His arrest was the result of a tip from Microsoft after Microsoft found the alleged images and alerted the National Center for Missing and Exploited Children (NCMEC).
NCMEC verified that the images were not OK and alerted police, according to an affidavit of the arrest posted by The Smoking Gun.
As we've previously reported, if online service providers discover explicit images of children, they are required by law to report them to the NCMEC, legal experts say. But companies like Microsoft, Google, and Facebook are not required to scan their users' email and cloud accounts for such images. They've taken it upon themselves to do that.
Interestingly, they are using a technology co-developed by Microsoft in 2009 called PhotoDNA.
Not surprisingly, then, Microsoft makes it absolutely clear in its Terms of Service that it is scanning for this material:
In many cases Microsoft is alerted to violations of the Code of Conduct through customer complaints, but we also deploy automated technologies to detect child pornography or abusive behavior that might harm the system, our customers, or others.
Plus, the company tells Business Insider:
Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behavior that may harm our customers or others. In 2009, we helped develop PhotoDNA, a technology to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law.
Earlier this week we reported that a Houston man was arrested in a similar situation thanks to a tip from Google. Google spotted these alleged child abuse images in the man's email and also reported them to the NCMEC. The man was a registered sex offender, convicted of sexually assaulting a child in 1994.
Google later told Business Insider that except for child pornography, it was not scanning people's email to search for evidence of other crimes.
In fact, it is a lot harder for tech companies to scan for other crimes like plotting a burglary. In the case of child abuse photos, the NCMEC has a huge database of them, and each is tagged with a unique digital numerical fingerprint (known in tech circles as a "hash" or "hashtag.")
When a service provider finds a photo that matches one of those known hashtags, it forwards that as a tip to NCMEC. An innocent picture of your kids splashing around the bathtub wouldn't have a hashtag, and wouldn't trigger a report to the authorities.
Most people applaud the use of scanning technology to catch these sorts of criminals. Still, there is concern among privacy advocates that service providers could decide to scan your email or cloud for other reasons.
"There's nothing in their privacy policy that precludes them from doing that. Nothing in the law precludes them for doing that, as long as the user consents," Hanni Fakhoury, a staff lawyer for privacy watchdog organization the Electronic Frontier Foundation, told Business Insider.