back to article Microsoft sued by staff traumatized by child sex abuse vids stashed on OneDrive accounts

Two former Microsoft employees have sued the Windows giant seeking compensation for the mental trauma of screening child sex abuse photos, murder videos, and other extreme content flowing through the company's online services. Henry Soto and Greg Blauert were assigned to Microsoft's Online Safety Team, formed in 2008 following …

Page:

  1. Vimes

    ... following a federal requirement that unlawful material like child pornography must be reported to the National Center for Missing & Exploited Children (NCMEC).

    A requirement to report something as and when it's found as a result of a support call or other associated activity is one thing, telling companies that they have to actively go out and find things to report is quite another. It's difficult to believe that the latter is really a requirement.

    I won't shed any tears for any perverts caught out by this, but all the same: by what right have Microsoft been rifling through the private files belonging to their users?

    1. joed

      It's not private once in their cloud. Hopefully everyone will eventually wise up to this concept.

      1. Steve Davies 3 Silver badge

        Cloud?

        It's not private once in ANY cloud. Hopefully everyone will eventually wise up to this concept.

        There fixed it for you.

        1. Tom 7

          Re: Cloud?

          Just make sure you dont put your private key up there!

        2. Anonymous Coward
          Anonymous Coward

          Re: Cloud?

          "It's not private once in ANY cloud. Hopefully everyone will eventually wise up to this concept.

          There fixed it for you."

          There's this thing called encryption. You can use it to make it very very very hard for other people to read your files unless you want them to. You can then put your files anywhere and only those who get the special magic keys to read it can do so.

          Cloud servers can be set up to properly encrypt data. My own one won't let me see what others have on it, and if I lose my keys I lose my data.

          1. Anonymous Coward
            Anonymous Coward

            Re: Cloud?

            There's this thing called encryption. You can use it to make it very very very hard for other people to read your files unless you want them to. You can then put your files anywhere and only those who get the special magic keys to read it can do so.

            If I have them at home someone will first have to gain access to them before they can start to decrypt them, and it's encrypted with my software of my choice. In addition, any idiot seeking to mount surveillance will have to gain access to my premises. In the process, there is plenty of opportunity for me to notice that someone is trying to gain access and change things, and automated surveillance is not possible.

            If I have data in the cloud, I have no view on who takes a copy for themselves, and if I make the mistake of using the vendor-supplied encryption I also have no idea if there is a backdoor or not. In one go, I have introduced two uncontrolled variables into my risk equation.

            In addition, it always amuses me when especially US companies claim to have some form of warrant canary or "transparency" - read the contents of any NSL and see what the implications are for anyone opening their mouth about it and you'll realise that those tools and statements too are more marketing than reality.

            A cloud is a cloud is a cloud, and a private cloud is more marketing statement than evidence of protection. If you have something of value to protect, using a cloud for it requires a lot more thinking about the risks you attract in doing so.

        3. BillG
          Megaphone

          Counseling?

          Microsoft began providing counseling for members of the Online Safety Team, to address a condition the company allegedly referred to as "compassion fatigue." But the complaint claims the services were inadequate.

          If the counseling is anything like what is provided to U.S. troops with PTSD, all they do is throw drugs at them. A good friend of mine, U.S. Army veteran, was given two anti-depressants and two sleeping pills. All it really does is put his emotions on hold.

          Best therapy? Just listen and be a friend.

          1. goldcd

            and don't take a job

            where your entire purpose is to look at the dregs of humanity.

            1. badger31

              Re: and don't take a job

              Like working for microsoft? (joke icon)

              But seriously - the article says the appointment was made 'involuntarily'. I mean shit! Anyone actually wanting to do this job absolutely must not be allowed to do it.

              And on a related note, a very good friend of mine, many years ago, managed to get the job he really wanted - a police man. That's a job you couldn't pay me enough to do, but someone's gotta do it. After a short time in the job he was a wreck. All the horrible shit he had to deal with on a daily basis was really grinding him down. I had to remind him that most people aren't all that bad, but his job is to deal with the ones that are, giving a warped sense of reality.

              He got over it by becoming a tough son-of-a-bitch.

              I'm not sure what you would have to become to deal with what Soto and Blauert had to deal with.

            2. Goldmember

              Re: and don't take a job

              "where your entire purpose is to look at the dregs of humanity."

              One of the guys in the article was "involuntarily" moved to the snooping team.

          2. Anonymous Coward
            Anonymous Coward

            Re: Counseling?

            Best therapy? Just listen and be a friend.

            Agree 100%.

            He has now passed away, but I had a friend who had seen serious action in Africa in the French Legion. I met him when he had just made it back (read: totally *not* ready for society), and I immediately got on with him. I lost count of how many nights we spent talking and drinking, but eventually we got some of the demons to settle. You cannot erase memories, but you can help people accept them as part of the past, not of the future.

            Personally I think it's criminal to fob off returning soldiers with pharma, that's not what they need and very poor payback for them risking their lives.

    2. kain preacher

      Because MS is a big target and if they did not do this some jack ass federal agent or poltician would go affter them for not doing enough.

    3. Pascal Monett Silver badge

      I hiccuped at that part as well, but then I doubled back and re-read the paragraph more carefully. It states that the employees check on all things posted to Bing and stored on OneDrive - in effect, making their activities totally legit since they are checking on "publicly available" data.

      So nothing to get all angsty about there. But I did do a double-take on that.

      1. MiguelC Silver badge

        @Pascal

        "stored on OneDrive" is not public, or at least shouldn't be unless the user specifically grants someone else access.

        It may be just files and photos you backup from your phone and that no one else has access to.

        And, just as an example, shouldn’t it be illegal for MS to view your private photos?

        1. Hans 1
          Happy

          Re: @Pascal

          I have a photo of a bin on OneDrive, it sports a "Designed for Microsoft Windows Vista" sticker.

          Glad to read they will eventually look at it ... also, happy to know I avoid storing company data on OneDrive, I knew they were snooping ....

        2. toughluck

          Re: @Pascal

          @MiguelC

          And, just as an example, shouldn’t it be illegal for MS to view your private photos?

          Should it be legal for law enforcement to rummage through private belongings in search of contraband, drugs or explosives? I specifically say law enforcement, because people frequently complain about them. Assuming we agree that they have a right to search, let's go further on this.

          Namely, if you see somebody acting suspiciously, should you report it or not? Should you intervene in any way? The reason I'm bringing this up is that you may be held liable for aiding the perpetrator if you were the only witness and there was no way for you to not notice the suspicious activity.

          Same goes for every cloud operator. If a trial finds that a specific cloud storage service was used to disseminate illegal data, you can be sure that prosecution will follow up on this and go after the operator to check if it was possible to prevent this.

          And it makes perfect sense. Otherwise corporations could not be held liable for individual employee illegal activities (for instance, participating in corruption).

          1. Pen-y-gors

            Re: @Pascal

            @toughluck

            and should the Royal Mail/US Postal service be liable for not steaming open and reading every letter and parcel?

            1. kain preacher

              Re: @Pascal

              They are gov agency therefore protected. Plus in the US mail has been protected. Stuff on line nope.

              Here is an example. If an email is more than 90 days old in the S the plod does not need a warrant to look at it. Physical letters needs warrants no matter how old they are.

              1. Eddy Ito

                Re: @kain preacher

                And there lies the problem. If you're renting space the landlord isn't allowed to just walk in and snoop about. It shouldn't matter if that space is a house, storage unit, cloudy drive, email, or whatever. The problem is that legislation, as always, hasn't kept pace with technology. Then again, it hasn't really tried which is probably for the best since the legislators don't understand it.

              2. Anonymous Coward
                Anonymous Coward

                Re: @Pascal

                Here is an example. If an email is more than 90 days old in the S the plod does not need a warrant to look at it.

                I know, and I've been wondering what would happen if someone re-dates their email one year into the future. Not sure if you could get your provider to play along, but it's not beyond the reach of a bit of scripting - that would be annoying BOFH style :)

            2. Wayland

              Re: @Pascal

              "and should the Royal Mail/US Postal service be liable for not steaming open and reading every letter and parcel?"

              If the Royal Mail want to take on that task then they should tell their customers they are doing this. Then if a crime is committed and the Royal Mail failed to prevent it then they should offer one of their own to do the jail time.

          2. Anonymous Coward
            Anonymous Coward

            Re: @Pascal

            Should it be legal for law enforcement to rummage through private belongings in search of contraband, drugs or explosives? I specifically say law enforcement, because people frequently complain about them. Assuming we agree that they have a right to search, let's go further on this.

            No, we won't, because you're trying to skip over something. They do not have those rights, but they can gain permission to do via a legal process - in civilised countries this generally involves due process and convincing a judge to give them a warrant. They do NOT have a God given right to do as they please. In civilised nations, "making shit up" is also not going to fly.

