[Infowarrior] - How Verizon found child pornography in its cloud

[Richard Forno]

How Verizon found child pornography in its cloud

Scanned files using hashes of known child pornography images.

by Sean Gallagher - Mar 5 2013, 11:51am EST

http://arstechnica.com/information-technology/2013/03/how-verizon-found-a-child-pornographer-in-its-cloud/

Cloud-based storage services are no doubt useful. They can back up your personal data and keep it from being lost if your system crashes. They can share your data across multiple computers. But cloud-based services are increasingly checking user-uploaded data for illegal content—particularly child pornography.

When Congress passed the PROTECT Our Children Act of 2008 mandating that service providers report suspected child pornography in the content that their customers surf and store, the law gave providers an out: if they couldn't check, they wouldn't know, and they wouldn't have to report it. But while checking is still voluntary, the National Center for Missing and Exploited Children has been pushing providers to use image-matching technology to help stop the spread of child pornography.

William Albaugh found this out the hard way when he backed up his home computer to  Verizon's online backup service. The 67-year-old deacon of a Catholic church in Baltimore County didn’t realize he was giving away his secret—after he allegedly uploaded pornographic images and videos of children to his Online Backup and Sharing cloud account, they were scanned by a Verizon partner using technology that can automatically check images and videos for the presence of children known to be the victims of pornographers.

Since the passage of the PROTECT Act, sponsored by then-Senator Joseph Biden Jr., service providers have been required to register with the NCMEC's Cyber Tipline, operated in coordination with federal, state, and local law enforcement. Providers have a "duty to report" to the NCMEC if their users access or store child pornography; in the last six months of 2012, the Cyber Tipline handled 113,009 reports of child pornography from electronic service providers.

Verizon officials would not go into the particulars of how it scans customers' content. "All we do is follow the law," said Verizon spokesperson Linda Laughlin. But they acknowledged that the company uses a database of mathematical fingerprints of known images of children generated by the National Center for Missing and Exploited Children, using a technology called PhotoDNA, which was donated by Microsoft just over a year ago.

To serve and protect

The NCMEC database includes mathematical "hashes" for tens of millions of images and videos reviewed by NCMEC—the group reviewed over 17.3 million such files in 2011 alone. PhotoDNA, which Microsoft offers free of charge to law enforcement agencies as part of the NetClean Analyze digital forensics tool, hashes biometric information within the photos and videos rather than making calculations based on the files themselves, so the scanning software can be used to recognize images even when they've been resized or cropped.

That's an improvement over the original hash database kept by the Child Victim Identification Program, which used fingerprints of files and provides no way of dealing with altered images. By sharing the hashed "fingerprints" of images in which children have been identified performing sexual acts, NCMEC makes it possible for law enforcement officials, cloud storage services, and hosting providers to check large volumes of files for matches without having to keep copies of offending images themselves.

Verizon doesn't provide cloud services itself; it contracts out with cloud storage providers who operate data centers to provide the backend for its Online Backup and Sharing service for FiOS and other cloud storage services. Laughlin said that for security reasons, Verizon would not discuss which vendors were involved in scanning customer's files—or how frequently that scanning happened. But Verizon's own terms of service documents say that the Online Backup and Sharing service is provided by Digi-Data Corporation of Broomfield, Colorado.

Crypto clearance

It's Digi-Data that actually performs the scan of users' content; the company in turn reports possible "hits" in content to Verizon's security team, who in turn associates those hits with a specific account and passes them to the NCMEC Cyber Tipline. So when Albaugh's computer uploaded the videos and images he had stored on his computer's hard drive, they traversed Verizon's network to a third party's data center. It was there that a scan detected images of children who were known to be victims of child pornography.

If Albaugh had been a bit more technically aware, he might have encrypted his data locally, which would have kept him from being caught so easily. While the data passes over Verizon's network encrypted, it would have to be either stored unencrypted or decrypted with a local key at the data center to be detected by the PhotoDNA hash scan. It's more likely that user backups are stored encrypted at rest using AES encryption or a similar scheme and then decrypted programmatically for scanning and transmission back to the customer.

Verizon isn't the only cloud provider that performs some level of scanning of its content. Dropbox, for example, spells out in its terms and conditions the many things users aren't allowed to do with the service, including "Don’t share 'unlawfully pornographic' material." The company will cancel your account or worse if you try to. Dropbox also says it "may collect" information on "all the files you upload or download."

And like all cloud providers, Dropbox and Verizon (and others) must be able to provide files stored in the cloud to law enforcement—in some cases without a warrant. The Electronic Communications Privacy Act Amendments Act of 2012, which would have offered cloud-based storage greater privacy protections, failed to get out of the Senate last year, so the "stored communications" that are your personal files will be open to scrutiny for the foreseeable future.


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.