Microsoft Teams: A vector for child sexual abuse material with a two-day processing time for complaints Australia's e-safety commissioner, a government agency charged with keeping citizens safe online, has delivered a report on seven tech platforms' mechanisms to protect children from online sexual abuse – and found most don't respond quickly, or have the processes to do so well. The commissioner oversees Australia's Basic …
Are we here in agreement that, alone, software solutions for preventing/mitigating CSEA are not sufficient? In other words, human action is required. Well, who does <insert do-gooder here> expect to do this? Or do they believe this is solvable with technology alone?
I tried to find sources that indicate (eg) PhotoDNA can not be bypassed by modifying an image (cropping/inverting/changing-colours etc) to mismatch against the stored hashes (of known offending material). I didn't find any. Is the source available? Doubt that very much.
It's further obvious that false claims can be made against innocents, both in good faith and maliciously (to make their life hell).
I'm repeating this quote from the other day, it's too pertinent:
Looking forward 20 years, I'm quite certain that the coming of the computer will have a significant effect on all businesses and most private lives. Whether these effects will be fully favorable, as they could be, or in-part harmful, will depend on whether those that make policy decisions are aware of what computers can do and what they cannot do.
- John G Kemeny
Is why they were proposing their CSAM detection scheme last year that was to check the unencrypted copy of the photos on the phone as they were uploaded. Because once that full encryption was available, any sort of cloud side scanning would no longer be possible for anyone who has enabled the full data encryption (Apple hadn't been doing any cloud side scanning which is what Australia is complaining about, reportedly Google and Amazon do perform such scanning)
The backlash Apple received for proposing automated checking of everyone's phone (as opposed to just those subject to a court order) caused them to back off, and is undoubtedly the reason they mentioned in the same announcement that those plans had been permanently shelved. They're letting people know "we gave you what you asked for, so don't complain to us later because some bad people are misusing it".
Australia is complaining now, wait until they find subpoenas for iCloud contents being returned with "no data available" because the suspect has enabled full data protection! Guess the cops will have to content themselves with dealing with scum like Cellebrite to get the evidence off a suspect's phone (and if necessary use that phone to get it off iCloud)
Since no one has figured out how to secure software projects of any size, let alone something on the scale of a smartphone OS, I guess no matter how much whack a mole Apple plays with them fixing the exploits they're using there will always be another way in.
In the old days, one of the shining characteristics of British (and Western in general?) justice was neatly and proudly summed up by the saying “better that a dozen guilty men go free, than that one innocent man be wrongly convicted”
Well now thanks to mob hysteria, showboating politicians and single-issue pressure groups, that’s morphed into “better that a dozen innocent men be wrongly accused, have their lives and reputations ruined, and suffer oppressive surveillance measures, than that one guilty man go free”.
Progress.
If Microsoft is really dealing with this kind of thing in a couple of days then I'm very pleasantly surprised. They seem to ignore all my abuse reports.
Microsoft is consistently one of the top five spam sources listed by Spamhaus.
As of 17 December 2022 they're in fourth place, with 1,872 listings in the SBL, some of which are years old. They're behind third-rate Google with 2,020, some of which are even older - years older - than Microsoft's worst efforts.
Here are the oldest five issues outstanding today:
SBL471344 -- 31-Dec-2019 -- 40.92.73.10 -- Abused / misconfigured newsletter service (listbombing)
SBL465577 -- 22-Nov-2019 -- 104.47.53.164 -- Spam source @104.47.53.164
SBL457222 -- 14-Aug-2019 -- 23.100.23.67 -- Malware botnet controller @23.100.23.67
SBL450544 -- 15-Jun-2019 -- 13.107.42.13 -- Malware distribution @13.107.42.13
SBL429716 -- 11-Jan-2019 -- 40.92.72.108 -- Abused / misconfigured newsletter service (listbombing)
Source: https://www.spamhaus.org/sbl/listings/microsoft.com
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
