The Gmail Panopticon: The End of Privacy as We Know It?

Dann Albright 21-08-2014

It sounds like something from George Orwell’s 1984: a man sends a private e-mail and finds himself arrested for it. The e-mail wasn’t intercepted by an investigating police officer; the man wasn’t even under suspicion before his arrest. The e-mail was analyzed by an automated system that few people know about, and the offending e-mail was brought to the attention of the authorities.


Does this sound like a world you want to live in? That world is already here—and that system was used to catch a guy sending child pornography Unfortunate Truths about Child Pornography and the Internet [Feature] A small blank square and a blinking cursor. A window through which the entire world exists. You only have to say the right word – any word – and your every desire will be delivered.... Read More .

Caught Red-Handed

So how did it happen? John Skillern was sending indecent photos of children to a friend, and soon found himself under arrest. What he didn’t know was that Google automatically scans the images that are sent via Gmail and compares them to a database of recovered child pornography; if a match is found, the police are notified. In this case, they subsequently obtained a warrant to search his computer and tablet, where they found other pornographic images of children.


US law requires that any company discovering evidence of child pornography report it to the police immediately. This has traditionally applied to photo developers, photo hosting services, and other photography-related companies, but it applies to all companies, including search engines. Of course, this is good—the sexual exploitation of children is a heinous crime, and we should be throwing every resource we have at it. Companies are happy to comply with these laws, and in general, people are happy for them to.

But the existence of this technology has some people worried.


How Does It Work?

The technology that’s used for Gmail’s child-porn scanning is a piece of software created by Microsoft called PhotoDNA. When an image is added to the PhotoDNA database, a mathematical hash What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More is created and used as a unique identifier. After a few thousand images have been added to the database, it gets really good at identifying photos based on these identifiers, even if those photos have undergone minor alterations.


Microsoft developed PhotoDNA in conjunction with the National Center for Missing and Exploited Children (NCMEC), so it’s been destined for fighting child porn since the very beginning. And, obviously, it’s working. It caught Skillern, and it’s in use by Bing, OneDrive, Facebook, Twitter, and Gmail, among potential others.

Unfortunately, PhotoDNA can only identify photos that have already been added to the database, which means the trading of new images won’t trigger an alert. But with the amount of illicit material that’s already out there, it can be extremely useful in identifying potential child pornographers.


Was It a Secret?

Since the announcement of Skillern’s arrest, there’s been a lot of discussion about whether or not the deployment of PhotoDNA by Gmail is a privacy concern. Gmail serves ads to users, and scans the contents of personal e-mails to determine which ads to show. Google maintains that this scanning is done anonymously, and that student, business, and government accounts aren’t scanned. Recent privacy and legal concerns have led to Google backing off of their scanning a bit, but the revelation of the use of PhotoDNA has many people questioning whether or not we’re getting the whole story.


While Google had never denied that they were scanning Gmail messages for child porn, they were very tight-lipped about it. Even though people are sure to support anti-child-pornography measures, the idea that Google is scanning the images in their e-mails might not have gone over so well. But the news is out now, and we have to ask ourselves whether Google is being forthcoming with what they’re doing with our e-mails. We know that e-mail is inherently insecure Why Email Can't Be Protected From Government Surveillance “If you knew what I know about email, you might not use it either,” said the owner of secure email service Lavabit as he recently shut it down. "There is no way to do encrypted... Read More , but finding evidence of surveillance by Google is unnerving.

The Gmail Panopticon

In the late 18th century, Jeremy Bentham developed the plans for a building called a panopticon, in which all of the students, children, or—most applicably—prisoners in a building could be monitored by a single watchperson. None of the inmates are able to tell if they are being watched, so they must assume that they’re under surveillance, encouraging them to moderate their behavior so as to not draw attention to themselves.


Is that what Gmail is leading us toward? Right now, they’re scanning images for child pornography. But, as some journalists have noted, Google is bound by the laws of the countries in which it operates From The Web To Jail: 6 Types of Computer Crimes You Can Get Arrested For Governments across the world have tried to tame the Internet as a tempest of new technology threatens everything from strict government censorship and control over the media to entrenched media conglomerates and old concepts of... Read More , which means that governments could require that they turn over other sorts of information that’s found in their scans. This might sound like a stretch, but by accepting the terms and conditions of Gmail, we’ve given Google a lot of power to do what they want with our data.


And is it so hard to imagine that this technology would be used in the pursuit of perpetrators of other crimes? As it stands, Google maintains that someone could blatantly plan another type of crime via Gmail and they wouldn’t be at any risk. But how long will that be the case? Google is now cooperating with law enforcement by scanning our private messages Can You Escape Internet Surveillance Programs Like PRISM? Ever since Edward Snowden blew the whistle on PRISM, the NSA's no longer secret surveillance program, we know one thing with certainty: nothing that happens online can be considered private. Can you really escape the... Read More . Now that this technology has been used to catch a criminal and has been shown to the public, there’s a very strong bond there.

What will Google scan for next? Terrorist threats? Murder plots? Shoplifting? Opinions that differ from those supported by the political majority? Indications of intent to stop using Google services? We could see a big turning point in the near future driven by increasing demands from governments. And not just ours—what will more repressive governments ask Google to turn over? E-mails containing evidence of homosexuality? Political dissent? Humanitarian missions?


We just don’t know. And it’s tough to say how Google will respond.


And it’s going to be hard to say no after they’ve shown that their scanning can catch child pornographers. Who’s going to ask them to stop using this technology when they’ll inevitably be asked “Do you support child pornography, then?” in response? There might be no going back from this—public opinion is going to be tough to sway against a system that catches some of the most reviled criminals in the world.

Is This the Beginning of the End of Privacy?

If there’s a single company that’s synonymous with the Internet, it’s Google. And if they’re scanning our e-mails, online privacy could be coming to an end (at least in the major channels; there will always be other options). If you read my piece of the Don’t Spy on Us Day of Action Lessons Learned From Don't Spy On Us: Your Guide To Internet Privacy Read More , you’ll know that I’m afraid that privacy is facing some serious attacks from a number of directions, both corporate and governmental. And this cooperation between the two could spell trouble for online privacy and security.

While I don’t think we’re seeing a calculated move by Google to improve public opinion of their scanning, I think they’ll do their best to make this a positive thing. They might not have been hoping for this scanning to be brought to the attention of the public, but there’s ample opportunity here to show the world what they can do for us in exchange for some of our privacy.


The next step that Google takes in response to this story will be very telling, and I’m looking forward to following this story to see what they say about it. What do you think? Is Google overstepping their bounds by scanning every image that we send? Or are you happy to sacrifice some of your privacy to fight child pornography? Would you feel the same way if Google starts scanning for other crimes? Or if governments start making demands on them to turn over certain e-mails? There’s a lot of room for controversy and discussion here—chime in below and let us know what you think!

Image credits: All seeing eye. Doodle style (edited) via ShutterstockMan in black via Shutterstock, Micah Baldwin via flickr, DieBuche via Wikimedia CommonsRobert Scoble via flickr, Ben Roberts via flickr.

Related topics: Gmail, Google, Online Privacy.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    July 19, 2016 at 1:26 pm

    I just stumbled on this article, then closed the page after reading it. Interestingly, this ZDNet article shows the latest:

    "Google: Government requests for user data hit all-time high in second half of 2015", referring to governments around the globe !!

    "By far and away, the most requests came from the United States, which made 12,523 data requests for this reporting period. The requests impacted 27,157 users or accounts."

    "Google only counts criminal legal requests in its total tally for US data requests. However, the company also provides a range of how many requests it receives under two national security tools: The Foreign Intelligence Surveillance Act (FISA) and National Security Letters. This data is subject to a six-month reporting delay."

    • Dann Albright
      July 25, 2016 at 8:01 pm

      Interesting stuff! Over 12,000 requests in a six-month period is a lot of requests, and Google has a lot of information to give if they choose to. That's worrying.

  2. Robby R
    August 22, 2014 at 11:01 pm

    I can understand how this is a problem for privacy when people say "where does it stop?" The problem is as it says on this article "it’s in use by Bing, OneDrive, Facebook, Twitter, and Gmail, among potential others." I mean at this point can we really trust any company with our privacy. If you're using social media your pics are getting scanned. Certain words trigger red flags as we learned by all the info released on requests by the NSA.

    Google at this point I think has soo much info on people from us using gmail, google DNS, google docs, calendar, now they have fiber internet and cable tv so I am sure they collect some type of info for using those services. Than again so does facebook, so does twitter, flickr, I mean I can name all the big sites here, but the funny thing is without us knowing we're the ones giving them the information. I am all for scans to get the bad guys of the street. As a father I can say that any type of crime against a child is something that should never happen. Unfortunately it does. If PhotoDNA gets these sick f**ks of the streets scan away. I know that privacy is an issue and some companies abuse it, but at some point you have to think does the fact that we can get these people off the streets and possibly save some kids from something horrible happening to them out weight the privacy issue. Its a hard call.

