Story 2014-05-21 3MK When is your data not your own? When it's in the cloud

When is your data not your own? When it's in the cloud

by
in security on (#3MK)
story imageI've got Captain Obvious on the line, and he'd like you to know: the data you store in the cloud isn't private. You might be thinking, "I knew that." But it's news to some, like this guy, who got busted for possession of illegal pornographic images (child porn) , after backing up his computer to a Verizon cloud backup service. Bonus: he was the deacon of a Catholic school in Baltimore county: oops.
Turns out, cloud storage providers routinely sweep stored data, using hashes for known illegal images or media files. If they find one, you're toast.

From Ars Technica:
When Congress passed the PROTECT Our Children Act of 2008 mandating that service providers report suspected child pornography in the content that their customers surf and store, the law gave providers an out: if they couldn't check, they wouldn't know, and they wouldn't have to report it. But while checking is still voluntary, the National Center for Missing and Exploited Children has been pushing providers to use image-matching technology to help stop the spread of child pornography.
This isn't breaking news: the articles date back to March. But it's still relevant in the framework of the ongoing discussion of cloud-versus-local and the rights of authorities to revise your computing habits.
Reply 12 comments

Microsoft comes right out with it (Score: 2, Informative)

by Anonymous Coward on 2014-05-21 20:48 (#1TN)

Here's a good article about Microsoft's service agreement: http://venturebeat.com/2012/08/19/cloud-restrictions-porn-xxx/

None is more restrictive than Microsoft's SkyDrive . Check out the first two parts of the Windows Live code of conduct that governs SkyDrive:
You will not upload, post, transmit, transfer, distribute, or facilitate distribution of any content (including text, images, sound, video, data, information or software) or otherwise use the service in a way that:
"¢ depicts nudity of any sort, including full or partial human nudity, or nudity in nonhuman forms such as cartoons, fantasy art or manga.
"¢ incites, advocates, or expresses pornography, obscenity, vulgarity, profanity, hatred, bigotry, racism, or gratuitous violence.
The code of conduct is much larger than this, but already this list has some serious issues. From the looks of it, you can't store nude or partially nude drawings (sorry, Titanic fans and fine art lovers ) or your favorite legally purchased adult porn movie. Because Bugs Bunny wears no clothes, I guess he's off limits, too.

Re: Microsoft comes right out with it (Score: 4, Funny)

by genx@pipedot.org on 2014-05-21 23:20 (#1TW)

Because Bugs Bunny wears no clothes, I guess he's off limits, too.
A relative of mine often posts on Flickr pictures of a squirrel that visits his garden daily. On one single image, amongst those many pictures, the squirrel presented his back to the camera. That picture was censored!

Either somewhere, there is someone who, every-day, looks for photos of squirrel butts and reports them, or someone has programmed a squirrel butt detector... I am not sure which hypothesis is the most disturbing.

Re: Microsoft comes right out with it (Score: 3, Insightful)

by zafiro17@pipedot.org on 2014-05-22 11:14 (#1V6)

I know there are people out there working for law enforcement agencies whose job it is to pore over tons and tons of child abuse images attempting to discern trends, identify sources or victims, and so on. Most of them don't last long, since it's so horrifically upsetting to anyone who cares about children. So, can we assume someone out there has the job of squirrel butt censor? That would be like the worst intership ever.

An interesting study would be for some journalist to open up different cloud backup accounts and post different things to see what gets flagged and what doesn't.

It still reinforces my idea that I'm going to buy a second NAS and back stuff up between the two NASes instead of backing up my NAS to some cloud provider. It seems interesting and useful from a technical point of view, but given the current legal and political environment, it hardly seems worth it.

Porn Popups (Score: 2, Interesting)

by bryan@pipedot.org on 2014-05-21 23:32 (#1TX)

So, lets say after reading http://pipedot.org/story/2014-05-16/what-is-your-offsite-storage-solution you pick a cloud storage provider with a family plan and set up everyone's desktops to automatically back up to the service. As what happens (all too often with non-technical family members), someone is tricked into running dancing_pigs.exe which downloads a whole slew of malware and viruses to the computer. Pretty soon, anything you do on this computer spawns a porn popup. Trying to close the popup, of course, spawn three more popups.

