Why experts are worried about Apple’s plan to scan every picture on your iPhone
New features will be rolling out in the US later this year
How does Apple plan to scan iPhones for CSAM images?
A large set of features for CSAM scanning relies on fingerprinted images provided by theNational Center for Missing and Exploited Children (NCMEC).
Apple will scan your iCloud photos and watch them with the NCMEC database to detect if there are any CSAM images. Now, the company is not really doing this on the cloud, but it’s performing these actions on your device. It says that before an image is sent to the iCloud storage, the algorithm will perform a check against known CSAM hashes.
When a photo is uploaded to iCloud, Apple createsa cryptographic safety voucher that’s stored with it. The voucher contains detail to determine if the image matches against known CSAM hashes. Now, the tech giant won’t know about these details, unless the number of CSAM images on your iCloud account goes beyond a certain amount.
Keep in mind, that if you have iCloud sync off on your phone, the scanning won’t work.
For iMessage, Apple will perform a scan and blur CSAM images. Plus, when a child views such an image, parents will receive a notification about it, so they can take appropriate action.
If a child is trying to send such an image, they’ll be warned, and if they go ahead, a notification will be sent to parents.
It’s important to note that parental notification will only be sent if the child is under 13. Teens aged 13-17, will only get a warning notification on their own phones.
The company is also tweaking Siri and Search to provide additional CSAM-related resources for parents and children. Plus, if someone is performing CSAM related searches, Siri can intervene and give them a warning about the content.
What are experts worried about?
All of Apple’s features sound like they’re meant to help stop CSAM, and it looks like a good thing on paper.
However, digital rights organization Electronic Frontier Foundation (EFF) criticized Applein a postand noted that the company’s implementation opens up potential backdoors in an otherwise robust encryption system.
“To say that we are disappointed by Apple’s plans is an understatement,” EFF added. The organization pointed out that scanning for content using a pre-defined database could lead to dangerous use cases. For instance, in a country where homosexuality is a crime, the government “might require the classifier to be trained to restrict apparent LGBTQ+ content.”
Edward Snowden argued that Apple is rolling out a mass surveillance tool, and they can scan for anything on your phone tomorrow.
Matthew Green, a security professor at Johns Hopkins University, said that people who are controlling the list of images that are matched for scanning have too much power. Governments across the world have been asking various companies toprovidebackdoors to encrypted content. Green noted that Apple’s step “will break the dam — governments will demand it from everyone.”
If you want to read more about why people should be asking more questions, researcher David Theil has a thread onsexting detection. Plus, former Facebook CSO Alex Stamos, Stanford researcherRiana Pfefferkorn, along with Theil and Green has an hour-long discussion on Youtube on the topic.
Apple’s features for CSAMare coming later this year in updates to iOS 15, iPadOS 15, watchOS 8, and macOS Monterey. However, it’ll be in the company’s interest to address various concerns put forward by security researchers and legal experts.
The company has rallied around itsstrong stance on privacyfor years now. Now that the firm is under pressure for taking an allegedly anti-privacy step, it needs to hold discussions with experts and mend this system. Plus, Apple will have to be transparent about how these systems have performed.
We have had numerous examples of tech likefacial recognitiongoing wrong and innocent people being accused of crimes they never committed. We don’t need more of that.
Story byIvan Mehta
Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.“Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.
