Anything could be added to the hashes with the user having no way to know what’s being searched for beyond “trust us”. This could be partially alleviated if, for example, the hash had to be signed by organizations in a combination of states that’d make it difficult to push through hashes for anything other actual CSAM (so not just Five Eyes)
Adversarial examples to intentionally set off the filter were demonstrated to be possible. Apple made it clear that there are types of content they’d be legally obligated to report once they became aware of, and it’d be well within a government agency’s capabilities to honeypot, say initially, terrorist recruitment material
Coincidental false positives are also entirely possible (ImageNet had some naturally occuring clashes) and can result in their employees seeing your sensitive photographs
The user’s device acting against the user cements other user-hostile and privacy-hostile behavior. “People could circumvent the CSAM scan” would be given as another reason against right to repair and ability to see/modify the software your own device is running
Tech companies erode privacy by flip-flopping between “sure we’re giving ourselves abusable power, but we’ll stand up to governments pressuring us to expand this” and then “well what were we supposed to do, leave the market?” when they inevitably concede
What’s anything? They are not looking for any CSAM pictures they are looking for specific ones that are in a database. Its not like they can create a hash for a guy letting his dog on a horse and find all those pictures.
they are looking for specific ones that are in a database
They could be looking for any images without your knowing - there’s no guarantee that those images came from a CSAM database.
Its not like they can create a hash for a guy letting his dog on a horse
They could trivially create a hash for a picture of a guy letting his dog on a horse (which would also include other very similar images).
I didn’t necessarily mean to claim that they can scan for a concept lacking a fixed image, if that’s what you’re saying. That would theoretically be possible with enough hashes, but impractical.
Anything could be added to the hashes with the user having no way to know what’s being searched for beyond “trust us”. This could be partially alleviated if, for example, the hash had to be signed by organizations in a combination of states that’d make it difficult to push through hashes for anything other actual CSAM (so not just Five Eyes)
Adversarial examples to intentionally set off the filter were demonstrated to be possible. Apple made it clear that there are types of content they’d be legally obligated to report once they became aware of, and it’d be well within a government agency’s capabilities to honeypot, say initially, terrorist recruitment material
Coincidental false positives are also entirely possible (ImageNet had some naturally occuring clashes) and can result in their employees seeing your sensitive photographs
The user’s device acting against the user cements other user-hostile and privacy-hostile behavior. “People could circumvent the CSAM scan” would be given as another reason against right to repair and ability to see/modify the software your own device is running
Tech companies erode privacy by flip-flopping between “sure we’re giving ourselves abusable power, but we’ll stand up to governments pressuring us to expand this” and then “well what were we supposed to do, leave the market?” when they inevitably concede
What’s anything? They are not looking for any CSAM pictures they are looking for specific ones that are in a database. Its not like they can create a hash for a guy letting his dog on a horse and find all those pictures.
They could be looking for any images without your knowing - there’s no guarantee that those images came from a CSAM database.
They could trivially create a hash for a picture of a guy letting his dog on a horse (which would also include other very similar images).
I didn’t necessarily mean to claim that they can scan for a concept lacking a fixed image, if that’s what you’re saying. That would theoretically be possible with enough hashes, but impractical.