            Now, calling the US civilised or not is a debate I will stay away from, but even the FBI has to gain permission (again, not rights, permission) for access, and that can sometimes even be limited to a very narrow class of search and targets.

            So no, it's not *quite* the Wild West you seem to think it is. They're trying to get it that far, sure, but it hasn't fully happened yet.

            that right by default - they can only given that

        3. Anonymous Coward
          Anonymous Coward

          Re: @Pascal

          And, just as an example, shouldn’t it be illegal for MS to view your private photos?

          You haven't worked your way through the complex warren of T&Cs and privacy statements you agreed to. There's a clause in there somewhere that you agree MS may inspect things. What I'm unclear about is if that doesn't require explicit permission in the EU as it invades privacy, but I recall coming across it when researching something else.

        4. Paul 195

          Re: @Pascal

          It's part of the T&Cs for services like OneDrive that you don't use them to store illegal content, and that Microsoft have the right to ban you from the service for so doing. Microsoft employees are not going through everyone's files to do this; this article and others have made clear that the initial determination is made by an automated scanner. It's only material flagged up by the automated scanners that is reviewed by an actual person.

          I don't have any problem with this personally as long as there are good controls to prevent employees from reviewing my material in the absence of any indication that they should.

          1. Vimes

            Re: @Pascal @Paul 195

            It's not spying if it's a machine doing it? Seriously?

            Microsoft employees are not going through everyone's files to do this

            It's irrelevant if it's a person or a machine doing it. At the end of the day Microsoft is putting every single private file under the microscope. That's wrong.

            Oh, and their services agreement also states that:

            [...] When investigating alleged violations of these Terms, Microsoft reserves the right to review Your Content in order to resolve the issue. However, we do not monitor the Services and make no attempt to do so.

            https://www.microsoft.com/en-gb/servicesagreement/

            1. Anonymous Coward
              Anonymous Coward

              Re: @Pascal @Paul 195

              It's not spying if it's a machine doing it? Seriously?

              Microsoft employees are not going through everyone's files to do this

              It's irrelevant if it's a person or a machine doing it. At the end of the day Microsoft is putting every single private file under the microscope. That's wrong.

              Here's the fun bit: it's also actually illegal in Europe. Not the very act itself, but to gain permission to access personal information you must obtain permission EXPLICITLY, NOT IMPLICITLY under EU privacy laws and national derivatives thereof (and there's more they screwed up, but this is the most major problem they have right now). Translated, MS has to ask you permission to access your data in a separate process of approval, not bury this little gem at the end of a 2TB EULA printed in light grey 6 point font on a white background and I am 100% certain they have not done so for any customer so far (nor have they done this for other products and services - that's how I discovered this).

              So, first of all, you have Microsoft's admission they're rummaging in the data you store with them, using the exact same excuse as Google ("we use computers, so please ignore the fact that it is us who tell these computers what to look for"), and next you have them hardcore breaking EU privacy law doing so.

              It's not Google, but at this point I think it's worth asking if you feel lucky..

              1. Vimes

                Re: @Pascal @Paul 195 @ac

                Here's the fun bit: it's also actually illegal in Europe

                In that case, this is also from the services agreement:

                The laws of the country to which we direct your Services where you have your habitual residence govern all claims relating to paid Services. With respect to jurisdiction, you and Microsoft agree to choose the courts of the country to which we direct your Services where you have your habitual residence for all disputes arising out of or relating to these Terms, or in the alternative, you may choose the responsible court in Ireland.

              2. Lotaresco

                Re: @Pascal @Paul 195

                "Here's the fun bit: it's also actually illegal in Europe. Not the very act itself, but to gain permission to access personal information you must obtain permission EXPLICITLY, NOT IMPLICITLY under EU privacy laws"

                You are failing to understand privacy law. "Personal information" does not mean "a stash of kiddy porn" it doesn't even mean "Things I don't want the authorities to see." There are strict legal definitions of personal data and sensitive personal data.

            2. John Smith 19 Gold badge
              Meh

              "It's not spying if it's a machine doing it? Seriously?"

              Yup.

              That's the argument the NSA uses and the one the UK Supreme Court accepted.

              Good to know your privacy in such safe hands, eh?

            3. Paul 195

              Re: @Pascal @Paul 195

              "It's not spying if it's a machine doing it? Seriously?"

              That very much depends on what the machine is doing and how much it records. After all, a number of machines have already "seen" any content you store on SkyDrive. So if the automated scanner takes a pass through all files as they are uploaded scanning for illegal content, and then forgets everything it did unless it finds something noteworthy, then no, I don't regard that as spying. It is spying if it provides detailed info on what everyone is storing and makes it available for review by someone else. As always, the details are quite important. At the moment, I don't have any particular reason to believe I am being "spied on". At least, not by Microsoft. The provisions of RIPA worry me considerably more than anything Microsoft are likely to be doing in order to remain on the right side of the law and to avoid their servers being used as caches for paedophile material etc.

        5. Anonymous Coward
          Anonymous Coward

          Re: @Pascal

          "And, just as an example, shouldn’t it be illegal for MS to view your private photos?"

          No, any more than its illegal for a storage company to go into the lock-up you rent off them if they need to make sure there's nothing flammable or dangerous stored there.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Pascal

            No, any more than its illegal for a storage company to go into the lock-up you rent off them if they need to make sure there's nothing flammable or dangerous stored there.

            Then they would have to pay you for damaging your lock. Every storage facility insists on you using your own lock (they may sell you one, but it must be yours) because they do not want to be stuck with the liability for theft. You normally agree contractually to provide access if they want to inspect (and, of course, to not do what they forbid you) but they can't just walk in as they please as you suggest.

            Ditto for MS, and there's even a question if demanding that of users is legal. For that matter, even Google's scanning of inboxes is technically illegal in Europe because they will not have had advance permission from non-Google senders for that (and that's not my opinion, that was the statement from Data Protection people in 3 different countries when asked off the record - this is not actively pursued because of politics more than law).

            1. Lotaresco

              Re: @Pascal

              " Every storage facility insists on you using your own lock "

              No they don't.

    4. Anonymous Coward
      Anonymous Coward

      It's a tough one, after all, sys admins have access to every file on their networks.

      If they didn't check the files (remember these are checking files flagged up by automated systems), then it would be impossible to ever get rid of the stuff or ban users. Either that or the just delete every file automatically flagged up by the scanning software.

      It's a bit of a tough call, and I wouldn't like to make it.

      1. Wayland

        I think it's fair enough that the operator checks the files. They should tell the users this. It's the users responsibility to keep their stuff secure. However I don't think the operator should be removing files it believe are illegal and then telling the police. That's tampering with evidence and also alerts the suspect.

    5. John Smith 19 Gold badge
      Unhappy

      "by what right have Microsoft been rifling through the private files belonging to their users?"

      The same "right" every sysop of every remote system I have ever used had.

      Because they can.

  2. Crazy Operations Guy

    "There are laws that require Microsoft, if they see something, to report it."

    Yes, but that doesn't mean barging into people's personal files to see if there is something to report...

    I could understand having a human look at a person's files if an automated system like PhotoDNA flagged it, but that should really be done be specially trained people like those that the FBI employs for this specific type of work.

    But I have to wonder, are there really that many people sharing such content on Microsoft's services that they need multiple special units to look into it?

    1. Anonymous Coward
      Anonymous Coward

      Re: "There are laws that require Microsoft, if they see something, to report it."

      "I could understand having a human look at a person's files if an automated system like PhotoDNA flagged it, but that should really be done be specially trained people like those that the FBI employs for this specific type of work."

      My landlord wants to send a robot into my house to check for illegal drugs etc. Should I let him? After all it won't be him rifling through my personal things including my personal documents, it'll just be his bot.

    2. joeaverage

      Re: "There are laws that require Microsoft, if they see something, to report it."

      Wouldn't this be a great use of the NSA/FBI/CIA? They don't respect privacy laws anyhow - let them start connecting pictures to perps and making arrests.

  3. bombastic bob Silver badge
    Big Brother

    poor widdle snowflakes... wait, what?

    On one hand, "oh my hear it bleeds for you" to the tune of 'hearts and flowers' on the world's smallest violin, for those poor widdle snowflakes who had to view illegal pr0n in order to discover that it was, well, illegal pr0n.

    On the other hand, as the previous poster so wittily pointed out, MICRO-SHAFT! IS! APPARENTLY! RIFLING! THROUGH! OUR! CLOUD! FILES! looking for things...

    what's NEXT on their list o' things to report, MEDIA PIRACY? Like someone who gets a takedown notice because of an unrelated youtube video in which a song is playing in the background on a TV or radio, barely audible, but just happens to be 'there' while the video is being recorded. Yes, I've seen this.

    MICRO-SHAFT: It's called *PRIVACY*, and you need to STOP INVADING IT!

