No Right To Privacy: CBI Asks Social Media Firms To Use Invasive Software to Surveil Photos
According to the CBI directive, PhotoDNA, a software used for exclusively child pornography identification, will now be used for all criminal cases.
In a clear violation of the right to privacy, the Central Bureau of Investigation (CBI) has asked social media platforms like Facebook to run Microsoft-owned PhotoDNA for the investigation into regular criminal cases. As per international norms, the software is “exclusively used to identify child exploitation images”.
“For the purpose of investigation, you are requested to conduct PhotoDNA in respect of photographs CBI asks social media firms to use intrusive photo tech to track suspects enclosed herewith. The said information is required very urgently for the purpose of investigation,” the investigative agency stated in its letter to social media platforms, issued this month, the Indian Express reported.
Apar Gupta, executive director, Internet Freedom Foundation, told IE, “If any police or investigative agency is using PhotoDNA for a general crime investigation, it is a massive breach of the intended purpose of this technology, which is only for checking child sex abuse cases. This is the slippery slope of surveillance and censorship.”
How does the software function?
If social media firms follow the directives of CBI, then they will run a surveillance search on all the photographs on their servers — including users who are neither charged nor suspected — using PhotoDNA software. It means that the search will not just be limited to any suspect’s account. Although the Microsoft software is free to use, its use for other purposes has been restricted internationally because it directly amounts to imposing restrictions on a free and open Internet and legitimises broader regimes of censorship, the report added.
For every image, PhotoDNA creates a unique digital signature or “hash”. This signature is compared with other pictures to find copies of the same image. If it matches with “hashes” of previously identified illegal images in the database, child exploitation material distribution is detected, disrupted and reported.
These databases of “hashes”, however, are not maintained by Microsoft. Law enforcement agencies use US-based National Center for Missing and Exploited Children (NCMEC), the Internet Watch Foundation and Project Vic, among others for matching the digital signatures with “hashes” in the database.