Court rules Fourth Amendment bypass Trump's Gmail search warrant for illegal content

Court of Appeals ruling sides with the Fourth Amendment in Gmail content search case

SOPA Images / LightRocket via Getty Images

Google, like all responsible service providers in the technology industry, takes the protection of children very seriously. It uses “proprietary technology to deter, detect, remove, and report violations,” including identifying child sexual abuse material in Gmail emails. When you sign up to use Gmail, you agree to Google’s terms and conditions that allow such searches to take place. Now, a US Second Circuit Court of Appeal has ruled that this does not mean that a further investigation, once the details of the initial findings have been forwarded to law enforcement authorities, can be conducted in violation of 4th Amendment protections.

ForbesGoogle’s new 2FA update alert: Act now, the clock is tickingBy means of Davey Winder

How Google detects CSAM in Gmail messages

Google describes the measures it takes to identify and report child sexual abuse material in detail online. This includes working with specialist teams at Google, along with technology solutions such as machine language classifications and hash matching. It is the latter, hash matching, that is central to this new ruling from the Court of Appeal. Think of a hash as a digital fingerprint left by every image or video file. Like fingerprints, these are unique to each specific file. This means that Google can detect the hashes associated with known CSAM images and videos in Gmail messages without actually viewing the offensive and illegal material itself. “If we find CSAM, we will report it to the National Center for Missing and Exploited Children,” Google said, “which liaises with law enforcement agencies around the world.” Sad to report, this has proven remarkably successful; sad because so many images have been identifiedbut positive because it means law enforcement agencies can take action against the people spreading it.

Nearly 3 million CSAM images were detected in the first six months of 2024 alone

Googling

To recap, Google’s terms of service prohibit the use of any of its platforms, including Gmail, to store or share CSAM content. Hash-matching technology allows Google to detect such content in Gmail messages without a human having to read the email and without ever actually viewing the image itself, just the hash.

ForbesGoogle claims a world first because AI discovers a zero-day security vulnerabilityBy means of Davey Winder

Child Abuse Materials in Gmail Reported to Law Enforcement Agencies: Law Enforcement Overreach, Court Rulings

As retrieved by reporters at TechDirta Second Circuit Court of Appeals ruled in a case appealed to the United States District Court for the Northern District of New York. This case revolved around a man who had been convicted of possessing CSAM images, but who had appealed on the grounds that the law enforcement order was “tainted by prior unconstitutional infringements.”

The detected CSAM hash had been reported to the National Center for Missing and Exploited Children and then to law enforcement authorities for investigation and possible prosecution. However, law enforcement officers appeared to have conducted a visual search of the child abuse image rather than just the hash itself. “They went beyond the scope of Google’s personal algorithmic search,” TechDirt reported, “in that they learned more than the hash value for the Maher file image; they learned exactly what was in that image.”

And that’s true the court’s ruling comes in. The investigation was conducted prior to obtaining an injunction barring the claim that the government, through law enforcement actions, was a beneficiary of a private investigation because Google never viewed the Gmail CSAM image in question. The first time it was viewed by someone other than the perpetrator was when investigators opened it. Unfortunately, law enforcement could have easily obtained a warrant based on probable cause, the hash itself, but for whatever reason they chose not to do so until after the additional search.

ForbesGmail 2FA Cyber Attacks: Open Another Account Before It’s Too LateBy means of Davey Winder

The Gmail search rule

So Google’s terms of service state that it may review the content and share it with a third party if necessary to comply with applicable law, such as when there is actual knowledge of CSAM on their platform. The court’s ruling simply advises that the perpetrator’s “reasonable expectation of privacy” for that content regarding government access is not overridden by Google’s terms. As TechDirt so eloquently explained, “agreeing to share things with third parties from private companies is not nearly the same as agreeing to share the same things with the government at any time the government wants to access content or communications.”

The good news is that the conviction on this occasion is a good faith exception applied to the search. The better news is that it sends a message to law enforcement that it is not going too far and is applying the proper search warrant procedure when it comes to material found in Gmail. We all want to see such perpetrators brought to justice, and procedural errors that could prevent this must be limited.