Yottabytes: Storage and Disaster Recovery

Mar 8 2013   1:39PM GMT

Your Cloud Storage Service is Looking for Child Porn in Your Files

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

It’s not the first time that we’ve learned that our data on a cloud storage system isn’t necessarily private, but it’s a useful reminder.

William Steven Albaugh, 67, was arrested after police found “numerous files of child pornography” on his Verizon online storage locker and several thumb drives, the Baltimore Sun reported. “Detectives began investigating Albaugh after Verizon Online notified the National Center for Missing and Exploited Children that Albaugh, a subscriber, had stored images of children engaged in sexual acts on the online cloud storage system, police said.”

Um, really?

We already learned, in 2011, that cloud storage systems such as Dropbox would turn over files if requested by law enforcement. We also learned that some systems such as Dropbox, when a file is uploaded, check to see if it’s already online, and, if so, just save a pointer to the original copy. While this saves space, it also means that, in theory, law enforcement could upload any number of files it’s illegal to own — such as copies of movies — and if the stored file length is less than the original file, it means someone has it on the system already.

In the process of that, we learned, if we didn’t know already, that in 2010 New York Attorney General Andrew Cuomo made an agreement with several online services such as Facebook and LiveJournal to check uploaded images for child pornography.  “Through its investigations, the Attorney General’s Office has created a database of more than 8,000 hash values that are associated with images of child pornography,” the Attorney General’s office wrote at the time. “The database can be used to identify the corresponding child pornography images through the fingerprints and stop that picture from ending up on a site.” The office also said it would continue working with other online services to encourage them to do the same thing.

Apparently, at least one of them was the Verizon Online Backup and Sharing cloud storage service.

Media outlets have pointed out that this was all clearly spelled out in the terms of service. “Like many types of online storage or media services, Verizon’s Online Backup and Sharing states in its terms of service that the company is ‘required by law to report any facts or circumstances reported to us or that we discover from which it appears there may be a violation of the child pornography laws,'” writes the International Business Times.

Because, of course, we all read every word of our terms of service.

If this sounds familiar, it may be because, as of last July, four out of the five cases concerning whether people have to provide the key to their encrypted storage also have had to do with child pornography, according to the Electronic Frontier Foundation’s attorney Marcia Hoffman.

Look, there isn’t any question that child pornography is bad. But there’s a saying, “Hard cases make bad law” — that is, an unpleasant case can lead to a harsher general law that can end up being more widely applied. (We don’t know whether law enforcement is more likely to push the envelope of legal search because they so badly want to catch child pornographers, or because they think people will be less likely to criticize their methods because the crime is so heinous.)

If it’s determined through these cases that checking people’s files as they are uploaded to a cloud storage service is an acceptable practice, it has the potential to apply to all files and all people, not just ones we don’t like.

In the meantime, it sounds like we’d better be sure to read our terms of service carefully.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ime
    In the old days, film processors were expected to report child porn.  And many of the cases which they did report, helped lock up amateur producers of child porn.

    But, in some cases,the "reports" harmed innocent people, ironically including the child who was nominally to be protected.  British News anchor Julia Somerville's case may be the most prominent (http://www.independent.co.uk/news/julia-somerville-defends-innocent-family-photos-1538516.html) but there were others.  There was even a made-for-TV movie about the problem, Snap Decision (http://www.imdb.com/title/tt0286132/)

    Furthermore, there is a lot of stuff on a modern computer that owners don't choose to put there.  We all get spam, and some of that spam has attachments.
    We install software Some of us encounter malware that uses our computer in ways we don't intend.

    Finally, what vetting is there of the hash list used by the Cloud provider?  What assurance does anybody have that the hashes on it each indicate the presence of child porn?  If the list isn't accurate, then a hit would not provide probable cause for a search.

    20 pointsBadges:
    report
  • Sharon Fisher
    [...] Your Cloud Storage Service is Looking for Child Porn in Your Files [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: