So Apple scans our photo library for a hit on known child porn. Somebody at some point along the chain had to watch it and establish the library.
Nobody at Apple establishes (or maintains) the library. It is done by the National Center for Missing and Exploited Children (NCMEC) - not somebody at Apple.
And we're all supposed to implicitly trust NCMEC and the people who run it to do no harm?
Overall, I liked your thoughtful response. However, I can't help but wonder if you understand how this is going to work. You don't seem to have a problem with your iCloud Photo library being scanned. Yet, you apparently have a problem with your photos being scanned on your phone... just before (and only then) they are uploaded to iCloud? Really, what's the difference. Photos that are never intended to go to iCloud on your devices will not be scanned. I fail to understand the distinction you are making here.
To your point, I see this as more of a terms and conditions of service for using iCloud Photos. It's not different in concept from what Google, Facebook, etc. are already doing today.
I agree with you in principle. My thought process is pretty simple as to how I draw a distinction, and is as follows:
I've never held the belief that public cloud stored data of any type is wholly private. I have therefore always balanced the benefit against the expectation that my cloud data will not be kept private, either through scanning to ensure T&Cs are complied with or through a malicious act. That doesn't mean I don't take precautions against the malicious actors... I have a long and complex password and enable two-factor authentication wherever possible. If I have data that I want to be kept private and secure it never makes it to any kind of public cloud storage system, iCloud included.
Consequently, I have never had any issue with my iCloud Photo Library being scanned for compliance with the T&Cs because my data is no longer on something I own. What is happening here is that something I own is now performing a compliance check before my data ever hits the server I do not own. It's not that I don't believe such a check shouldn't take place, its "where" that check takes place.
I realise that doing it on device means the unencrypted image can be used for the hash-matching process, but that's just the point... my device is performing a search of my data held on my device. It doesn't matter whether the process is only enacted if iCloud Photo Library is engaged, the simple fact that it is being run on device opens the door to legislators in many countries that would love to force the tech companies to operate similar technology for other purposes. Having it server side clearly draws the line that such search activity can only be performed once you have "given it" to a third party.
I know it's a petty point and the distinction is purely one of timing. In fact it doesn't really change the overall outcome at all. But I consider it to be a very important point, similar to how the placement of a comma in a legal document can completely change the legal position. Hopefully that makes more sense?
As I said before on this topic, comparing a Hash from a known image to an Hash of another image only works if both images are exactly the same. If the image that is being compared is modified in the least bit the Hash is no longer the same. Does anyone believe the people who are involved in this stuff are going to be that stupid to store these items on their phone exactly as they in the database. Especially now that this has been highlighted all over the place. If apple wanted to do this and catch these guys they should have never disclosed this information publicly.
Yes, they are that stupid. But if not, it's able to detect modified/cropped/etc images. You don't understand how this works.
The police are only catching the stupid idiots who down load this stuff to their home computer. The major trafficers of this stuff are not being caught, if they were it would have been plastered all over the news.
Wrong. Tons of shit is getting caught online. Facebook reported over 20 million alone last year. Google, 546K. Microsoft, 97K. Snapchat, 144K. Dropbox, 20K. etc, etc. Have a look, the data is right here, look at the list of online service providers on this page and take a guess as to whether they are using more invasive than Apple is to find these https://www.missingkids.org/gethelpnow/cybertipline#bythenumbers
They do not care if your rights and privacy are violated in the end.
Again, you apparently don't understand how this works.
Instead of telling me I do not understand, explain how Apple is comparing a Hash of one image to a Hash of another image and then saying it is a suspect image. I understand how Hash works, every file has a unique Hash by definition of a Hash and once the file is altered it now had a it own unique has. Keep in mind Apple said they can even make the determination if the file is encrypted, which mean they are not opening the file. I am not talking about the analysis they are doing on the phone, it what is being done via Icloud and images being sent via message which both encrypt end to end. The only way to do what they are claiming is to open the file and do a image analysis.
Also if you read the missingkids website the 20M image they claimed were reported are just suspect image not proven to be actual images. Caught up in these picture are people posting baby image of their own kids, which by law you are allowed to take naked image of kids as long as they do not show private parts. Also caught in these images are the School Girl Porn of over eighteen made to look less than 18. As well as high school kids sending nudes to each other. Which is find interesting, over 18 you can send nudes to anyone over 18, under 18 and can not send to another under 18 but they both can be in a home and be naked together and not break any laws.
Yeah the one website got shut down and the people who were running the website were arrested. They are not the people creating the images that is who you need to catch. And most of the people being caught are the stupid idiots who go to Law enforcement sting sites and down load to their home computer and the people come a knocking i read about these people all the time. Or some idiot who thinks he talking to the little kid in some chat room and is convince to meet the police officer who pretending to be a kid.
So Apple scans our photo library for a hit on known child porn. Somebody at some point along the chain had to watch it and establish the library.
Nobody at Apple establishes (or maintains) the library. It is done by the National Center for Missing and Exploited Children (NCMEC) - not somebody at Apple.
And we're all supposed to implicitly trust NCMEC and the people who run it to do no harm?
As I said before on this topic, comparing a Hash from a known image to an Hash of another image only works if both images are exactly the same. If the image that is being compared is modified in the least bit the Hash is no longer the same. Does anyone believe the people who are involved in this stuff are going to be that stupid to store these items on their phone exactly as they in the database. Especially now that this has been highlighted all over the place. If apple wanted to do this and catch these guys they should have never disclosed this information publicly.