    • Dann A
      August 26, 2014 at 12:53 pm

      It is a hard call. I don't think anyone would say that these kinds of criminals shouldn't be off the streets or that we shouldn't be using the resources available to do that. But the big issue is the future: what will be illegal tomorrow? Different religions? Lifestyles? DNA patterns? We just can't know. And while you're right about this collection being ubiquitous, I think it's far from being totally assumed and implicitly okayed by everyone. If we're going to do something about it, I think it has to be soon. And doesn't it seem better for us to have a say in it than just leaving it up to corporations and governmental bodies?

  3. Horusbedhetys
    August 22, 2014 at 7:54 pm

    Now that it has started, there's no putting the genie back into the bottle. At some point, Google is oging to face a huge lawsuit, because, at some point, they are going to rat out some gay person to the Ugandan government or some peaceful protest organizer to the Ferguson cops. Maybe they will rat you out for posting some vague statement that they have interpreted as dangerous.

    • Dann A
      August 26, 2014 at 12:49 pm

      It'll be really interesting if this comes to a large lawsuit. As I mentioned in a previous comment, there are a lot of difficult issues surrounding consent and ownership here, and putting them before a judge is sure to create some controversy. We'll just have to wait and see!

  4. Frank Tomas
    August 22, 2014 at 2:19 pm

    We are all bound to the 'Social Contract' that allows others to do things for us like taking care of crime. We give up certain rights for it like not being a law unto ourselves. This almost falls into the same except that while a 'mans home is his castle' and, within the bounds of law and reason, can do as one wishes once those bits of data leave the 'castle' they can not be considered protected.

  5. Guy M
    August 22, 2014 at 3:07 am

    I just learned something about the 4th amendment of the US Constitution. Apparently, if information about you is held by a third party, the gov't doesn't need a warrant to access it.
    So, does your Gmail belong to you or Google?

    If it belongs to you but you've signed off on Google scanning it for any reason, then the results of the scan belong to Google.

    If it belongs to Google, then it's open wide for them.

    I'm not Google-bashing here. This is just the reality of it all. I'm not even sure how I really feel about Google scanning for criminal activity. (I'm extremely happy that there will hopefully be one less monster on the streets due to this.) Some would say all of our other communications are already being scanned or are about to be. Something called Echelon. I just don't know.

    Maybe it's time to get our heads, and information, out of the clouds and back into our homes. Maybe we should think about home servers again and setting up our own e-mail servers at home. Then it's all ours. It's actually not that hard to do.

    • Dann A
      August 26, 2014 at 12:46 pm

      Interesting—I didn't know that about the 4th amendment! There are similar discussions going on here in the UK; intelligence agencies have a lot more power when collecting data on foreign individuals and parties than on domestic ones. But if a UK citizen has data stored on a foreign server, I think it's classified as foreign information, and it's a lot easier for the agencies to get at it.

      Anyway, there are a lot of issues of ownership and consent here that are very difficult to navigate and, therefore, to legislate. There are a lot of nuances that are going to be opaque to just about everyone except the legally educated.

      Interesting idea on home e-mail servers. Might have to look into that!

  6. Piotr
    August 21, 2014 at 8:54 pm

    Actually that is good thing. However, where does it say the searching stops, or who sets the criteria? What if the next government believes that catching "wrong thinking" individuals will just perpetrate bad DNA and who is in favor of proliferating bad DNA? Once they have the keys and sycophants to enable it, only the government will set the policy. And no Hitler, nor Stalin, nor others would ever do anything wrong directional if they had that technology, would they?

    • Dann A
      August 26, 2014 at 12:43 pm

      This is exactly what was discussed in some of the comments above; you're totally right! You never know when a new party will come into power and change what's legally acceptable and unacceptable. And suddenly, you're on the wrong side of the law and there's tons of evidence for Google to hand over. Not good.

  7. dragonmouth
    August 21, 2014 at 8:41 pm

    “Do you support child pornography, then?”
    A very disingenuous and insidious question putting the responder in a lose-lose quandry. If one answers "yes" then one implicitly agrees to unrestrained examination of one's communications. If one answers "no" then one immediately becomes a suspect and subject to further intrusive investigation. One does not have to support child pornography to be against unrestrained snooping.