    1. Mark 85

      Re: poor widdle snowflakes... wait, what?

      Bob,

      I quite agree about MS rifling through the OneDrive files and comms... but there's more to this then porn... murder, violence, extreme child porn.

      I do believe there would be some serious mental trauma to anyone viewing it day in and day out. Seeing someone killed in the military is bad enough to push many people into PTSDland. Seeing kids taking the hit is worse, IMO. It's certainly not a job I'd want and I am a combat veteran (Vietnam) who saw my share but not day in and day out like these guys.

      1. Vimes

        Re: poor widdle snowflakes... wait, what? @Mark 85

        Forget for a moment the claimed reason for going through private content. 'For the children' has to be one of the most widely abused excuses out there.

        What is their LEGAL justification here for invading privacy?

        The stated law doesn't appear to imply any requirement to actively scan content. Assuming for a moment that I haven't missed anything then however traumatising this task may be it still doesn't tell us by what right they're doing this or what legal requirement they're relying upon to justify this.

      2. Anonymous Coward
        Anonymous Coward

        Re: poor widdle snowflakes... wait, what?

        @Mark 85

        We see violence and murder, extreme murder on a daily basis. (TV Film Books) Nobody has been traumatised. Looking at a picture of upsetting scenes may upset you or even turn your stomach but to induce trauma is not possible. I've been traumatised by a series of events and isolation. I could not function and talking about it was impossible. You just froze. I want to see a picture that causes that. It would be worth millions and better than any drug.

        Anyone who puts private pictures on a cloud that is not zipped up with a strong password is a fool. M$ already tell you they look at files on your PC and key-log you, so I guess they will already know any passwords they encounter. Just avoid using M$ stuff.

        1. Triggerfish

          Re: poor widdle snowflakes... wait, what? @AC

          We see violence and murder, extreme murder on a daily basis. (TV Film Books) Nobody has been traumatised.

          You do realise that A; The stuff you see in the media is heavily heavily censored because they do not want to updet people. B. Trauma is subjective and your view on it is not the only experience people have had so is not a base line measurement.

          1. joeaverage

            Re: poor widdle snowflakes... wait, what? @AC

            And the knowledge that the victim of the violence in a picture or video is REAL (or WAS real) - and you have no way of helping them. Their sounds of misery and terror are REAL.

            That is a very different thing from the latest cop show on TV with fictional crimes. I don't watch them any more either b/c I don't think it is healthy for a well adjusted person to subject themselves to thoughts like that week after week.

        2. Anonymous Coward
          Anonymous Coward

          Re: poor widdle snowflakes... wait, what?

          "We see violence and murder, extreme murder on a daily basis. (TV Film Books) Nobody has been traumatised."

          That sir/madam, is bullshit.

          #1, there are well documented cases of people being traumatised, just because _you_ haven't doesn't mean nobody has.

          #2, what you describe is fiction, and subconsciously has a different effect due to you knowing it's not real. Viewing a picture/video/whatever and knowing it's 100% real and that the suffering isn't fiction definitely fucks with you.

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            Re: poor widdle snowflakes... wait, what?

            "#2, what you describe is fiction, and subconsciously has a different effect due to you knowing it's not real. Viewing a picture/video/whatever and knowing it's 100% real and that the suffering isn't fiction definitely fucks with you."

            So you saying all that shit with wars and so on shown to us on the nightly news is fake? Always knew western media was bull but didn't realise all those shelling of innocent people and so on was all fake.

            There is a lot of real stuff people can witness. Not just on news media but places like youtube. Lots of people watched a black woman on facebook while her boyfriend was bleeding out in the car beside her after a cop shot him last year.

            You are right in saying that some people can be traumatised by these things, but it is a lot rarer than you may think, and I doubt someone who truly was traumatised would want it dragged through the courts and the media, they'd want to bury it, not remember and retell it several times and have their neighbours wondering about them and if they'll be safe around their kids after having seen that.

            1. Trevor_Pott Gold badge

              Re: poor widdle snowflakes... wait, what?

              Big difference between watching some grainy TV bomb video from a get at 40k feet bomb some truck and watching a 9 year old girl get gang raped and then burned to death with acid. Especially if she's the first of hundreds. That day.

              Humans are awful, and it is quite clear you've live so sanitized a life that you haven't the first clue exactly how awful it is that we get. ...or how that affects non-sociopaths.

              But you're right about one thing, unintentional that it is. A lot of people would be shocked to realize just how common sociopaths really are.

              1. This post has been deleted by its author

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like