With that move I don't see how Apple will be able to refuse when a government asks it to scan for images of Whinnie the Pooh for example. They say they won't but they are too reliant on Foxconn's Chinese plants for manufacture, they could easily be blackmailed into compliance. (Android devices with a Chinese OS probably already report a wide array of stuff to the government)
This is another step towards total global surveillance of citizens. I don't see what can be done about it, technology makes it possible so it will happen, it is just too juicy for governments, they can't resist it.
What they built is a way of scanning things on your phone and reporting that to Apple. The chance of multiple governments not passing laws eventually to force this into scanning for whatever they wish is low. Previously to this Apple could have fought back on privacy terms but now its argument will be much weaker.
edit: It's also a model based scanner so they scan for types of things and similar things instead of explicit copies of things. Which makes it an even more powerful tool for governments than a simple direct scanner.
As I understand, government can't force a company to implement on device content scanning. However, once company creates such functionality voluntarily, they can make company to scan all sorts of things and lie about it.
The biggest concern about Apple’s system is that they are showing to all governments and everyone that it’s fine and good to scan for whatever on my device and report me to the government if they see fit, despite years prior refusing to implement backdoors or give access to someone’s device to the FBI.
They essentially invalidated all those claims and I can’t see how they’ll now be able to argue back if the US or the Chinas come to Apple saying they have to have more surveillance in their devices.
I disagree, strongly. Let's say you're authoritarian government EvilGov. Before this announcement, if you went to Apple and said "we want you to push this spyware to your iPhones", Apple would and could have easily pushed back both in the court of public opinion and the court of law.
Now though, Apple is already saying "We'll take this database of illegal image hashes provided by the government and use it to scan your phone." It's now quite trivial for a government to say "We don't have a special database of just CSAM, and a different database of just Winnie the Pooh memes. We just have one big DB of 'illegal images', and that's what we want you to use to scan the phones."
The governments always could do that, but then they'd be the target of the pushback, and there's already significant mistrust of governments wrt surveillance because of how it can be abused.
What we have now is Apple, with its "strong privacy" record, normalizing this. If it succeeds, it would be that much easier for the governments to tackle other stuff onto it. Or, say, lower the threshold needed to submit images for review. I can easily picture some senator ranting about how unacceptable it is that somebody with only 20 CSAM photos won't be flagged, and won't somebody please think of the children?
And yes, if it comes to that, Apple definitely cannot hold the line. After all, they already didn't hold it on encrypted cloud storage - and that wasn't even legally forced on them, merely "not recommended".
Yeah Apple would never do it. Best you can hope for is YOUR government doing this vs other governments to help protect you from foreign malware. If you own government has a poorly funded intelligence apparatus or is actually the one spying on you, you're out of luck.
Yeah, but they are already doing this for pointless things. They already use facial recognition on all the photos on your phone. That’s what I don’t understand. The only new thing is what they are looking for and their willingness to alert the authorities. The slippery slope argument that this will eventually be used by China to arrest journalists is scare tactics. We have zero evidence that Apple would allow such a thing to happen. And the only thing stopping them is Apple’s word. The fact that they are announcing this should actually give confidence that they aren’t doing it in the shadows for China. They didn’t have to say anything about this. The fact that they should give you confidence that they are respecting your rights, not evidence that they aren’t.
The twitter comments also mentioned scanning for political propaganda etc. This could work against Apple if normal folks don't want all their stuff scanned on behalf of unnamed agencies.
Yeah sorry, I was a little vague. I consider that willingness to comply as already having been compromised. And I think, to be fair, if companies like Apple are ever in the position of using technologies like this to track individual dissidents of an authoritarian regime, we are already royally screwed.
You keep saying they can scan for whatever they want but that’s not true, today, by Apple’s description.(which is all we have to go by and is what you are mad about)
Yes the government could order them to change the system. They could also order Apple to create the system in the first place without all the indirection, safety vouchers, human review, etc which make it inefficient as a direct surveillance tool.
