[psychometry]

Thus the manual review. No one's going to be going to prison over a hash collision here.

[gameman144]

But a manual reviewer in Cupertino or elsewhere still gets access to your personal (possibly very intimate or otherwise private) photos. Privacy from law enforcement is hardly the only privacy that people value.

[Jtsummers]

If you desire privacy, never upload your images to any cloud service that doesn't offer true end-to-end encryption of the data (that is, one where they do not have the key). Use a service where data is only decryptable on your own devices or devices that you personally authorize. Which is, presently, none of the popular services that I'm aware of.

[kemayo]

It's even probably the right choice for a popular service to have made.

Full E2E encryption is going to trigger nightmare "I lost all my photos" customer-service stories when people forget their passwords... which is acceptable when you deliberately signed up for a service where security was the selling point, but not great for someone who bought a mass-market phone.

[Jtsummers]

Yep. See the perennial complaint about Signal as a demonstration of that. They don't persist your messages across devices on privacy/security grounds. That's fine, it's why I use it (or one motivation for me to use it). But it's contrary to what many people expect from that kind of service.

[pa7ch]

Thats the issue with local scanning, even if you used an e2e cloud for your photos the encryption would be bypassed with local scanning.

[threeseed]

They would only have access to the photos that are being reviewed.

And you can either choose between (a) someone having to see your photos or (b) relying on an automated but imperfect process. You have to pick one.

[sulam]

Uh, can't I choose not to have my private images scanned? I think that's still a choice, right?

[kemayo]

It is, but it's perhaps incompatible with uploading your private images to a cloud service.

[threeseed]

Of course. But the second you enable iCloud Photo Library and want to upload your private photos to Apple's servers than you need to comply with their Terms & Conditions.

Which includes them scanning your photos for CSAM.

[concinds]

Not when using a commercial cloud service, no.

[b112]

I used to work in the same building, as a department with legal authorities (purposefully vague here), and the burn out rate was astronomical.

Good, descent people, waking up screaming, cold shakes, permanently damaged from what they could not unsee.

You couldn't pay me enough to go through images of such sickness.

Outside of all the yes/no, on/off phone stuff, how are they going to hire, and keep staffed, a department of people having to look at this stuff.

How are they going to insure it?!

[Jtsummers]

Right. Requiring exact matches for this kind of material is absurd as a single pixel change would foil any detection. So everyone, practically speaking, trying to detect it is going to use some form of hash algorithms. And every hash algorithm, by definition, permits potential collisions and false positives. Which is why any sensible program will use a manual review process before pushing anything forward to law enforcement. Apple's system, requiring ~30 matches, means that you'd have to have 30 or so false positives that also happen to look like CSAM to manual reviewers to end up getting a false case sent off to law enforcement.