Yes that is what I am saying. Why wait until 30 flags? If this is so perfect as you are all saying, the FIRST occurrence of this should get flagged to the authorities because it CAN'T make false positives. You all are saying how perfect this system is and our concerns are "ridiculous" but then why not just set the threshold at 1 then? The presence of a threshold system and Apple's own words about a very rare false positive chance proves our concerns. That is the entire definition of a false positive.
I’m not sure what you’re leading towards here. It sounds like what you’re saying is that we shouldn’t stop people who have 30 strikes against them because our technique isn’t sensitive enough to detect only one?
No detection technique is perfect. Perfect doesn’t exist. What you have is a trade off between sensitivity and false alarms. You could make the system sensitive enough that it picks up every individual CSAM image everywhere, but the trade off is that you’ll have a ton of false alarms that consume a lot of human resources and undermine trust in the system.
Instead Apple makes it less sensitive to violations and drove their expected false alarm rate to 1 false alarm in 1,000,000,000,000
accounts. And they structured it so that even if the system flags an account the government isn’t involved until Apple has verified the match. The accounts, their contents, the hashes, the derivative images and the detection count is encrypted to everyone, including Apple, until there are 30th hash violations with together form the key to unlock the cryptographic chain.
I have. The person I replied to EVEN PROVED what I found. A car and a dog matched. And they aren't even visually similar!
When the 30th hash fails, Apple can unlock the hashes and derivative images. A human can then look, not at the actual images themselves, but some unexplained derivative of them. They see it’s a car, not a known image of a child abuse, and do not mark the account as in violation. The fact that matching images are likely to be so very different from each other makes the rejection of false positives easier.
So the point here isn’t to look at the false positive rate of the steps, but of the system. I don’t know the false positive rate of each hash but it’s higher than it would be for 30 hashes. The false positive rate of 30 hashes is said to be 1 in a trillion. Once you bring a human into the final verification then false positive rate will be much lower than 1 in a trillion, it will likely be, for all intents and purposes, zero. If the system begins to show an unexpected sensitivity, then increase the hash length, increase the false positive count, better train the humans.
And it's probably good that my ignorance is showing because I have NO CLUE what these images look like. My main concern is I know people that are in a consenting relationship and are adults that share images. But some bodies are different. And CSAM probably includes some "mature" looking 16/17 year olds posing and some "younger" looking 22-25 year olds could have matching bodies that would get flagged POSSIBLY.
You don’t need to know what these images look like to understand the concepts that’s why I referred to a dataset of dogs. I’m actually quite uncomfortable even typing about the kinds of content these images contain.
Anyway, just think of it as looking for a few specific images of dogs that have been circulating on the internet. Not any picture of the species, or even those exact dogs, but specific pictures of those specific dogs. It’s not looking for a kind of image, it’s not looking for particular poses or scenes, it is looking for specific images.
When the neural net is trained, it’s trained for the images they’re looking for and it is trained against images it is not looking for. So the network will get trained against general pornography so that those images don’t trigger the system.
Then why even have a manual review process then if it absolutely cannot flag false positives? If you get one hit you should go to jail....right? If you say no, then there is a chance of false positives. Which by definition means content in question doesn't match the database.
I think you mean false negatives here, but yes that’s the trade off Apple was willing to make. You could get away with up to 29 illegal images on your phone, and that number was public.
One illegal image should be enough to put someone away, but the system isn’t discriminative enough to pull that off without trading off other things we care about. So the idea was catch the biggest monsters, or more likely find the image caches that people are distributing.