How did Google detect child sexual abuse images in someone’s Gmail account?

A 41-year-old Houston man has been charged with possessing images of child sexual abuse after Google alerted authorities to his Gmail account. Police said Google was able to detect the explicit images of young girls in an email John Henry Skillern was sending to a friend.

Google informed the National Centre for Missing and Exploited Children in the USA and Skillern (pictured) was arrested. After obtaining a warrant police found child porn on Skillern’s phone and tablet and text messages and emails where he talked about his interest in children. In 1994 he was convicted of sexually assaulting an eight year old boy and his details are on the US sex offender registry.

Google has remained tight-lipped about how it was able to spot the image in Skillern’s emails and media reports have expressed surprise that Google could do this. The BBC said that the arrest “raises questions over the privacy of personal email” but Google makes no secret of its email-scanning technologies, even if it won’t detail them in a statement to the press.

In terms of service documents for Gmail the company outlines its stance on child safety:

“Google has a zero-tolerance policy against child sexual abuse imagery. If we become aware of such content, we will report it to the appropriate authorities and may take disciplinary action, including termination, against the Google Accounts of those involved.”

In April 2014 Google updated its terms of service to explicity state that it scanned all emails when they are sent, received and stored. The company says that this is done to make its services better but also to detect “spam and malware”.

Google also details its use of pattern recognition software to make sense of images. Google explains how this technology can be used to recognise your face and the faces of your friends to automatically tag photos, what it doesn’t say is how the technology could be used to scan images for illegal content.

Writing in The Telegraph last year Google’s chief legal officer David Drummond revealed that the company had been using automated systems to scan for images of child sexual abuse since 2008. The system works by creating a ‘hash’ for any known images of child sexual abuse and can then scan all Google services for other instances of this image. Drummond explained that Google had also been working to create a cross-industry database to detect such images.

“This will enable companies, law enforcement, and charities to better collaborate on detecting and removing child abuse images,” Drummond explained. Similar technology has also been developed by Microsoft. Called PhotoDNA it is used on Microsoft services as well as by Twitter and Facebook to detect images of child sexual abuse. Like Google’s software, PhotoDNA also uses ‘hashing’ to trawl the web for known images of child sexual abuse.

It isn’t clear if Skillern’s email contained a known image of child sexual abuse that was picked up by hashing technology or if Google is using other methods to detect such images. The company said it refuses to comment on individual user accounts.

Speaking after the arrest, detective David Nettles of the Houston Metro internet crimes against children taskforce said that Skillern was trying to hide his activities “inside his email”:

“I can’t see that information, I can’t see that photo, but Google can. I really don’t know how they do their job but I’m just glad they do it.”