{"id":34479,"date":"2021-12-17T11:28:42","date_gmt":"2021-12-17T16:28:42","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=34479"},"modified":"2021-12-17T14:21:18","modified_gmt":"2021-12-17T19:21:18","slug":"apple-removes-references-to-controversial-csam-scanning-feature","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/12\/17\/apple-removes-references-to-controversial-csam-scanning-feature\/","title":{"rendered":"Apple Removes References to Controversial CSAM Scanning Feature"},"content":{"rendered":"

Tim Hardwick<\/a> (Hacker News<\/a>):<\/p>\n

\n

Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a> (tweet<\/a>):<\/p>\n

\n

I wouldn’t read too much into this. […] I think the CSAM fingerprinting, in some form, is still forthcoming, because I suspect Apple wants to change iCloud Photos storage to use end-to-end encryption. Concede for the moment that CSAM identification needs<\/em> to happen somewhere, for a large cloud service like iCloud. If that identification takes place server-side, then the service cannot<\/em> use E2E encryption — it can’t identify what it can’t decrypt. If the sync service does<\/em> use E2E encryption — which I’d love to see iCloud Photos do — then such matching has to take place on the device side. Doing that identification via fingerprinting against a database of known and vetted CSAM imagery is far more private than using machine learning.<\/p>\n

[…]<\/p>\n

Put another way, if governments, authoritarian or otherwise, were able to force Apple (or Google, or Microsoft) to add secret snooping features — like say finding photos of Tank Man on Chinese users’ devices and reporting them to the CCP — to our operating systems, the game is over.<\/p>\n<\/blockquote>\n\n

They don’t need to force Apple to do anything because Apple never sees the photos in the CSAM databases, only the fingerprints. They would need to compromise two of the databases and infiltrate Apple’s human reviewers.<\/p>\n\n

Jeff Johnson<\/a>:<\/p>\n

\n

You can already upload illegal photos to iCloud Drive, and have Apple host them, as long as you encrypt the files yourself first on disk. Nobody can do anything about that, including Apple.<\/p>\n

[…]<\/p>\n

It doesn’t seem like they’re even interested in catching criminals, because they already publicly announced you can “opt out” by simply not using iCloud Photos.<\/p>\n

Consequently, the real goal must be to trick everyone else into giving up their legal rights and their principles.<\/p>\n

And once the “opt out” allows all or most of the criminals to avoid getting caught, is this going to be a bait and switch where they say, “Well, we didn’t catch anyone, so we have to get rid of the opt out and scan everyone”?<\/p>\n<\/blockquote>\n\n

Or perhaps the real goal is to avoid wittingly hosting illegal photos. No one is going to blame Apple for hosting encrypted content that it can’t read.<\/p>\n\n

Jeff Johnson<\/a>:<\/p>\n

\n

There’s not even any reason why there can’t be end-to-end encrypted iCloud without scanning, either on device or on the server. It could have and should have happened already.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

I don’t disagree with you on (almost) any of this. But, politics is<\/em> a reason. I think Apple considers it politically unfeasible to do E2EE for photo syncing without throwing some sort of bone to the crowd who think civil liberties should not override CSAM concerns.<\/p>\n<\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

\n

Which crowd? I haven’t heard a single politician of either party even mention it. Not an issue in the public debate, until Apple made it one.<\/p>\n

The most important crowd ought to be the half billion Apple customers. Who weren’t clamoring for it either.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

Politics is hard because it’s such a soft science. You can’t prove anything. But here’s one optimistic spitball: maybe Apple tossed this CSAM proposal out, as a concession to the anti-CSAM die hards. It went over like a lead balloon. Now, they’re like fine, we’ll wait.<\/p>\n

[…]<\/p>\n

And so now they don’t say they’re going to do it, but don’t say they’re not going to do it either. They have political cover from both sides so long as it remains in limbo.<\/p>\n

[…]<\/p>\n

My read is that they know they fucked up by not designing all of iCloud to be E2EE like iMessages from the get-go. But feel like they can’t put that genie back in the bottle.<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n