Think the data you upload to a cloud storage site is private? Not necessarily. At least a dozen of the largest ISPs in the United States routinely scan stored files for alleged child pornography. When they find it, they're obligated by federal law to blow the whistle.
Child pornography is, of course, a repugnant and illegal practice. But the case of a Maryland church deacon arrested on March 1 for allegedly possessing pornographic pictures and videos of children raises questions about how much privacy cloud storage users can expect. It also illustrates the increasing sophistication of software that analyzes video and its debilitating effect on privacy, a topic I touched on a few weeks ago.
[ Nowhere to hide: Video location tech has arrived | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ]
What's more, laws pertaining to cloud storage are so new and so vague that it isn't even clear the data you upload to a storage site is still yours. It sounds crazy, but that's exactly the logic the U.S. government used when it shut down MegaUpload's service and denied innocent users access to their own property, according to a court brief filed by the Electronic Frontier Foundation.
How ISPs scan content
When Baltimore County police served a search warrant at the home of 67-year-old William Steven Albaugh, they recovered numerous files allegedly containing graphic images and videos of young children being subjected to sexual abuse. The police found the material on his home computer and a number of USB drives, but how did they know it was there in the first place?
Albaugh is a subscriber to Verizon's high-speed Internet service and uses it to back up his data. If he had read the company's terms of service, which few people bother to do, he would have known that Verizon "shall have the right, but not the obligation, to monitor use of the of, and to screen, refuse, move or remove any content transmitted to or from, any Additional Service for compliance with law or the terms of this Agreement."
But he would not have known that Verizon's storage partner, Colorado-based Digi-Data, routinely scans stored files with a powerful software tool invented by Microsoft called PhotoDNA. When the storage provider finds files that may fit the definition of child pornography, it notifies Verizon, which in turn notifies the National Center for Missing and Exploited Children.
In Albaugh's case, NCMEC examined the files, deemed them illegal, and notified the police, who then obtained a search warrant and raided his home. He was arrested on a felony charge that could earn him up to 25 years in prison. He's currently free on $75,000 bail, said Baltimore County Police spokeswoman Cathy Batton. (You can read what Albaugh told police in this article in the Baltimore Sun.)