Suppose a laptop were found at the apartment of one of the perpetrators of last year’s Paris attacks. It’s searched by the authorities pursuant to a warrant, and they find a file on the laptop that’s a set of instructions for carrying out the attacks.

The discovery would surely help in the prosecution of the laptop’s owner, tying him to the crime. But a junior prosecutor has a further idea. The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document. If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized “touches” on their accounts to see if the file reposed there.

A list of users with the document would spark further investigation of those accounts to help identify whether their owners had a role in the attacks — all according to the law, with a round of warrants obtained from the probable cause arising from possessing the suspect document.


Imagine that you’re a decisionmaker at Google and have received a plea from the authorities to voluntarily run the search in question. You’re arguably allowed to run it without getting into legal trouble with your users: the Google privacy policy provides for the sharing of information with law enforcement or others if Google has “a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to … protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.” Someone pulling together a class action against Google for daring to perform this kind of search would no doubt want to read it differently, but this is at least in the ballpark.

So, presume that the privacy policy doesn’t restrict you from agreeing to run the search, and that you believe that the authorities, who have shown you a copy of the terrorist planning document they’ve found, are not lying about the document’s provenance and their own good faith. Would you run the search?

Jonathan Zittrain on the aggregator’s dilemma.

This, incidentally, is what is really meant by “big data”. And, if this scenario freaks you out, you have to keep in mind that this is essentially exactly how Gmail advertising works.