The problem with the US statute for CSAM is that possession is illegal, not just intentional creation/collection/distribution. The person being hacked has technically broken the law, even if they don’t get prosecuted.
I don’t know how often unintentional possessors are prosecuted, but the US system of prosecution makes it easy for an innocent to get railroaded by threats of massive charges and comparatively leanient plea deals, combined with punitive sentencing for those who reject the plea bargain. Think Aaron Schwartz, but without any intent to violate the law.
> The person being hacked would still be investigated by the FBI
As someone with family in the FBI (one on a relevant team) and a local LEO that was deputized to do this work for the US Marshals, that doesn’t reassure me. The best forensics employees in the FBI with enough resources can identify that there was a hack and that the account owner is innocent. We live in a world of scarcity where that much effort is not always invested.
I think the client-side versus server side is more about relative trade offs of who owns the client device (and what “ownership” means) and whether the equivalent server side search is technologically feasible (might not be if the client encrypts with a key only the client owns, as some have speculated about Apple’s future plans).
I don’t know how often unintentional possessors are prosecuted, but the US system of prosecution makes it easy for an innocent to get railroaded by threats of massive charges and comparatively leanient plea deals, combined with punitive sentencing for those who reject the plea bargain. Think Aaron Schwartz, but without any intent to violate the law.
> The person being hacked would still be investigated by the FBI
As someone with family in the FBI (one on a relevant team) and a local LEO that was deputized to do this work for the US Marshals, that doesn’t reassure me. The best forensics employees in the FBI with enough resources can identify that there was a hack and that the account owner is innocent. We live in a world of scarcity where that much effort is not always invested.
I think the client-side versus server side is more about relative trade offs of who owns the client device (and what “ownership” means) and whether the equivalent server side search is technologically feasible (might not be if the client encrypts with a key only the client owns, as some have speculated about Apple’s future plans).