24 comments

[ 9.9 ms ] story [ 57.2 ms ] thread
(comment deleted)
And who knows for what else...
Google also scans gmail attachments for it as well. This has been known for a while and the subject of quite a few public court cases. I wouldn't be surprised if Dropbox did it as well. Along with things of national security interest.

When local police get a warrant to do a forensic search of computers the judge often requires that they search harddrives using known image/file hashes - as opposed to looking through each file by hand - in order to protect that persons constitutional right to privacy.

This right primarily applies to personal computers and doesn't exist (as clearly) as defined by law when the files are stored on a remote cloud service. Although whether cloud services have a similar high threshold of assumed privacy is a recurring debate in criminal law, as storing your whole life in cloud services is a relatively new phenomenon.

Is Google doing it as well supposed to make me feel better or worse? That kind of logic always bothers me, because it bypasses the arguments about whether it's good or wrong, and just says "well others are doing it, too - so it must be okay". It's like saying "well UK tortured as well, so why does it matter that US tortured?" I think you get my point.

I also doubt that if they get a warrant, they'll only scan the drives for the hashes. That seems highly unlikely unless the FBI/prosecutors themselves specify in their request to the judge that they only want to do the hash scanning - but I don't see why they would want to limit themselves to that, when they know the judge is likely to give them full access to it, if they already have some evidence of "criminal activity", without which I assume they wouldn't even bother getting a warrant.

> That seems highly unlikely unless the FBI/prosecutors themselves specify in their request to the judge that they only want to do the hash scanning

It depends on the case I guess. I heard this from a lawyer I know who has worked on CP cases. Judges always try to limit the privacy exposure in every warrant. By doing so the police can get access to warrants easier since it requires a lower threshold of probable cause than say searching an entire house.

Especially if the police found the person because they used a P2P site to download a particular file or had a hash in their email account. A minimal warrant to search for that hash is much easier to defend in court against arguments by the defense of constitutional privacy violations of a full data search.

The police have to do this minimization process in phone wiretaps as well. They aren't supposed to listen nor store the phone call unless the information is relevant to the case.

These limitations are clearly defined in warrants. It is up to the police and forensic experts to follow it of course. But I'd imagine in high profile cases the Judge/FBI wouldn't think twice about finding it appropriate to look at every file.

How exactly does a private company generate the hashs/"PhotoDNA" of all these child porn images? Are they granted some sort of kiddie-porn-license? More importantly, where do they get a hold of all of these images? Is there some sort of government database that they are given access to?

If such a database exists, could you imagine the public outrage that would result if someone hacked/leaked it? I bet there are a bunch of images that only a handful of people ever had access to documented by our government...

They don't need to hold the pictures anywhere to use the hash. 1. Police somehow finds child porn. 2. They generate the hash[1]. 3. They distribute the hash to large storage providers. 4. Storage providers compare the hash with the data they store. 5. Profit.

[1]:hash might not necessarily be something like MD5, it might be a more sophisticated photo fingerprint.

Edit: Anyway, I have no idea why is this on HN again, nth time. It's old news and also automated photo fingerprinting is not exactly a huge issue for cloud storages where you store unencrypted data on the first place. It's just another machine reading the bytes of your data, and those bytes have been read by many other machines as well. They don't even use this for advertising or something that could make you a product. They don't even check for pirated software or stuff like this, so this is not exactly groundbreaking news.

That leaves a question of collisions open. The chances are really low, but not zero - does a hash match automatically generate events that lead to your front door being kicked open and your pets shot, or is there an actual human that needs to open the file and verify that yeah, it is a child abuse image?
Hey, they _have_ that picture. If there is a hash collision, then a human will look at it. (Not that hash collisions are _that_ common.)

Why would they come to your door for the stuff you store at them? :)

Edit: you mentioned lottery below. Well, waiting for a collision in the case of a good hash function is a lottery where nobody's winning for a few billion years :).

With any good hash function there is pretty much zero risk of this happening.
I'm not willing to ruin someone's life over the equivalent of winning a particularly bad lottery.
Your chances of having your life ruined by any other cause is at least 2^64 times more likely than because your uploaded cute_cat.jpg has the same hash as a flagged child_porn.jpg.
I'm assuming we're not talking about SHA1 hashes here (which would be trivial to get around), but image matching hashes (probably something like http://phash.org/) which are much more fuzzy. If that is the case then collisions will be far more common.
Depending on the exact hash, the odds might be more like winning 10,000 lotteries.
Note that we're talking about fuzzy image-matching hashs that attempt to match an image to its source even after it was cropped at the edges, maybe got a new watermark somewhere and was recompressed with JPEG a few times. I don't know the false positive rate of these algorithms but I imagine they're much bigger than that of a cryptographic hash function (that's what analogies like yours usually refer to).
A hash collision is not proof of anything. You just look at the picture if the hash matches. It is not illegal to own an image that hashes to the same thing as an illegal image would.
See the UK "Internet Watch Foundation" which gives recommendations about Usenet news groups or websites which are used to distribute images of child sexual abuse. Most UK ISPs use those lists to not carry some content. Andrews and Arnold is, I think, the only UK ISP that ignores IWF recommendations.

https://www.iwf.org.uk/

With our (semi) benevolent corporate overlords in mind, are there any safe and cross platform ways to keep an encrypted container on these services?

I remember (but can't find for the life of me) an article somewhere that stated you don't want to put something like a Truecrypt volume on a service that does versioning, since the changes in the encrypted data each time you change something can be used to leak data.

If you store simple encrypted stuff at them, then it works fine. Using OneDrive, Google Drive or anything alike to store a large(-ish), often-changing volume in a way that it does not leak information does not make sense, because the performance would be horrible then.

If it does not change often, then it does not leak much information, naturally.

I store a dynamic TrueCrypt volume on DropBox. I use a dynamic volume so that Dropbox need only upload the changed blocks from my machine. It seems to work fine.

The TrueCrypt docs warn about using a dynamic volume [1]. I'm not concerned about leaking info about which volume sectors are unused.

[1] http://andryou.com/truecrypt/docs/creating-new-volume.php

1. Download illegal porn using Tor.

2. Rename the file .DS_Store and copy to victim's cloud folder

3. They go to jail and get killed by another inmate a year into their sentence. Justice prevails!

Prisons in my state separate criminals by a risk or violent threat level. A whole facility gets this level, so no one in prison A is a violent criminal. Violent criminals are all in another prison B in another county.