You are completely correct from a computer science perspective - unfortunately, this is not a computer science discussion. As far as the FBI are concerned, “storing encrypted child porn on behalf of people with the keys to decrypt it” still counts as “storing child porn”.
You can disagree with that (and there are many good reasons to do so) - but “it’s encrypted so it’s fine” isn’t going to convince anybody who matters.
In the US, a service provider incurs legal obligations when it has actual knowledge that it is hosting something that appears to be CSAM. A provider hosting encrypted data with no knowledge of what it decrypts to does not have such obligations.
While that's the law, the big factor here is actual regulatory and agency pressure to scan for CSAM for the images they harbor, given they were previously only doing so when CSAM was manually reported to them by users (as in, probably, given they only submitted 265 reports to NCMEC in 2020[0]). Think "we regulate a second iOS app-store or you fix your CSAM problem".
This is the part where we need laws to protect privacy. This is arguably an overreach by the FBI in the first place and if it is legal it shouldn’t be.
Since Congress folks seem happy to threaten Apple too with changing the law to do what the FBI wants, I wouldn’t assume it would go the way you are thinking it will.
It's not even the just FBI; if the majority of your competitors claim to prevent child-porn from being stored on their servers and you don't, the reputational damage is real. Apple doesn't want to be the "Child Porn friendly cloud service."
You're the customer of a cloud service. Do you want the one that does or does not scan your own files so that a false positive could cause you to be arrested, incur thousands of dollars in legal fees and suffer severe and permanent reputational damage yourself?
Considering that using a service which is known by all to not scan, and is therefore the place the media says is ‘child molester friendly’ could cause the same reputational damage?
> Considering that using a service which is known by all to not scan, and is therefore the place the media says is ‘child molester friendly’ could cause the same reputational damage?
Even putting aside how much of a stretch that is, how is anybody else supposed to know which service you use? It's your personal files. That nobody else should have access to them is the point.
It's not as if Apple or whomever should be providing anyone with a list of their customers, as that should cause you to not use them too. As far as I know they don't currently make their customer list public.
Not equivalent to CSAM - just examples of Apps that get some degree of judgement that can be problematic.
What would you think about someone that you were talking to that showed you something on their phone (a restaurant listing you were both thinking of going to, or something on Maps), but then a Parler notification popped up? What if they were married and Grindr or Tinder or whatever notification popped up?
Would you judge them? Would you expect many other people to judge them, even if you don’t?
Don’t get me wrong, I don’t think Apple’s products would be problematic that way. But a big reason why is because they have and likely will continue to make decisions like the one we are discussing.
If they went full end to end super privacy, then got named by the feds repeatedly in whatever the next big csam/terrorist/whatever scandal, that could change, and that is even assuming Congress people don’t join in the action, which they’ve already shown an interest in doing.
Probably >90% of people with the Parler app are conservatives and a similar percentage of married people with the Grindr or Tinder app are cheating, which is where those assumptions come from.
Even if Apple wasn't scanning anyone's files, >99% of their users would not be pedophiles and no one would have any reason to assume that they were.
> If they went full end to end super privacy, then got named by the feds repeatedly in whatever the next big csam/terrorist/whatever scandal
The main effect from getting put on a list like that is to gain credit with privacy-conscious people for standing up for their users. Nobody says "oh no, I better stop using my favorite full disk encryption because it hasn't got any known backdoors in it."
> that is even assuming Congress people don’t join in the action, which they’ve already shown an interest in doing.
At which point you have government action and can bring out the constitutional arguments etc.
And like someone had mentioned in another thread (paraphrased) ‘if you create a place which is anti-witch-hunt and you enforce it and it gets a reputation as anti-witch-hunt, you’ll end up having 3 strong civil minded libertarians and a gazillion witchs’. So then the app will get a reputation for that, deserved or not.
And none of your personal lack of being a witch is going to help you when you get the reputation as the ‘weird dude that uses that child porn storage app’.
I guarantee you 90% plus of the population, once they learn what Tor is, will have the reaction to Tor. And it’s a matter of time until it gets enough press for that. Same with anything that does what you describe (proper end to end, we don’t care what you store, and we don’t have the keys so pound sand LEO).
When something is low key/under the radar, it can be a healthy witch-hunt-free zone that also isn’t filled to the brim with witches. But something at the scale Apple is at can’t, and even Parler (which didn’t start that way) got too much visibility and ended up as you describe and got shut down.
