Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I’m basically working under the assumption that scanning for CSAM is legally required.

It is explicitly not legally required in the US [1]. Providers are required to report "apparent CSAM" that they find on their own, but they are not compelled to search their servers or private devices for its presence.

And this is the case for a very good reason: if it was mandated by US law, then prosecutions would be subject to much stronger 4th amendment review under the "state action doctrine" (i.e., the companies are searching your files without probable cause as compelled representatives of the government.) The current arrangement evades this review under the very thin fig-leaf that US providers are doing the searching on their own.

[1] https://crsreports.congress.gov/product/pdf/LSB/LSB10713



FOSTA/SESTA and other law push back on that, wherein a neutral host (website, hotel) can be held responsible for crimes commited on their property if the government decides they are generally aware. Apple doesn't want to be an accessory. So even if they can't be required to scan, they can be punished for not scanning if something illegal turns up


IANAL and certainly don't want to defend those laws, but I believe FOSTA/SESTA ban providers from operating services with the intent to promote or facilitate various crimes. In other words, the provider has to knowingly distribute the material. I'm pretty sure that Apple encrypting its photo backup service would not satisfy these criteria, but if it did and the only way to comply with those laws was enforced CSAM scanning, then many CSAM prosecutions based on it would probably be tossed out.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: