Thanks to a search warrant uncovered by Forbes, we now know for the first time how Apple checks and intercepts email and files stored on iCloud when instances of illegal material – such as child abuse images – are detected.
The warrant, filed in Seattle, Washington, this week, shows that despite reports of Apple being unhelpful in serious law enforcement cases, it’s being helpful in investigations. To be clear: Apple isn’t manually checking all of your emails. It uses what most other major tech companies like Facebook or Google use to detect child abuse imagery: hashes. Think of these hashes as signatures attached to previously-identified child abuse photos and videos. When Apple systems – not staff – see one of those hashes passing through the company’s servers, a flag will go up. The email or file containing the potentially illegal images will be quarantined for further inspection.
Once the threshold has been met, that’s enough for a tech company to contact the relevant authority, typically the National Center for Missing and Exploited Children (NCMEC)… But in Apple’s case, its staff are clearly being more helpful, first stopping emails containing abuse material from being sent. A staff member then looks at the content of the files and analyzes the emails. That’s according to a search warrant in which the investigating officer published an Apple employee’s comments on how they first detected “several images of suspected child pornography” being uploaded by an iCloud user and then looked at their emails…
MacDailyNews Take: We agree with Brewster that “as long as Apple employees are only looking into emails when abusive images are detected by its computing systems” there isn’t be much of a privacy issue here. After all, “Apple, like all tech companies, has to balance privacy with safety,” Brewster writes. The only problem we foresee is that one could conceivably use hashes to detect other types of content (think financial, political, etc.) and abuse user privacy. Not that we think Apple would do that, but unscrupulous data-hungry tech firms and government agencies certainly could, and likely already are, doing so with unencrypted “free” email and cloud storage services.