Monday, March 04, 2013

No Privacy Expectation Up In the Cloud

William Steven Albaugh, a deacon of St. Joseph's Church in Fullerton, MD was arrested for processing of child pronography.

Verizon detected the offensive files when Albaugh uploaded them to 'the cloud' (Verizon Online Backup and Sharing Account), and notified authorities. Albaugh admitted to collecting child pronography since the 1970s.

The Congress passed PROTECT Our Children Act of 2008, which mandate ISP reporting its customer on browsing or storage of child pronography. The Act contains an exit clause, that the ISP would not be held liable if they did not scan customer activities. A modern ISP has many motivations to scan customer data. In this case, Verizon used technology provided by the National Center for Missing and Exploited Children (NCMEC) to find matches between customer data and digital patterns of known child pronography material.

In the last six months of 2012, the NCMEC had received 113,009 reports of child pronography from ISPs.

via arstechnica, the software provided to ISPs compare user data with a database maintained by the NCMEC with about 16,000 images of 'worst of worst' case. This database contains only known victims confirmed by LEA. Both MD5 (file properties) and Microsoft PhotoDNA (biometric information) hashing comparisons are performed in a scan. The NCMEC maintains another database which contains millions of offending images. The division is designed to dispute 4th Amendment claims.

However, many courts see files uploaded to the cloud invokes a Third Party Doctrine, which nullifies expectations of privacy under Fourth Amendment.

No comments: