
Should We Allow Bulk Searching of Cloud Archives? - privong
https://www.justsecurity.org/28752/keystrokes-solve-crime-press-enter/
======
Amorymeltzer
>Fourth, this kind of voluntary search by the likes of Google is not
unprecedented. Google scans outgoing Gmail messages to see if there are
attachments whose hashes — that is, digital fingerprints — match those of
known images of child pornography. When this first became widely known to the
public, the company explained: “Sadly all Internet companies have to deal with
child sexual abuse … It’s why Google actively removes illegal imagery from our
services—including search and Gmail—and immediately reports abuse … This
evidence is regularly used to convict criminals.”

>To be sure, child pornography filtering — and reporting — may be a place to
draw a clear line. Not only is child pornography near-universally reviled and
banned, but the matching algorithm for previously-identified images boasts no
false positives, and, perhaps most important, possession of the file is not
only clear evidence of the crime, but quite typically the crime itself.

I had no idea Gmail did this.

~~~
userbinator
I accidentally stumbled across this while searching for some obscure IC part
numbers. The wording is something like "we have removed results of _suspected_
child abuse" (emphasis mine --- I remember that part the clearest), and that
scared me for several reasons; the implication that just being "suspected" is
enough to censor, whether this was logged and now my searches are being
scrutinised even more, and the reminder of effectively how much power they
have over what people can find on the Internet.

I'd use DuckDuckGo if it weren't for the fact that its index is far smaller
than Google's, although with the latter's increasingly aggressive pruning of
results, maybe that won't remain the case for long...

~~~
ikeboy
Use [https://startpage.com/](https://startpage.com/)

It uses Google, but Google won't get your ip.

------
mindslight
Fighting use of such capabilities will always be a losing battle, because
there will _always_ be a situation that makes the majority clamor for greater
powers. The only way to preserve security is to prevent the capability in the
first place. This means building technology that preserves personal privacy
and autonomy, rather than naive implementations that are easy to monetize.

All of us are culpable, to the degree we contribute cleartext to the butt and
encourage others to do so as well, for creating these massive data silos that
are gifts to (micro)politicians everywhere.

~~~
psykovsky
Cleartext in the butt sounds exquisite.

~~~
ikeboy
Should We Allow Bulk Searching of Butt Archives?

~~~
paulddraper
Only tasteful searches

------
ChuckMcM
This is an excellent look at the challenge of having a capability vs using it
vs civil liberties. I think everyone should read it.

------
mikegerwitz
I posted this comment on Schneier's blog, but I then saw this thread. So here
it is:

This type of risk is one that you must accept if you rely on a Service as a
Software Substitute[0].

By relying on a remote service for your data storage and computing, you give
up both freedom and control---even if the data are encrypted; we've all seen
what information can be gleaned from metadata[1]. In this case, perhaps where
a document was distributed: if Eve knows that Alice viewed document X, and Bob
has a document Y that is shown (through metadata) to have been sent from
Alice, and that document has certain properties that match, then it might be
enough to convince a court that Bob contains document X, and get a warrant.

> Companies treat child pornography and abuse in a special category. But the
> precedent remains, and it could be tempting to extend at least the exact-
> match kind of search to the Paris terrorist example

Terrorism and child pornography are two examples that are often used to
justify broad searches, chilling free speech and violating privacy.[2] These
types of privacy/security "trade offs" start down a very slippery slope.

> As so much of everyone’s private communications and work migrates into the
> hands of a few massive private companies, the net-wide search will become
> too tempting to leave alone. Exactly what makes it tempting is what makes it
> troubling

You should reject those services and do your own computing![0] These remote
services are not a substitute for locally installed software---a distinction
that many do not consider or realize.

Not everyone has the technical capability to handle certain problems on their
own; hosting your own e-mail server is a good example. In such cases, users
should, at the very least, choose a service that commits to their privacy, to
the degree that LavaBit did.

For social media: consider decentralized alternatives, like GNU Social[3], GNU
MediaGoblin[4], and many others. Using those services will also encourage your
friends and family to ask questions about why you made that choice, and
consider switching themselves, since they'll have others they know using those
services. Even if you cannot host your own, you can shop around for hosts that
you feel that you can trust, and still participate in the same network as your
friends and family; there's no lock-in to one service like Twitter or
Facebook. Wholesale searches are also made rather difficult by distributed
networks.

Forfeiture of privacy and freedom should not be the default, as it is
encouraged today.

[0]: [https://www.gnu.org/philosophy/who-does-that-server-
really-s...](https://www.gnu.org/philosophy/who-does-that-server-really-
serve.html) [1]: [https://www.eff.org/deeplinks/2013/06/why-metadata-
matters](https://www.eff.org/deeplinks/2013/06/why-metadata-matters) [2]:
[https://www.eff.org/deeplinks/2015/08/mandatory-reporting-
us...](https://www.eff.org/deeplinks/2015/08/mandatory-reporting-user-content-
chills-speech-and-violates-privacy-rights) [3]:
[http://gnu.io/social/](http://gnu.io/social/) [4]:
[http://mediagoblin.org/](http://mediagoblin.org/)

------
greggarious
It's not a matter of allowing. The math just is.

