    Fr33Th1nk3r , August 29, 2014 6:10 PM
    Quote:
    Quote:
    So when me and my wife sends me nudes when I'm on the oil rig in my gmail this goes to a database that google employees can jerk it to. Great. lol


    Email is like sending a postcard. Anyone along the line can see what it says or contains.

    In reality, though....gmail/google is comparing an attached file to a database of known 'bad' files. Does the filesize/filename/filetype/md5 hash match something in the DB? Flag it for further review.

    They are not looking at your wifes boobs.


    lol roger that

React To This Article