The question is not whether or not a person stored child porn in the cloud, but by what authority Verizon assumes the power to sift through your data and report their findings directly to a private corporation with no contractual relationship with the user, who then in turn reports it to law enforcement?
Verizon turns in Baltimore church deacon for storing child porn in cloud -- Verizon detected porn in his backups.
A deacon at St. Joseph's Church in Fullerton, Maryland, a suburb of Baltimore, was arrested last week for possession of child pornography after Verizon detected images and videos of children performing sexual acts.
Verizon detected the pornographic images stored in Albaugh's Verizon Online Backup and Sharing account. The company reported his account to Center for Missing and Exploited Children, who in turn passed the information to Baltimore County law enforcement. Police investigating the case found files both on his Verizon account and on a flash drive, and authorities seized two PCs and an iPad as well. Albaugh said he used the iPad to view "nudist websites that include pictures of children," The Baltimore Sun reports. <Source: Verizon turns in Baltimore church deacon for storing child porn in cloud | Ars Technica>
One question that comes to mind: Why was the information turned over to the Center for Missing and Exploited Children, which is a private non-governmental corporation? And they reportedly turned the information over to law enforcement. I could understand turning the information over to law enforcement directly – but not a private corporation with no contractual relationship with the user. Were only the alleged images provided or did they provide additional information to this private corporation?
The National Center for Missing & Exploited Children® was established in 1984 as a private, nonprofit 501(c)(3) organization. NCMEC works in partnership with the U.S. Department of Justice to help law enforcement find missing children, eliminate child sexual exploitation and prevent child victimization.
When technology vendors act as unpaid agents of the government, there is a serious doubt that your data is safely and securely encrypted and beyond tampering by the vendor’s personnel or unspecified others.
Regardless of what is contained in Verizon’s unilateral user agreement, who can say that Verizon is not scanning for internal corporate data or communications-related developments? You only have Verizon’s word that they are acting ethically and responsibly. What if they routinely scan for keywords relating to government-related information?
Bottom line …
You lose a great deal of control when you consign your data to the cloud through a vendor’s whose actual policies are not transparent and hidden behind a unilateral agreement giving them almost unlimited power over your account and data..
One, you have agreed to hold the cloud vendor harmless if your data is corrupted, becomes inaccessible or is destroyed or deleted.
Two, you have no assurance that your deletions are actually performed and that the deleted data is not stored for further analysis or archived in such a manner as to be made accessible to anyone who cares to bring a legal action against you.
Three, you have no assurance where your data is stored or what country’s legal system can also make an access claim against your data.
Four, it appears – at least in encrypted backups – that you do not control the keys to your own kingdom.
It’s not that I am complaining about Verizon, but merely point out that they appear to be serving as an agent of the government – which suggests that the legal situation regarding data in the cloud is murky at best. Another reason to join the Electronic Frontier Foundation (www.eff.org) in their quest to bring the law into the digital age.
Reference Links …