Comment by onetimeusename

4 years ago

The database seems legally murky. First of all, who would want to actually manually verify that there aren't any images in it that shouldn't be? If the public can even request to see it, which I doubt, would you be added to a watch list of potentially dangerous people or destroy your own reputation? Who adds images to it and where do they get those images from?

My point is that we have no way to verify the database wouldn't be abused or mistaken and a lot of that rests on the fact that CSAM is not something people want to have to encounter, ever.

9 comments

onetimeusename

Reply
mortenjorck  4 years ago

It’s a database of hashes, not images, though, right? I would argue the hashes absolutely should be public, just as any law should be public (and yes, I am aware of some outrageously brazen exceptions to even that).

Anyone should be able to scan their own library against the database for false positives. “But predators could do this too and then delete anything that matches!” some might say, but in a society founded on the presumption of innocence, that risk is a conscious trade-off we make.

  • onetimeusename  4 years ago

    yes, it is a database of hashes but I don't know if the hashes are public information per se although I am sure copies of it are floating around. But I am referring to the images that the hashes are generated from. There is no verification of these that I know of. No one would want to do that and if you did you might be breaking the law.

    The law requires companies like Google and Apple to report when they find CSAM and afiact they would generate hashes and add to this database if new material is found.

    I don't know if there is any oversight in this. It's all done behind closed doors so you just have to trust that the people creating the hashes aren't doing anything nefarious or mistaken and that's a separate point apart from what others have said on here that you should be able to trust your devices you own to not be informants against you.

oauea  4 years ago

Not an American, but shouldn't you be able to FOIA this?

  • jaywalk  4 years ago

    The NCMEC, who manages the CSAM database, is a private organization.

    • oauea  4 years ago

      Wait, so two American companies, Apple and NCMEC, are working together to install spyware on all Apple devices world-wide, with no government involvement?

      2 replies →

    • fl0wenol  4 years ago

      Not quite, they're an NGO and the CyberTipline which it operates (the database Apple will use) was established by S.1738 [PROTECT our Children Act of 2008], and they get an appropriation from Congress to run that and work with law enforcement.

      It's kind of like the PCAOB... private 501.3(c) with congressional oversight and funding.

      I think the strategy is that the organization is able to do more for helping children internationally if they're not seen as part of the Justice department and the executive, which after the debacle with CBP and "kids in cages", was probably the right call.

      1 reply →