The privacy conscious folks may nod their head and know, but most folks don’t get it, and if it gets widely used, it will be attacked this way by authority figures. The ‘think of the children’ routine is used a lot because it does work on the majority of the population.
As I said, Apple isn’t there yet, and likely would never be close - because they’re going to do things like they are now to avoid the Public backlash.
And as long as they put enough of a veneer on it, the vast majority of folks won’t think twice about continuing to use them (95%+ of current customers at least). Most of the market will continue using Android which is 10x worse near as I can tell.
The ‘mistake’ they seemed to have made here is being a bit too obvious about it and not keeping up the veneer well enough.
Overall, I suspect we’ll be seeing some move back to on-prem for a non-trivial percentage of folks because of this and other things going on. That said, I’m sure cloud will continue to grow exponentially because most folks just don’t care enough to pay to do otherwise.
> ‘if you create a place which is anti-witch-hunt and you enforce it and it gets a reputation as anti-witch-hunt, you’ll end up having 3 strong civil minded libertarians and a gazillion witchs’.
This only happens when you start off with zero users and having an anti-witch-hunt policy is the only thing causing you to gain users, specially because they're disproportionately witches. Because without that policy the service would still have zero users.
It doesn't apply to any service that already has a large number of non-witches or has any effective means of also attracting users who are not witches.
> I guarantee you 90% plus of the population, once they learn what Tor is, will have the reaction to Tor.
Tor has a specific marketing disadvantage because by its nature it defeats most forms of tracking and advertising, which makes it adversarial to media companies who profit from tracking and advertising. This is why all the stories are about "the dark web" and not about that thing that helps dissidents in China and Iran evade authoritarian censorship.
It's also hard to get ordinary people to use it, and thereby understand that the technology itself isn't anything nefarious, because there is a noticeable latency cost to using it that most people aren't going to like.
None of this applies to a generic hosting services making it so they can't read their customers' personal files.
> When something is low key/under the radar, it can be a healthy witch-hunt-free zone that also isn’t filled to the brim with witches. But something at the scale Apple is at can’t
This is completely the opposite. It's the things at the scale of Apple that can do it because there aren't enough witches in the world to make a userbase the size of Apple's be more than 1% witches.
It also works for everyone as long as everyone does it, because then "no witch hunts" is common practice rather than something that makes you attract a disproportionate number of witches.
> even Parler (which didn’t start that way) got too much visibility and ended up as you describe and got shut down.
Parler was clearly the app that gained users by having a policy against witch hunts. It only started gaining a significant number of users when the other platforms started carelessly banning large numbers of users for alleged transgressions that were in many cases facially absurd, but it also attracted the people who were banned because they were actually bad.
And even then, it wasn't the users who abandoned them, it was Apple and Google and Amazon. Apple is obviously not going to do that to themselves.
I'm not a lawyer, so may be wrong, but am I the only one to think that the presumption of innocence principle does not exist anymore? As there are areas where is does not, and there are "gray" areas that effectively are the same.
Presumption of innocence never applied to SOCIAL judgement. It would be nice if it did, but that was never what happened. It’s why minors information isn’t supposed to be pasted all over the evening news too, so if they make a mistake it isn’t ‘permanent’ and they have some plausible deniability.
It’s always been the case that your neighbors or friends or employers or whatever would judge you as they saw fit for whatever they might see or find out about, or even overhear from the local loudmouth/busybody. Regardless of what was found in a court of law.
The challenge now is our ‘neighbors’ are now whichever nosy random person in the entire world that cares to look instead of just the local gossip circle, and the gossip is recorded nearly permanently and is indexed in an easy to find way decades later. :s
As to if this means people will stop being less judgmental since everyone is likely to have something shitty posted about them at some point? History or the current circumstances don’t seem to be pointing to ‘yes’ right now.
But at some point, either everyone is going to stop sharing the smell of their farts every morning, or folks are going to have to stop caring, or we’ll literally not be able to be friends with or employ anyone.
I agree with you, but if the FBI wanted to serve a warrant to search my device, they can compel me to do so. Failure to unlock that device could put you into jail until you comply with the warrant.
US case law is not settled on that matter, and some courts have concluded that disclosing a password is testimonial and therefore covered by the fifth amendment. Courts that have ruled the other way have usually done so under narrow exceptions.
Generally, most lawyers would advise their clients to Stay away from an area or activities that can be described this way - because it’s a really good way to be ‘right but dead’ (really, bankrupt or in jail or whatever).
You can disagree with that (and there are many good reasons to do so) - but “it’s encrypted so it’s fine” isn’t going to convince anybody who matters.