    "Stop and Frisk" has been declared unconstitutional by the Supreme Court of the United States. How does Google reading emails differ from stop-and-frisk? Since Google is a private company not subject to the same controls as governmental entities, is the government using Google and other private companies to perform illegal acts it is proscribed from performing?

    Who detemines what the emails are scanned for? I'm sure that all MUO readers/posters are for rooting out of criminals and terrorists by examining emails. Would we be so sanguine and blithely accept email scanning if the Powers That Be instructed Google to scan for "unapproved" or "inappropriate" sexual, religious and/or political preferences? What if the scanning was for select undesirable ethnic groups?

    Whether we realize or not, the current governments of the "free world", through their attempted, contemplated and actual actions, are making the secret police organisations (NKVD, KGB, Gestapo, Stasi) of erstwhile police states look like a bunch of rank amateurs. We don't have overt dictators and/or Death Squads yet but it's only a matter of time.

    • Dann A
      August 26, 2014 at 12:42 pm

      Your comparison of the Gmail scanning to stop-and-frisk is really interesting. I see some parallels, but you could also make the argument that frisking is inherently a very personally violating activity, while anonymous data collection is less so. (Obviously, Google needs to the ability to non-anonymize the data to report things to the police, but I imagine that if nothing comes up, at least on PhotoDNA, you're pretty well ignored.)

      I agree with your point here; I just think it's a bit more complicated. Gmail scanning does seem to push us a bit closer to guilty until proven innocent, though, and that makes me uncomfortable.

  8. Peter
    August 21, 2014 at 6:27 pm

    And catching sickos that pray on the innocent is bad ?
    I don't care if my emails are scanned if it helps to take off the streets people like that!
    In fact I think it's great !

    • dragonmouth
      August 21, 2014 at 8:55 pm

      See my post to APgo. It could happen to you.

    • Dann A
      August 26, 2014 at 12:40 pm

      Peter, I'd like to hear what you think about dragonmouth's mentioned comment. Taking a child pornographer off of the streets is great, but what happens if someone decides that something that YOU do should be outlawed? Will you still want those people in jail?

    • Zach L
      September 7, 2014 at 12:18 am

      In addition to sickos who prey on the innocent, "they" are also doing warrantless email-reading to take whistle-blowers off the street -- the Obama administration has persecuted and prosecuted more whistle-blowers trying to protect the citizens of this country from everything from dangerous chemicals shipped through the mail and on railway to white collar crime that destroys people's retirement and lives. And, I want you to note, that the very first people the (GW) Bush administration went after once they got the freedom to do warrantless, no-paperwork phone-and-email scanning (supposedly to stop terrorists) were reporters who were trying to report on members of the Bush administration taking bribes from large corporations and private citizen-billionaires. They went after journalists right out of the box.

      There's this thing called "mission-creep", where laws specifically enacted for specific reasons are used for a plethora of other reasons that they were NEVER DESIGNED TO GO AFTER. A law to stop child pornographers that seems very important to put through, because, hey, WE GONNA GET US SOME SICKOS, will always find its use expanded for other things. Things nobody ever thought it would be used for, that our fore-fathers would be shocked we, the people, put up with.

    • Dann A
      September 9, 2014 at 8:39 am

      Zach, "mission creep" is a great way to describe what could happen here. I'd never heard that term, but it's very applicable. I've heard quite a bit of criticism about how the current administration has handled whistle blowers, and I'm not surprised that journalists were targeted (I just finished Hack Attack by Nick Davies, and it's amazing the level of control, access, and influence the media have in the government, at least in the UK).

      I've never heard about email monitoring to take whistle-blowers off the street, though; that's quite interesting. Do you have a link to story about that that I could read?

  9. APgo
    August 21, 2014 at 4:41 pm

    I do not understand the concern. How much do you guys pay for the gmail service? If you pay nothing why do you expect all the goodies. Anyone should understand already that if you do not pay for the service, you are not the client, you are a product. Google has every right to scan my or your e-mails. There is no expectation of privacy. And to catch some low-life sick individuals who abusing children - I am happy that there is a system like PhotoDNA that helps to find those criminals. I do not care if some system analyzes my e-mails or even someone reads them. If I need to communicate some confidential data (financial, health etc) I will not do it over free unencrypted e-mail anyway. I would also not scream out those secrets in a central plaza.

