Hash-matching every upload: CSAM scanning as a content-surveillance vector

Dropbox proactively scans content for known child sexual abuse material (CSAM) using industry-standard image and video hash-matching, including Microsoft's PhotoDNA and Google's CSAI Match, run against hash lists supplied by the National Center for Missing and Exploited Children (NCMEC) and the Internet Watch Foundation (IWF). It applies this to content where it most often appears, including when files are added to Dropbox or shared, and additionally deploys a classifier to detect unhashed, novel CSAM. Confirmed matches are reviewed by Dropbox's safety team, the account is disabled, and a report is filed with NCMEC as US law requires.

This is a defensible and legally mandated safety program, and Dropbox publishes the resulting NCMEC submission counts in its Transparency Report. But it is worth naming plainly for what it is: a system that inspects the content of users' files on Dropbox's servers and, on a match, routes a report to a body that works hand-in-glove with law enforcement. The same capability that makes server-side encryption convenient — Dropbox can read your files — is what makes this scanning possible.

Security researchers have long noted that hash-matching infrastructure, once built, is a general-purpose content-detection vector: the hash list it checks against is a policy choice, and the precedent it sets is that uploaded files are continuously screened against a database the user cannot see.