I would be classified as a pedo if my pictures were on iCloud... even if some of the naked kid is me... I also have pictures of my kids playing in the bath.
Fortunately that’s not how it works. You would have to have a whole collection of known and identified CSAM to be classified as anything at all with the system Apple has announced.
No, their AI accepts some deviation. And we don't know how many false positives it takes to start a human review. And for privacy of course different people will evaluate different photos. And a human without context will flag a picture of a kid on the bath as child pornography. It is a very real possibility OP is made a suspect because of this.
Even if we accept that your image of your kids in the bath will match the hash of a known and identified CSAM picture (a real stretch), under this system the voucher payload does not contain the private key to decrypt the picture, so nobody will be able to evaluate a photo or flag it as anything. Humans have access to a “visual derivative” based on the perceptual mechanism used to create the hash, but not to the actual photo.
Other companies have CSAM scanning and reporting with much fewer safeguards and the “my kid in the bathtub” scenario hasn’t seemed to actually be a problem.
No? The scanner only checks for matches against images in NCMEC's database, so you can take as many pictures of your kids as you want, it won't trip the scanner.
Considering it's a perceptual hash match, some difference is accepted. Such confidence in the infallibility of these methods usually precedes the method being used to go jail some poor innocent bastard. After all, if he wasn't guilty, it wouldn't have tripped the scanner.
You're not going to go to jail based off tripping a scanner, however a judge will authorize a search warrant based off tripping a scanner. If you trip the scanner the police will be paying you a visit with a search warrant in hand. They will confiscate all your electronic devices. Come to think of it, that's going to be interesting in the new world of work from home - because those devices are going to include your employer's devices. It'll be interesting to see how all that works out.
NCMEC's database is constantly growing; Facebook reported 20 million instances of it over the past year. Say John Q Pedophile has a collection, and his collection includes a bunch pictures which have been reported elsewhere mixed in with the original stuff he's producing, if you detect those images you have probable cause to bring him into custody without completely infringing on someone else's ability to take pictures of their kids on the beach.