    • dragonmouth
      August 21, 2014 at 8:55 pm

      Catching criminals through scanning emails is very laudable but depends on the definition of what crime is. What if your particular religious beliefs, political leanings and/or your sexual preferences were criminalized??? Would you then still be happy for "some system to analyze your e-mails or even for somebody to read them"? Because then YOU would be the "some low-life sick individual"

    • Derp
      August 22, 2014 at 4:55 pm

      I pay with my eyeballs, which in turn generates billions of ad revenue for google.

    • Robby R
      August 22, 2014 at 10:42 pm


    • Dann A
      August 26, 2014 at 12:37 pm

      I definitely understand your point, APgo, but a lot of people aren't as knowledgeable about the internet as you are, and a lot of those people feel taken advantage of when they find out that their e-mail is being scanned. And while it's easy to say that they should have read the terms and conditions, it's also very understandable that they would have an expectation of privacy. No one expects the postal service to read through their mail—why should it be different with e-mail?

    • Dann A
      August 26, 2014 at 12:38 pm

      I wholeheartedly agree with your point here, dragonmouth. Crimes are determined by the current governmental power, and there's no telling when things might change.

    • Zach L
      August 27, 2014 at 1:49 pm

      I'm sorry, but what you're exhibiting here is that incredibly shallow, knee-jerk, and un-thought-out attitude where you very proudly say, "If you have nothing to hide, you have nothing to worry about."

      You have no idea what is or isn't illegal anymore--nobody does, not even high-priced professional lawyers, judges, and lawmakers. (I work in a law office and we've had discussions about this.) It has been estimated by legal professionals that we (here in the USA) can break the law several times a day and never know it. Our laws are so complicated, there's no way to know until someone in the government decides to target you: they can find something to charge you with easily and you'll hang yourself with emails you would have sworn on a bible were totally innocent.

      And, of course, the people who will be charging you with whatever it is they find would be in a high dudgeon at the thought that anyone should be able to read *their* emails, as you can see by what's going on in the Chris Christie administration. Government and law enforcement always seem to believe that they should be able to peruse your email without a warrant and no chain of evidence, but heaven forbid the citizens try to view their emails.

      Our founding fathers made sure a citizen was secure in his communications, and set up a lengthy and transparent process to open a citizen's physical mail to make sure it is never done lightly. We need to be as secure in our emails as we are in our snail mail, or it is an insult to the people who designed and set up this country.

    • Dann A
      September 5, 2014 at 9:33 am

      Zach, thanks for chiming in. It's interesting to think about the fact that some of the people who are deciding what's legal and what's not don't know all of the rules. Though it's certainly understandable; there are more laws than any single person could possibly know. And I wouldn't be surprised at all to find out that I had broken a number of laws already this morning!

      I like your comparison with physical mail; it seems like there should be similar protection for electronic communication, but that doesn't seem to be a very popular opinion. It's also a whole lot harder to regulate, I would imagine, especially when those e-mails might travel through servers in other countries.

      Anyway, thanks for reading and your input!

  10. AriesWarlock
    August 21, 2014 at 4:07 pm

    I am seriously thinking of an offshore email account. There's Neobox,, HongKong Mail, mBox, Green, Swiss Mail. Anybody uses them?

    • Maryon Jeane
      August 22, 2014 at 12:22 pm

      Why not use The Bat! and PGP? That's as safe as e-mail gets - just be aware that e-mail is never safe - but then nor is physical mail or any other form of communication...

    • Dann A
      August 26, 2014 at 12:35 pm

      I've never used any of those e-mail providers, but I'd definitely be interested in checking them out. Maybe I'll start doing some research and write an article on them soon!

    • Zach L
      August 27, 2014 at 1:33 pm

      I use The Bat! and like it very much, but it was set up by a friend who was an IT professional (that was about 10 years ago). Installation on each new computer I've purchased has been easy because you can save it to back up and then unpack it on the new computer and it sets itself up, but I'm afraid that I might not know how to start fresh on a new computer without the handy backup. There is a learning curve involved to The Bat! I still haven't figured out how to install the anti-spam add-ons/aps. *sigh*

    • Dann A
      August 27, 2014 at 2:30 pm

      I'm on a Mac, and when I last checked The Bat! was Windows-only, so I won't be able to check it out anytime soon. But if they release a Mac version, I'll definitely give it a try. Thanks for sharing your experience with it!