[ This will be updated as the author has additional information to add it will always be a work in progress ]
I initially refer to this article by Frederic Lane about PhotoDNA, Computer forensics and the use of hash algorithms to detect contraband content on a person's computer.
I am not going to try to repeat the content since you, the viewer, can easily read it for yourself. I am writing some thoughts on the possible and real world dangers of these technologies as weighed againts the intended good.
The focus on this type of forensics, in particular Microsoft's PhotoDNA algorithms and it problems when mishandled by law enforcement.
No one can offer a moral complaint against the hunt for child pornography, however as in all things related to law enforcement, not everything is always done by the book and innocent persons can be caught up in a web of often irrational justice.
There has developed a clear danger with regard to applying this technology against P2P file sharing because, by it's nature, the parties involved are usually two private citizens who have a presumed constitutional right to privacy absent the issuance of a search warrant based on probably cause. If the probable cause is itself based on an illegal invasion of that privacy then any evidence thus used to obtain a warrant and all subsequent evidence may be thrown out of court.
We don't want to see that happen in valid CP cases of course. The problem is to make sure LE does a very thorough job of real time investigation to develop this initial probably cause because a wrongful accusation, even when it is later found to be unjustified, can destroy an innocent life for ever. You don't need to be convicted of a crime to have your life ruined by our justice system or the news media.
With regard to P2P networks the problem pointed out in the article is that while someone may initiate the download of a contraband photo, they can also cancel that download or otherwise loose the connection. But the hash value of that contraband was sent to their computer. Possession of the hash is not illegal, only possession of the actual downloaded file is illegal and many times the "suspect" can be accused and have their computers confiscated even though they may never have been in possession of a single illegal file.
When it comes to obtaining a warrant, LE should be able to demonstrate to the judge the ACTUAL not assumed possession took place. This won't always be easy but better one bad guy get away ( for today at least ) than a single innocent person has their life ruined by a false accusation. Police, Judges and the Media seldom offer a public apology for their errors.
Some of the other issues revolve around the methods LE may have used to obtain the initial "tip" regarding a suspect P2P transaction. How is this discovered in the first place unless someone somewhere is eavesdropping on your computer traffic. Will that party be named in a warrant and made available to defense? Sometimes not. It MUST be.
It is known that your ISP can snoop on anything entering and leaving your computer. If you are using a VPN or if what you transmit and receive is encrypted they are left in the dark.
Those who would do evil online know many of these tricks to hide so we feel we are not giving away any secrets to help them avoid detection. The dumb ones get caught and dilute the gene pool!
The privacy issue goes beyond the child porn issue. The same technology being used for this admirable goal has no safety built in to prevent it's expansion into other areas of privacy invasion. PhotoDNA can scan and report what the scanning computer "thinks" is illegal content to law enforcement. You have no barrier to protect your privacy. But what happens when the same technology is applied to copyright images? What if a greedy company who offers "free image hosting" tags everything you upload and then claims, through some fine print, that they now own your images and tag them so that if they appear some where else that person gets a cease and desist letter threaten legal action for re-posting their own image?
Remember, law enforcement is bound to respect the constitutional protections and obtain a warrant. A private company can hide in obscure fine print that you "agree to" in order to enjoy their service, only to find out you gave away your rights.
My problem is not with the technology, it is with the potential for abuse of these technologies in the future without some legal stipulations being place on those uses specifically to protect the privacy and security of individual citizens.
Those who are willing to give up privacy for security will have neither.