What if one of these malware ads includes an image from the forbidden list and then gets backed up to the cloud because it's in the temporary Internet files? FBI comes and knocks on their door? Or my door if I'm the account holder of the family plan, even though it's not my computer?

March 2013! (Score: 0)

by Anonymous Coward on 2014-05-22 00:16 (#1TY)

Both linked articles are from March 2013, well over a year old!

It's decent (npi) content, but....

Re: March 2013! (Score: 1)

by zafiro17@pipedot.org on 2014-05-22 11:10 (#1V5)

You get credit for reading the article, but not the summary, in which I myself stated these are old articles but still relevant because it's an interesting topic. Pipedot is not necessarily going to be a source of breaking news; neither is Soylent; neither was Slashdot, neither was/is OSNews. Everything you ever see posted at a site like these is going to contain a URL linking to some site where the news 'broke.' It is however a great place to gather with like-minded nerds and discuss things of interest to us. Me, I prefer interesting topics that examine the big picture of trends and happenings, over a new article and 3-4 comments for every little event. It's more interesting to me to examine the forest for the forest, instead of every single tree.

If you need breaking news scoops, you may either crowdfund my investigative journalism career (I'm going to need an apartment in Silicon Valley, daily living expenses, etc.) - joke - or stuff your RSS reader with the feeds of dozens of major and minor news sources and bloggers, or stay glued to Twitter. Alternatively, if you come across those breaking stories yourself, the "Submit" button is at the upper right.

Re: March 2013! (Score: 2, Informative)

by Anonymous Coward on 2014-05-22 12:46 (#1VD)

No zafiro, I of course had read the summary, where you admitted the links were from "March". But you did NOT say March of 2013!

I think that's a major oversight, and not up to your usual standard, that's all.

Family photo fun (Score: 0)

by Anonymous Coward on 2014-05-22 06:21 (#1V2)

1) Go on hoiliday and take lots of photos
2) Have photos auto backed up online
3) Have several photos marked as child porn
4) Get arrested

Re: Family photo fun (Score: 1)

by nightsky30@pipedot.org on 2014-05-22 12:25 (#1VA)

WTF type of holidays do you take AC?

Or in the case where these are perhaps innocent baby pictures, the kind most parents have of their baby with it's cloud** up in the air, which they shall use to embarass their future adolecent when of the dating age, then perhaps I should say to the marking individual, WTF.

** See previous article of the week

Re: Family photo fun (Score: 1)

by commonjoe@pipedot.org on 2014-05-23 15:37 (#1W5)

Places that promote nudism -- which includes people from ages 1 to 101 -- will sometimes be confused with child pornography if pictures are taken of children and adolescents.

And here it is (Score: 1)

by zafiro17@pipedot.org on 2014-05-23 13:58 (#1W2)

Courtesy of Ars today: http://arstechnica.com/tech-policy/2014/05/houseguest-downloads-child-porn-cops-show-up/

Local police in Marin communities like Novato are members of the regional Internet Crimes Against Children (ICAC) task force, and as such they participate in the common law enforcement practice of monitoring peer-to-peer file-sharing networks for possible child pornography files. In September 2013, Novato detective Amy Yardley was looking for such files being traded from Marin County IP addresses, and she scored a hit on the Ares network with a suspicious file downloaded by a Sausalito Internet subscriber.
Yardley passed the tip to the Sausalito Police Department, where detective Brian Mather obtained a search warrant for the subscriber's address. He showed up at the house with a search team but couldn't find any child pornography within. The home's residents, no doubt unnerved by both the search and the charge behind it, pleaded their innocence and gave Mather a complete list of all houseguests who had used their wireless network in recent months.
Investigating this list took months, but Mather eventually developed a suspect: Mark Magner, age 32, from nearby San Rafael. Police then searched Magner's home and seized his computer. A forensic examination of the machine turned up "multiple videos and pictures that depicted juveniles and children involved in sexual acts," in the words of a police department press release .