Experts detail flaws in Apple’s backdoor surveillance scheme, call it ‘dangerous technology’

A group of prominent cryptographers and other security experts wrote in a report published Friday that a scheme proposed by Apple to scan user’s digital storage repositories, conducting backdoor surveillance, ostensibly for evidence of child pornography and other illegal content, is a “dangerous technology” that cannot be implemented in a way that accomplishes the dual feat of preserving users’ privacy while also conducting mass surveillance.

iPhone backdoor

Jordan Robertson for Bloomberg News:

The 46-page report counts among its 14 authors pioneers in encryption software. It outlines, in detail, what the authors deem the numerous risks of a technique called “client-side scanning,” which was at the heart of a controversy that erupted when Cupertino, California-based Apple announced a plan in August to scan users’ iCloud Photos accounts for sexually explicit images of children and then report instances to relevant authorities. Apple later postponed those plans amid the backlash.

The authors of the new report wrote that the method “by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic,” citing the “multiple ways in which client-side scanning can fail, can be evaded and can be abused.”

“Plainly put, it is a dangerous technology,” the report stated.

Bugs in our Pockets: The Risks of Client-Side Scanning:

Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS)…

CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.

Its proponents want CSS to be installed on all devices, rather than installed covertly on the devices of suspects, or by court order on those of ex-offenders. But universal deployment threatens the security of law-abiding citizens as well as lawbreakers…

In reality, CSS is bulk in- tercept, albeit automated and distributed. As CSS gives government agencies access to private content, it must be treated like wiretapping. In jurisdictions where bulk intercept is prohibited, bulk CSS must be prohibited as well…

The fact that CSS is at least partly done on the client device is not, as its proponents claim, a security feature. Rather, it is a source of weakness. As most user devices have vulnerabilities, the surveillance and control capabilities provided by CSS can potentially be abused by many adversaries, from hostile state actors through criminals to users’ intimate partners. Moreover, the opacity of mobile operating systems makes it difficult to verify that CSS policies target only material whose illegality is uncontested…

The ability of citizens to freely use digital devices, to create and store content, and to communicate with others depends strongly on our ability to feel safe in doing so. The introduction of scanning on our personal devices—devices that keep information from to-do notes to texts and photos from loved ones—tears at the heart of privacy of individual citizens. Such bulk surveillance can result in a significant chilling effect on freedom of speech and, indeed, on democracy itself…

The proposal to preemptively scan all user devices for targeted content is far more insidious than earlier proposals for key escrow and exceptional access. Instead of having targeted capabilities such as to wiretap communications with a warrant and to perform forensics on seized devices, the agen- cies’ direction of travel is the bulk scanning of everyone’s private data, all the time, without warrant or suspicion. That crosses a red line.

MacDailyNews Take: As does this report, we’ve also been rather clear in our condemnation of Apple’s flawed scheme – really a bald-faced, hypocritical betrayal of the company’s espoused values and its loyal users – since the day this travesty was unveiled.

We do not believe that Apple’s management is stupid. Therefore, barring an unbelievably colossal lapse of judgment, the only logical answer as to why Tim Cook and his immediate underlings would destroy years and millions of dollars worth of privacy protections and marketing in one fell swoop is that, sadly, they’ve been compromised in some way.

Hopefully, if Apple has any sense whatsoever, is not hopelessly compromised, and can resist whatever pressure forced them into this ill-considered abject disloyalty to customers who value their privacy and security, the company will end – not just “postpone” – this disastrous scheme immediately and double-down on privacy by finally and immediately enabling end-to-end encryption of iCloud backups as a company which claims to be a champion of privacy would have done many years ago.

(Note to Apple’s misguided and/or compromised management: No, we’re not stopping. Do the right thing.)

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!


  1. That is my concern as well. How did they ever end up even considering this? It seems so alien to the culture that Apple created and nurtured. Here’s hoping we never hear of such a scheme again, from Apple or any other tech company.

    1. Because they are compromised, Tim and Co. have been coopted by an intel operation because Apple is arguably the most valuable access point to vast troves of intelligence anywhere. Its devices are in the hands, pockets, purses and briefcases of the most powerful, affluent and well-connected people in the world. Of course we will hear about this scheme again, it’s just a question of whether they squeak about it publicly or if users discover that the code has been implemented unannounced.

      1. Im surprised they announced it, maybe Apple believed they could spin this totally core ethic reversal as a “we are the world” moment… anyway i imagine Apple learned their lesson and the “postpone” is card trick diversion to get the unwashed to look away.

  2. If this scanning technology were available to the Nazi’s at the time, they would have used it to it’s fullest extent to round up not only ALL the Jewish people but homosexual’s and every other group deemed unnecessary. Careful of what you wish for, Tim.

    1. Bob,

      I totally agree but please, please dump the apostrophes. You only use them when you are in the possessive tense not for plural words. By way of example, the above use of the plural word “apostrophes” is correct. If you said the “Nazi’s persecution” then it is possessive and that’s (that is) when you can then use the apostrophe.

      Don’t get me wrong, I’m not trying to be pedantic it just bugs me when people mistakenly misuse the english language.

  3. the logical conclusion is this is a feature demanded by the CCP (China). Either the CCP is requiring this feature for its own population or more sinister its requiring it for all phones that apple produces in China. It would be very problematic for Apple to develop a totally separate iOS just for mainland surveillance. Just look at the recent history how Apple has bowed to all the request of the CCP in terms of App store censorship. it seems if Apple wants to maintain its core ethic of privacy is a human right then Apple will need to cut ties with the CCP including its market and manufacturing.

    Who wants to take bets that Apple’s morals run deeper than its addiction to 38% profit margin afforded by dealing with a criminal state.

  4. Remember when Tim said the could not build a back door into the OS and stood up to the FBI? Hmm what’s changed now. All I can think is China or our very own government.

  5. As a couple of posts above said, TC bowed down to CCP and incorporated this back door surveillance scheme into iPhone there. Maybe it was a server side scheme when Apple sold all servers in China with their contents in them, wow! OK, that’s not new for Cook’s Apple.
    Then, Congress stuck their nose into this and openly reprimanded Apple’s acts. Then a total silence. Did America realize that they too can encroach into everybody’s privacy by device side tricks? Is that why they are silent now on CCP question that they initiated with passion? Yes, FBI has been eager to get into iPhone, which most every Americans carry, for years and perhaps a hacker or two gave them ways to enter into somebody’s iPhone. But perhaps FBI wanted a wholesale and legitimized invasion into privacy of people living in the U.S. and made a deal with Apple in exchange of not pursuing the China deal. Plausible but I do not want to believe something like that is going on. With public uproar on CSAM stuff, Apple said they needed time to solve it. What problem to solve? What are they concocting now? Why can they not drop it now?
    The world is an interesting place, thanks to very trustworthy Tim Cook.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.