Wednesday, August 20, 2014
Could the government really scan cloud backups of home hard drives? Would it?
Recently there has been some press attention to Google’s turning over to law enforcement some images in an email from a man in Houston, where those images matched, by digital watermark, images known to be child pornography, most likely from a running database managed by the National Center for Missing and Exploited Children in Alexandria, VA.
Generally, the tech community has been supportive of Google’s action, which I discussed in detail on my COPA blog Aug. 10. Google could argue that it was required to turn over the info, and it makes no secret of its rooting out child pornography on its systems.
Legally, too, putting illegal images on an email is a form of distribution, even if intended for only recipient.
The question remains, however, what if the same strategy were implied for images from a hard drive stored by a cloud service. Legally, there might seem to be a difference because the government might have a hard time making a case for “intent to distribute”.
The idea is scary for another reason. An attacker could plant images known to be illegal on someone’s computer with malware, with the intention of framing the person. (We’ve seen this problem with WiFi routers, but to mess with a home user’s supposedly private content this way would sound even more sinister.) The only systematic answer would be for all major antivirus companies to add scanning for watermarked images as part of their routine scans. But then what legal position would that put the anti-virus company in?