I was wondering that how do storage solutions like S3 or Google Drive check whether their storage platform is being abused for the storage of malicious content?
e.g. if someone uploads a password protected zip file to their servers, I don't see a way on how they can verify it. For unencrypted files, I can understand some sort of file parser could work. But if someone uploads a password protected file, the only way to see/verify the contents is try to brute force your way into it (ignoring the moral obligations for the organisation to not do that).
So, how do these companies/solutions verify the kind of data that is being uploaded on their platforms?
There isn't technical solution, but on legal solution. They say: "We are only a service provider, not a content provider. We aren't responsible of the illegal use of our services".
This stand has been the same with Youtube, where you was able to upload content with copyright without issue with Google (but with the owner of the copyright). Now, it has changed and Youtube performed check, but it was the same legal principle.