Apple on Friday said it would delay a controversial backdoor to scan users’ photo libraries, ostensibly for Child Sexual Abuse Material (CSAM), but which could easily be bastardized to scan for political images, words, etc.
Apple’s statement added to its website on Friday: Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.
MacDailyNews Take: And others.
Apple immediately stirred controversy after announcing its system for checking users’ devices for illegal child sex abuse material, or CSAM. Critics pointed out that the system, which can check images stored in an iCloud account against a database of known CSAM imagery, was at odds with Apple’s messaging around its customers’ privacy.
MacDailyNews Take: Prior to this delay, and after the initial revelation of the ill-considered plan to install a backdoor into users’ devices without their permission, Apple claimed there was no issue, as they changed the scheme to use databases of image hashes provided by multiple countries to make sure they matched — ostensibly to ensure that hashes looking for things other than CSAM, such as political signs, certain words in images (including screenshots), etc. could not be introduced.
Of course, Apple’s multi-country “safeguard” was a meaningless joke.
The Five Eyes (FVEY) is an intelligence alliance comprising the United States, Australia, Canada, New Zealand, and the United Kingdom. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.
The FVEY further expanded their surveillance capabilities during the course of the “war on terror,” with much emphasis placed on monitoring the World Wide Web. The former NSA contractor Edward Snowden described the Five Eyes as a “supra-national intelligence organization that does not answer to the known laws of its own countries.”
Documents leaked by Snowden in 2013 revealed that the FVEY has been spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.
Apple’s claim to scan only for CSAM was always bullshit. It was intended to be a trojan horse, introduced via the Think of the Children™ ruse, that would be bastardized in secret for all sorts of surveillance under the guise of “safety” in the future.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. — Benjamin Franklin
The fact that Apple ever considered this travesty in the first place, much less announced and tried to implement it in the fashion they did, has damaged the company’s reputation for protecting user privacy immensely; perhaps irreparably.
Hopefully, if Apple has any sense whatsoever, the company will delay this disaster for infinity.
(9:47am PDT: Fixed misspelling. Thanks, DA.)
V I C T O R Y ! ! !
As long as Apple doesn’t simply introduce this crap silently at a later date.
They only said they will DELAY it. Why? Because the next “iPhone Supercycle!” is about to start and they want to sell another 200 million devices. THEN they’ll shove the surveillance in with an update you can’t opt out of. Fool if you think this is a victory, it’s a misdirection. And shame on MDN if you start pumping the new iPhone now when obviously Apple will implement this, probably spinning it with some new “oversight” and “failsafes”. It’ll happen within 3-6 months, announcing it right before the new iPhone was just bad timing.
Posting the actions of “5-Eyes” and Snowden’s related commentary, following Apple’s association with CSAM’s tech, creates a false narrative?
Though Apple’s decision riles me greatly and I’m glad for their reconsideration, bringing in F-Eyes as directly relevant is full of speculation that feeds the boogie-man in all of us.
Maybe I’m wrong and there’s a connection someone can point to?
No “false narrative.”
It’s clearly explained above.
Originally Apple would use one database of hashes from the National Center for Missing and Exploited Children (NCMEC).
Then, after outcry, Apple changed that to “two or more child safety organizations operating in separate sovereign jurisdictions.”
That’s meaningless with FIVE separate sovereign jurisdictions cooperating, as Five Eyes could simply match their databases and fill them with hashes looking for political images, certain words, names, etc.
Read it again:
Prior to this delay, and after the initial revelation of the ill-considered plan to install a backdoor into users’ devices without their permission, Apple claimed there was no issue, as they changed the scheme to use databases of image hashes provided by multiple countries to make sure they matched — ostensibly to ensure that hashes looking for things other than CSAM, such as political signs, certain words in images (including screenshots), etc. could not be introduced.
Of course, Apple’s multi-country “safeguard” was a meaningless joke.
The Five Eyes (FVEY) is an intelligence alliance comprising the United States, Australia, Canada, New Zealand, and the United Kingdom. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.
The FVEY further expanded their surveillance capabilities during the course of the “war on terror,” with much emphasis placed on monitoring the World Wide Web. The former NSA contractor Edward Snowden described the Five Eyes as a “supra-national intelligence organization that does not answer to the known laws of its own countries.”
Documents leaked by Snowden in 2013 revealed that the FVEY has been spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.
This is key. The delay is something they used before as a tactic to get people to forget. What they need to do is get this crap off your device. If they scan stuff on iCloud on their own servers, no one will have a problem with that. But get this crap and tech off your device, otherwise it’s all bs.
This is important. Apple in the past has used this “delay” to get people to forget about an issue. This is all noise unless and until apple agrees to get this garbage off YOUR device. If they scan on iCloud on their servers, no one will question this. But it should be off your device. Anything less is bs.
Excellent job on this, MDN. You guys saw this for what it was from the second it was revealed and opposed it vigorously and consistently.
Thanks and congrats!
Hopefully Apple never does activate something as stupid as this.
Apple is looking like the Big Brother .
Excellent MDN-take, fully agree with it.
Lets hope that the postponement leads to annulment. But the PR-damage has already been done.
It took long enough, but Apple seems to finally be coming to a sad realization. Cancel or Allow?
Allow.
Haaa! The marketing staff does it again! This will not save the lunch of the new iPhone but it will temper the stockholders. Hopefully this news gets as many visibility as the initial controversial one.
