EFF: Apple must abandon, not just delay, its backdoor surveillance plans

The Electronic Frontier Foundation says that Apple’s plan to delay a controversial backdoor to scan users’ photo libraries, ostensibly for Child Sexual Abuse Material (CSAM), but which could easily be bastardized to scan for political images, words, etc., isn’t good enough.

Apple must abandon, not just delay, its backdoor surveillance plans, EFF says.

Jason Kelley for Electronic Frontier Foundation:

For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn’t want concerns about the phone-scanning features to steal the spotlight.

But we can’t let Apple’s disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road.

To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising. During Apple’s event, a plane circled the company’s headquarters carrying an impossible-to-miss message: Apple, don’t scan our phones! The evening before Apple’s event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as “confusion” about the new features.

Apple’s iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don’t support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple’s September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online. EFF, for its part, will be holding an event with various groups that work in this space to share research and concerns that Apple and other tech companies should find useful. While Apple tends to announce big features without warning, that practice is a dangerous one when it comes to making sweeping changes to technology as essential as secure messaging.

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that’s a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user’s communication. Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it’s an open question whether Apple will continue to be one of them.

MacDailyNews Take: Originally, Apple would use one database of hashes from the National Center for Missing and Exploited Children (NCMEC).

Then, after outcry, Apple changed that to “two or more child safety organizations operating in separate sovereign jurisdictions.”

Of course, Apple’s multi-country “safeguard” is no safeguard at all.

The Five Eyes (FVEY) is an intelligence alliance comprising the United States, Australia, Canada, New Zealand, and the United Kingdom. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.

The FVEY further expanded their surveillance capabilities during the course of the “war on terror,” with much emphasis placed on monitoring the World Wide Web. The former NSA contractor Edward Snowden described the Five Eyes as a “supra-national intelligence organization that does not answer to the known laws of its own countries.”

Documents leaked by Snowden in 2013 revealed that the FVEY has been spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.

Apple’s claim to scan only for CSAM was intended to be a trojan horse, introduced via the hackneyed Think of the Children™ ruse, that would be bastardized in secret for all sorts of surveillance under the guise of “safety” in the future.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. — Benjamin Franklin

The fact that Apple ever considered this travesty in the first place, much less announced and tried to implement it in the fashion they did, has damaged the company’s reputation for protecting user privacy immensely; perhaps irreparably.

Hopefully, if Apple has any sense whatsoever, is not hopelessly compromised, and can resist whatever pressure forced them into this ill-considered abject disloyalty to customers who value their privacy and security, the company will end this disastrous scheme promptly and double-down on privacy by finally and immediately enabling end-to-end encryption of iCloud backups as a company which claims to be a champion of privacy would have done many years ago.

(Note to Apple’s misguided and/or compromised management: No, we’re not stopping. Do the right thing.)