Yes, they are that stupid. But if not, it's able to detect modified/cropped/etc images. You don't understand how this works.
The police are only catching the stupid idiots who down load this stuff to their home computer. The major trafficers of this stuff are not being caught, if they were it would have been plastered all over the news.
Wrong. Tons of shit is getting caught online. Facebook reported over 20 million alone last year. Google, 546K. Microsoft, 97K. Snapchat, 144K. Dropbox, 20K. etc, etc. Have a look, the data is right here, look at the list of online service providers on this page and take a guess as to whether they are using more invasive than Apple is to find these https://www.missingkids.org/gethelpnow/cybertipline#bythenumbers
They do not care if your rights and privacy are violated in the end.
Again, you apparently don't understand how this works.
Instead of telling me I do not understand, explain how Apple is comparing a Hash of one image to a Hash of another image and then saying it is a suspect image. I understand how Hash works, every file has a unique Hash by definition of a Hash and once the file is altered it now had a it own unique has. Keep in mind Apple said they can even make the determination if the file is encrypted, which mean they are not opening the file. I am not talking about the analysis they are doing on the phone, it what is being done via Icloud and images being sent via message which both encrypt end to end. The only way to do what they are claiming is to open the file and do a image analysis.
Also if you read the missingkids website the 20M image they claimed were reported are just suspect image not proven to be actual images. Caught up in these picture are people posting baby image of their own kids, which by law you are allowed to take naked image of kids as long as they do not show private parts. Also caught in these images are the School Girl Porn of over eighteen made to look less than 18. As well as high school kids sending nudes to each other. Which is find interesting, over 18 you can send nudes to anyone over 18, under 18 and can not send to another under 18 but they both can be in a home and be naked together and not break any laws.
Yeah the one website got shut down and the people who were running the website were arrested. They are not the people creating the images that is who you need to catch. And most of the people being caught are the stupid idiots who go to Law enforcement sting sites and down load to their home computer and the people come a knocking i read about these people all the time. Or some idiot who thinks he talking to the little kid in some chat room and is convince to meet the police officer who pretending to be a kid.
This is not a serious argument. Your own ignorance is not an argument you can use to further your opinions. I can't explain how the technology works, because I am not an expert in that area of software engineering. Pretty sure those who are experts would be calling bullshit right now if it wasn't the case though.
I don't even know what your second para is supposed to be arguing. Completely irrelevant to the conversation.
"The one website got shut down" — I gave one example. There are many. There are huge organizations that have been shut down. Many involving people who are very much not "stupid idiots" making stupid mistakes, but ringleaders and organizers managing large networks of content and users. You can look it up. It's not hard. But, it will quickly dismantle your own arguments, so beware.
Comments
I've never held the belief that public cloud stored data of any type is wholly private. I have therefore always balanced the benefit against the expectation that my cloud data will not be kept private, either through scanning to ensure T&Cs are complied with or through a malicious act. That doesn't mean I don't take precautions against the malicious actors... I have a long and complex password and enable two-factor authentication wherever possible. If I have data that I want to be kept private and secure it never makes it to any kind of public cloud storage system, iCloud included.
Consequently, I have never had any issue with my iCloud Photo Library being scanned for compliance with the T&Cs because my data is no longer on something I own. What is happening here is that something I own is now performing a compliance check before my data ever hits the server I do not own. It's not that I don't believe such a check shouldn't take place, its "where" that check takes place.
I realise that doing it on device means the unencrypted image can be used for the hash-matching process, but that's just the point... my device is performing a search of my data held on my device. It doesn't matter whether the process is only enacted if iCloud Photo Library is engaged, the simple fact that it is being run on device opens the door to legislators in many countries that would love to force the tech companies to operate similar technology for other purposes. Having it server side clearly draws the line that such search activity can only be performed once you have "given it" to a third party.
I know it's a petty point and the distinction is purely one of timing. In fact it doesn't really change the overall outcome at all. But I consider it to be a very important point, similar to how the placement of a comma in a legal document can completely change the legal position. Hopefully that makes more sense?
Also if you read the missingkids website the 20M image they claimed were reported are just suspect image not proven to be actual images. Caught up in these picture are people posting baby image of their own kids, which by law you are allowed to take naked image of kids as long as they do not show private parts. Also caught in these images are the School Girl Porn of over eighteen made to look less than 18. As well as high school kids sending nudes to each other. Which is find interesting, over 18 you can send nudes to anyone over 18, under 18 and can not send to another under 18 but they both can be in a home and be naked together and not break any laws.
Yeah the one website got shut down and the people who were running the website were arrested. They are not the people creating the images that is who you need to catch. And most of the people being caught are the stupid idiots who go to Law enforcement sting sites and down load to their home computer and the people come a knocking i read about these people all the time. Or some idiot who thinks he talking to the little kid in some chat room and is convince to meet the police officer who pretending to be a kid.
I don't even know what your second para is supposed to be arguing. Completely irrelevant to the conversation.
"The one website got shut down" — I gave one example. There are many. There are huge organizations that have been shut down. Many involving people who are very much not "stupid idiots" making stupid mistakes, but ringleaders and organizers managing large networks of content and users. You can look it up. It's not hard. But, it will quickly dismantle your own arguments, so beware.