I'm really surprised that they tried it in the first place. I'm sure governments want it (China would love to see your Winnie the Pooh meme stash), but Apple is pretty good at fighting the US government and should have felt 100% free to say "in the absence of a law that compels us to write software, which is unconstitutional btw, we're not doing it". They have done it many times, so it felt really out of character. There must have been some contract / favor they were going after, and the opportunity must have expired. (I'm sure some large department of the federal government has some shiny new Android phones today.)
It would be interesting to figure out the real story.
My favorite part of the whole saga is that leaked letter that said "the screeching voice of the minority" will kill the project. We did indeed, and I'm happy to screech again the next time the government wants a tool they can use to scan my phone without a search warrant.
Apple has not been ordered by the government to scan user's images.
Because the scanning is happening without a warrant, if the government compelled apple to perform the search the search would be illegal. It is only legal for Apple to perform this search because it is in no way compelled by the government.
The government cannot obtain a blanket warrant against everyone. This kind of dragnet scanning has to be voluntarily performed by a private party for it to be lawful.
By all means! please prove to us that the government secretly has ordered Apple and other companies to scan users private data: If you do so it will result in overturning tons of convictions due to the unlawful searches which were concealed due perjury by the government and tech companies who have consistently claimed that the scanning by the tech companies is completely voluntary in in their own self interest.
I feel like there's a third option here, though, in that Apple is very likely trying to get ahead of what's likely to be requests from the government that they won't be able to just not abide by. This already happens to every hosting and storage provider and it's entirely plausible that politicians will start publicly wringing their hands to try and justify an actual invasion of privacy where "the government" will be able to scan devices (and even require it from manufacturers) in the interest of "saving the children". This (and I realize it assumes good intentions on behalf of the actors involved) seems to be an attempt to get ahead of that kind of situation by saying "we'll scan things if we're 99% sure they're breaking the law" but we don't want to violate people's privacy. The iCloud vs Facebook comparison is great and noble and all but how long do we honestly think that'll stand up before the politicians move past that argument and onto the next one.
When it stops being about the children, it'll be about the terrorists. When it stops being about the terrorists, it'll be about whatever the next excuse is. This seems like a compromise between those unfortunate scenarios - upholding privacy (we don't see the content) while still attempting to solve for the problems that privacy inherently allows for (we can still identify CP).
There has to be some incentive somewhere for Apple to do this. They know it's wrong, they know it will be abused. Tim Cook himself, if he wasn't rich and powerful, would be executed in a number of countries that Apple operates in for his sexual/romantic identity.
Apple also removes LGBT based applications in countries where they're illigal, to continue doing business. This demonstrates that Apple complies with the demands of foreign governments, that they value money over anything else.
So Apple, a company that complies with governments committing human rights violations (Including the U.S), forces everyone to have an image scanner that looks through their private images and documents to find content Apple has deemed objectionable, with the sources of that content supposedly being from these governments.
FBI: Hey apple, here's some new hashes for images that are bad, let us know who has them. You just have to trust us, no way that we would ever put political imagery critical of the government in that database. But you can't prove it even if we did.
Remember, this is the FBI that flaunts federal court orders, breaks the law, and no one is ever held accountable.
https://youtu.be/oy3623YRsMk
My suspicion is that the FBI finally had enough of Apple not complying with their encryption standards and have done some work behind the scenes to make various individuals at Apple's lives difficult. So they're implementing this to appease the feds.
There was a thread on HN here not too long ago with the FBI stalking and threatening pentesters that wouldn't join them. No doubt they're doing the same to big companies that are making their "jobs" harder.
I would suspect because governments repeatedly want this surveillance and as the GP comment correctly pointed out, this gives governments what they want while Apple sits on the side and acts innocent.
Given pressure from governments for this type of surveillance is, i think, well agreed upon - Apple giving in while avoiding direct responsibility seems quite the incentive in my view.
What sort of warrant process would Apple need to allow for with say, the Chinese government wanting to pull information out of a foreign national's device who is visiting the country? Or for that matter, is not visiting the country?
The problem is political, not technical. Apple can't be a fair intermediary for all the various governments and police departments of the world, so they use technology to cede control.
This is another step towards total global surveillance of citizens. I don't see what can be done about it, technology makes it possible so it will happen, it is just too juicy for governments, they can't resist it.
reply