Peace & privacy
Yes, Apple is indeed now irreparably damaged. Even if canceled, everything has changed.
Apple makes a vague statement, but they’ll ultimately implement it under pressure of whatever 3-letter organization is forcing this on them. In the end, the only way for Apple to do this properly is scan iCloud content and leave the devices alone.
Very glad Apple did this, of course. Huge win. Good job MDN. However, my view of the company has gone from raving fan who turned on many other people to Apple products, to one of skepticism and suspicion. I used to go to Apple stores and browse (and sometimes buy) just for fun. Now I wouldn’t set foot in one. How could they have even considered this? Something is very wrong in the company. I suspect that the newly hired “woke” employees finally gained enough clout to push the development agenda, while the Jobsian old guard like Cook, Shiller, Cue have lost energy and clout. They have gone from making “insanely great” products that improved the lives of their customers, to being totally “woke” and pursuing all sorts of social justice issues. A little of it we could take, but this is a bridge WAY too far.
There were voices on Twitter saying that Apple should have just done it quietly and I am concerned that this is exactly what will happen sometime when we are distracted. This announcement today has given users like me more breathing room to make changes. Am going to host my own cloud. Probably should have done this earlier. Quitting Apple TV, News, and Music. Of course, iCloud is toast and gone forever. I was loyal to these services because I was loyal to a company that I thought was loyal to its users. That delusion is over. There are other good services, too. Just have to put in the effort to make the changes. We used all Apple for personal and business. Both will be switching. I will soon be selling several devices; iPad, Apple TVs (have four!), and Time Capsules/routers. Samsung has some interesting phone options and you can root Pixel phones to load a privacy OS. Macs will be the hardest to switch away from, but I am now actively entertaining other options. If only Adobe or Affinity would release a Linux version. Still debating what to do with my vintage Mac collection… Maybe stuff from the Jobs era is still worth having just for the enjoyment of it.
Apple should introduce this feature as soon as possible. There are too many bad actors out there that needing locking up. Apple already scans your photo library to present you with Memories.
You’re wrong.
Learn some Chinese, you’d make a great replacement for Xi Jinping someday.
“Mass surveillance is not an acceptable crime-fighting strategy, no matter how well-intentioned the spying.” – Electronic Frontier Foundation
This feature already exists server-side on Apple’s iCloud including the reporting, so moving that to client-side on your property including a hash database does not improve on locking up bad actors at all. That needle does not move one bit.
What does happen is that a database is put on your property that checks your images against that, and flags them when there is a match. And then ultimately reports when uploaded to iCloud. You have no way of truly knowing the integrity of that database or who all gets those reports. Governments and secret agencies or other third parties can then compel Apple by law to keep moving the goalposts, if needed unbeknown to you.
It all boils down to Trust Us Bro, and it is up to each one to make a choice there.
I’ve been a diehard Apple fan since 2005, but this last year I’ve been moving away from Apple.
I went from someone who had a MacBook Pro (2012) with 16ram, Apple TV with TV+, HomePod, Apple Watch, Apple Music, iCloud, iPhone 11, iPad Air 2 to having just the MacBook Pro and iPhone 11. I realised I had trapped myself in the ecosystem and slowly sold the devices or unsubscribed services one by one.
I’m glad I did. Apple isn’t the company it once was. It used to be the underdog fighting big tech. Now Apple is the big tech. The only issue is knowing which company to trust next. I’ll probably not replace my MacBook Pro but iPhone? Rather that than an android device. I don’t trust Google either.
Just remember that they are able to do it and enforce it. They are the IT department.
“Personal Computers” my ass!
Some people on MDN called out iOS as a thin client system that betrayed user device control a decade ago. MDN and the peanut gallery shouted them down and hurled personal insults, telling those insightful individuals to go away. They all claimed that benevolent Apple’s walled garden perfectly protected them from the boogeymen on the interwebs while offering no personal intrusion or inconvenience. They bought the marketing without bothering to look at the facts.
Did the user hold the encryption keys to the user data Apple saved on Google or AWS or Azure servers? Was that data integrity or privacy guaranteed? Did Apple ever tell you how it scanned your photos or tracked your location and app usage at all times? Did all developers ensure security, at least the ones Apple arbitrarily decided to allow onto its store? No, MDN didn’t bother to look that hard at any issues of privacy, end user bill of rights, or developers’ equal access to the store.
How interesting that these critics of Apple have been proven correct and MDN is now trying to reinvent itself as a major anti-Apple political rag that seldom if ever discusses Macs.
Neither IOS nor Android devices have ever been personal computers in any way. They have always tied users to cloud services without giving the user ability to control anything substantial. Unfortunately SaaS business models are en vogue so expect Apple as they join every other software house in forcing subscription mandatory thin client systems in the near future too. You have no way of knowing where your files are nor who gets to snoop them. Your data has never been 100% private on these cloud platforms. The user agreement fine print said as much. It only took MDN a decade to figure out it out.
Yes, “delay” and then DELETE this stupid “upgrade” !!! As has been pointed out… “(Apple) has damaged the company’s reputation for protecting user privacy immensely; perhaps irreparably.” It makes me sad that I’ve not done the last two updates (iOS and MacOS) because Apple has already planted seeds of doubt. For shame … 🙁