eDiscovery Daily Blog

• November 9, 2017

It sounds crazy, right?  Facebook wants you to stop worrying about your nudes being shared without your consent by actually sending it your nude photos.  It may not be crazy as it sounds.

In the article Facebook: upload your nudes to stop revenge porn, written by Lisa Vaas on the aptly named site Naked Security (what else?), the concept is introduced this way: “Facebook hasn’t given much detail, but from what little has been shared it sounds like it’s planning to use hashes of our nude images, just like law enforcement uses hashes of known child abuse imagery.”

Just as we generate hash values of documents in eDiscovery to identify duplicates, the same type of technology can be applied to photos.  So, the same photo, or identical copies of it, will always create the same hash.  A hash of your most intimate picture is no more revealing than this example provided in the article:

48008908c31b9c8f8ba6bf2a4a283f29c15309b1

Since 2008, the National Center for Missing & Exploited Children (NCMEC) has made available a list of hash values for known child sexual abuse images, provided by ISPs, that enables companies to check large volumes of files for matches without those companies themselves having to keep copies of offending images or to actually pry open people’s private messages.

The hash originally used to create unique file identifiers was MD5, but Microsoft at one point donated its own PhotoDNA technology (which creates a unique signature for an image by converting it to black and white, resizing it, and breaking it into a grid) to the effort.

Facebook hasn’t provided any detail as to whether that’s the technology it plans to use, but it has announced a pilot program with four countries – the UK, the US, Australia and Canada – in which people will typically be advised to send the photos to themselves via Messenger.  Facebook says that it won’t be storing nude pictures but will use photo-matching technology to tag the images after they’re sent via its encrypted Messenger service.  In theory, that would be enough to enable Facebook to take action to prevent any re-uploads, without the photo being stored or viewed by employees.

The author notes that she has submitted questions to Facebook for more info and poses an interesting question in the article: “For example, what safeguards are in place to ensure that people can’t take any old picture they want – a non-porn publicity photo, for example – and send it in, under the false premise that it’s a nude and that it’s a photo they themselves have the rights to have expunged from social media circulation?”

Good question.  Nonetheless, it’s an interesting concept and idea to prevent revenge porn – provided you can actually convince people to upload those photos and trust Facebook with them.

So, what do you think?  Do you trust hash technology to keep your most embarrassing photos from becoming public? As always, please share any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Sharon Nelson and her Ride the Lightning blog (my go to source for interesting cybersecurity news) for the reference to the story.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.