[ashildr]

Encryption does not help, Apple still is responsible. If Apple intends to let the user store photos in iCloud (or send by imessage) encrypted, they either have to keep the keys, so they can decrypt and scan the photos or or to keep the user from uploading incriminating content. Apple found a third way: they will only get to reconstruct the keys if the user uploads too many pictures triggering alarms.

[adambatkin]

Source? I am not aware of a law in the US that requires Apple to actively scan images, or to store them unencrypted (or keep copies of the keys).

[hef19898]

The US aren't the only government with a stake in that. And countries like China, Saudi, the Emirates have a lot of leverage. Financially and diplomatic. Heck, Facebook bowed to Myanmar just to get the users there.

[nicce]

Every cloud infrastructure holder is required for doing that. Closing an eye does not take a duty away. You must be actively pursuing that. Encryption would start flood of new laws

https://www.govinfo.gov/app/details/USCODE-2011-title18/USCO...

[skinkestek]

Tarsnap exists so either it is legal when done right or tarsnap is a walking dead and I haven't heard anything to that effect from any credible source.

[nicce]

I guess that service slightly goes out of the scope for active scanning, because it is for general backup, not a cloud especially for photo sharing and storing.

[skinkestek]

And that is my point: by tying oneself to the mast, denying oneself the access to navigate after the sweet sweet sound of user data, it becomes possible to sail straight past the sirens.

Today this is less about physically tying management and physically putting wax in the crews ears and more about technically and legally making oneself unable to touch the juicy juicy customer data.

[ryanlol]

Those laws do not exist (yet?). You can’t justify this as a compliance measure for legislation that does not exist.

[nicce]

Yes, but current laws also restrict storing images as E2E encrypted, so there is dilemma?

[ryanlol]

Where are you getting this from? That’s simply not true. It’s perfectly legal to “store images as E2E encrypted”

[nicce]

Encryption itself is not illegal, but it might make harder to comply other legal requirements. I have just heard this many times, and now I read the whole law (curse me). It says on 2258Af part especially that there is no requirement to find evidence of CSAM material all the time. However, if NCMEC especially shares some information about visual depictions and asks to stop redistribution, then provider is required to comply in some cases. For example if they share hashes and these should be stopped. To be able to stop this data, then search is required and complying this with E2E encryption is not possible.