Jennifer Lynch writes:
In a powerful new ruling for digital privacy rights, the Ninth Circuit Court of Appeals has confirmed that the police need to get a warrant before they open your email attachments—even if a third party’s automated system has flagged those attachments as potentially illegal. We filed an amicus brief in the case.
How We Got Here
Federal law prohibits the possession and distribution of child sexual assault material (also known as child pornography or CSAM). It also requires anyone who knows another possesses or is engaged in distributing CSAM to report to a quasi-governmental organization called the National Center for Missing and Exploited Children (NCMEC).
Although federal law does not require private parties to proactively search for CSAM, most, if not all major ISPs do, including Google, the ISP at issue in Wilson’s case. Once one of Google’s employees identifies an image as CSAM, the company uses a proprietary technology to assign a unique hash value to the image. Google retains the hash value (but not the image itself), and its system automatically scans all content passing through Google’s servers and flags any images with hash values that match it. Once an image is flagged, Goggle’s system automatically classifies and labels the image based on what it has previously determined the image depicts and sends the image with its label to NCMEC, along with the user’s email address and IP addresses. NCMEC then sends the images and identifying information to local law enforcement, based on the IP address.
In Wilson’s case, Google’s automated system flagged four images attached to one of his emails. No Google employee ever looked at the exact images attached to Wilson’s email. Google forwarded them to NCMEC, and NCMEC sent them to San Diego law enforcement. There, an agent opened the images and confirmed they were CSAM – without a warrant.
Read more on EFF