About Yahoo Email Scanning and Robocop.
This is a short post intended to put the recent revelations about mass email scanning at Yahoo in context. This post is about slippery slopes.
In the United States, the mail is protected by the Fourth Amendment, and the police are supposed to obtain a warrant before openning or reading private letters. The Fourth Amendment was first formally applied to the mail in the late 1800’s, but in practice, the privacy of the mail was respected carefully by the United States Government through out it’s history. In the twentieth century, Fourth Amendment protections were also applied to the content of telephone calls and emails.
So, originally, the privacy of personal email correspondence was sacrosanct.
When Google first launched it’s Gmail service, there were a few privacy advocates who expressed concern. Gmail offers a great email service with massive storage capacity for free, but there is a catch. Google scans the content of your private email and uses it to target advertisements at you. You might see advertising that relates directly to the content of your private conversations.
To some privacy advocates, the idea of a computer algorithm scanning the content of private correspondence seemed worrisome, but Gmail has been a huge success. People largely accepted the trade off — targeted advertisements in exchange for better free email service.
We took a very small step down the slope. The privacy of email is sacrosanct, except when it comes to advertising algorithms.
More recently, email services like Gmail, as well as Yahoo, AOL, Microsoft, and others, have begun scanning the content of private email for image attachments that match the digital fingerprints of known child pornography images. If your email service finds a match between one of these fingerprints, and a file attached to one of your emails, they inform the police.
It is almost impossible for a false positive fingerprint match to occur. Nevertheless, generally speaking, no one is supposed to look at private email content based on a mere match, alone. Instead, the police argue that the fingerprint match establishes probable cause, and they then ask a judge for a warrant to get access to the emails. Once the warrant is obtained, the emails are viewed, and the suspect is charged.
Government lawyers rationalize that this process doesn’t violate the Fourth Amendment, even though it involves scanning the content of everyone’s private correspondence, looking for evidence of a crime. The police are not doing the scanning, they argue. Its a private company, who does so voluntarily. When that company finds a match, no one actually looks at the emails in question until a warrant has been obtained.
Although some privacy advocates have expressed concern about this scanning, it has been going on for a few years, and most people are comfortable with it. It is very very unlikely for a fingerprint to match an email that doesn’t really contain child pornography.
So, we have taken another step down the slope. The privacy of email is sacrosanct, except when it comes to advertising algorithms, or fingerprints that match child porn images.
This week, we learned that the Government had ordered Yahoo to let it scan all of it’s customer’s inbound emails for a tell tale signature associated members of a foreign terrorist group. As far as we know, it is really really unlikely that your emails would match this signature, unless you are actually involved with this particular foreign terrorist group.
Yahoo didn’t have a choice in the matter, it seems, so in this case, it really is the police doing the scanning. But, lawyers rationalize, only emails sent by members of this particular foreign terrorist group are going to match this signature, and unless the signature matches, no human being is ever going to read your private emails. So, they figure, this scanning is Constitutional, because the signature is being used to zero in on emails associated with this terrorist group, and because the group is foreign, they don’t have Constitutional rights, so it is OK for the government to read their emails.
Are you comfortable with that? People don’t like terrorists, any more than they like child pornographers. So, I imagine, most people will be comfortable with it.
But, we have now taken another step down the slope. The privacy of email is sacrosanct, except when it comes to advertising algorithms, or fingerprints that match child porn images, or signatures that match a particular foreign terrorist group.
There are lots of different kinds of fingerprints and signatures that can be created that match lots of different kinds of things.
How far down this slope are we going to go?