Nicholas Weaver on Lawfare proposes a technological solution to a very human problem – child pornography:
… the ideal legislative solution would not try to weaken encryption. Instead, an effective proposal would go around encryption by mandating that everyone’s device examine every image—turning the current centralized mass surveillance system into a privacy-sensitive, distributed surveillance system. In this world, everyone’s phone and computer would check to see if the machine contained known child-abuse images; if present, those images would then be reported to the government or NCMEC. This would ensure that the status quo results of the current bulk surveillance system are maintained even if every communication were encrypted.
Such legislation would require that the National Institute of Standards and Technology (NIST), working with the private sector, develop and publish a public version of PhotoDNA. It needs to be public because introducing it onto phones and computers would naturally reveal the details of the algorithm, and NIST has the experience necessary to select public algorithms in the same manner it selects cryptographic algorithms.
A public version would be less resistant to someone permuting images—but this is acceptable, as once a permuted version is discovered through some other means, the image is once again detectable. Additionally, both phones and computers currently have protected computing environments, usually for digital rights management, that could also be used to protect the “public” PhotoDNA algorithm from tampering.
NCMEC would then provide a downloadable approximate hash database. Such a database wouldn’t list all hashes but would use a probabilistic data structure to save space. That is, if a hash matches in the database, the database will say with certainty “yes, there is a match,” but if a hash is not in the database, it will only indicate that there is probably not a match.
The legislation would finally require that all major operating system vendors, notably Apple (MacOS/iOS), Microsoft (Windows) and Google (Android), include code to automatically scan every image and video when it is downloaded or displayed, calculate the hash and check against a local copy of the database. If the image matches, the system must query NCMEC to see if there is an exact hash match and, if so, upload a copy to NCMEC with associated identifying information for the computer or phone.
This would offer several advantages over the existing system. Cryptographic protections would simply become a nonissue, as the scanning would take place when the image is displayed. It would also significantly reduce the number of companies that need to be involved, as only a few operating system vendors, rather than a plethora of image hosters and other service providers, need to deploy the resulting system.
Weaver does understand there might be some objections:
Of course, civil libertarians will object. After all, this is mandating that every device be a participant in government-mandated mass surveillance—so perhaps it might be called a “modest” proposal. It is privacy-sensitive mass surveillance, as devices only report images that probably match the known NCMEC database of child exploitation images, but it is still mass surveillance.
PhotoDNA is a program that generates a hash value for use in comparisons from various types of media files, and it appears that its virtue in this application is that, unlike some hash programs, a minor change in the content of the media file results in only a minor change in resultant hash file, thus permitting “approximate” searches. More here.
I have a sad feeling this scheme would prove ineffectual.
First, while I’m not familiar with PhotoDNA, I suspect Weaver’s hanging his hat on NIST (National Institute of Standards and Technology) expertise is a mistake. Not that I doubt NIST, but, at its basic, cryptography vs the basics of PhotoDNA would appear to be quite different from each other. Cryptography algorithms depend on one-way mathematical functions, which is to say running a calculation in reverse is extremely expensive without key parts of the data – that is, the key itself.
PhotoDNA doesn’t seem to require that type of processing, and while I recognize that it can detect some minor changes to a picture, this capability is notoriously touchy. If the algorithms do go public, all it takes is a pedophile with good programming skills to sniff out those weaknesses, and then write a program which either builds a randomly changed picture with those weaknesses in mind, or even worse changes the picture, queries the proposed database for a match, and doesn’t show the picture if it gets a match; it could also run PhotoDNA on the original and the changed picture and not show the picture if PhotoDNA’s emitted hash values are approximately the same, and instead introduce another random change, rinse and repeat. Another approach is in the communications channel, where the child porn software could randomly change the picture on each transmission, thus foiling Weaver’s remark concerning database updating each time an unacceptable picture is intercepted.
The problem is that the goals of those attempting to subvert cryptography programs and those attempting to evade detection by PhotoDNA are fundamentally different. Cryptography programs are responsible for transforming the intelligible into the unintelligible and back into the intelligible; subverters must either gain access to the mathematical keys, or subvert the mathematical functions themselves. Those involved in child porn, on the other hand, will be attempting to evade detection by PhotoDNA. They don’t need to break a complex mathematical formula, using skills on the level of a Nobel prize winner. All they need to do is manipulate the data so that it goes beyond detection by PhotoDNA. This is why NIST may not perform up to snuff, although I am not aware of all of their competencies. I simply note that if Weaver is depending on their cryptography expertise in algorithm selection, he may be disappointed.
And, finally, the mass surveillance is a real concern, and a probable show stopper. Not because it’s monitoring pictures, but because it sets up a government run communications system that can be used by anything, say any bit of government-sponsored piece of malware. Not that these government communication nets don’t already exist on our phones, I’m sure, but to do so officially is not an acceptable proposition to the civil libertarians.
There may be a technological solution to the problem of child porn, but I don’t think this one will work.
