Child safety features built to withstand snooping, says Apple
Premium- Apple's new child sexual abuse material (CSAM) detection features will flag images only if they appear on at least two global CSAM databases. This is meant to prevent any single government or law enforcement agency from manipulating CSAM databases to surveil users, the iPhone maker said
NEW DELHI: Tech giant Appleās new child sexual abuse material or CSAM detection features, announced on August 6, will have safeguards against governments trying to manipulate it. Specifically, the company said that the system will flag images only if they appear on at least two global CSAM databases. This is meant to prevent any single government or law enforcement agency from manipulating CSAM databases to surveil users.
Messaging giant WhatsAppās chief executive, Will Catchart, had raised concerns about governments manipulating the feature. Cathcart said that the system could āvery easily" allow the company to āscan private content for anything they or a government decides it wants to control". He pointed out that different countries will have different definitions of whatās acceptable via a series of tweets on August 7.
āApple generates the on-device perceptual CSAM hash database through an intersection of hashes provided by at least two child safety organizations operating in separate sovereign jurisdictionsāthat is, not under the control of the same government," the company said in a new technical paper released last night. āAny perceptual hashes appearing in only one participating child safety organizationās database, or only in databases from multiple agencies in a single sovereign jurisdiction, are discarded by this process, and not included in the encrypted CSAM database that Apple includes in the operating system," the paper, which is titled āSecurity Threat Model Review of Appleās Child Safety Featuresā, claims.
The iPhone maker, on August 6, announced two new automated features to improve child safety on its devices. The first sends a notification to parents who give their children supervised accounts on Appleās devices. The second is a CSAM detection software that matches images being uploaded to Appleās cloud service ā iCloud ā against government CSAM databases, flagging them to law enforcement if offending content is found.
In the technical paper, the company also noted that notifications are never sent to law enforcement directly. If the system flags an image as offensive, it then goes to Appleās human reviewers, who authenticate the alert and pass it onto the right child safety agencies in the concerned jurisdiction. The paper isnāt the only defense Apple has for its new systems, which have drawn criticism from multiple quarters.
āIf and only if you meet a threshold of something on the order of 30 known child pornographic images matching, only then does Apple know anything about your account and know anything about those images, and at that point, only knows about those images, not about any of your other images," Craig Federighi, Appleās senior vice president of software engineering, told The Wall Street Journal in an interview yesterday. āThis isnāt doing some analysis for; did you have a picture of your child in the bathtub? Or, for that matter, did you have a picture of some pornography of any other sort? This is literally only matching on the exact fingerprints of specific known child pornographic images," he added.
The companyās new child safety features have received flak from privacy bodies like the Electronic Frontier Foundation (EFF), which called it a backdoor into Appleās systems, something law enforcement and governments have long wanted. Whistleblower Edward Snowden also opposed the feature, as did other academics, politicians and even many of Appleās own employees.
At the same time, the feature has also been applauded by some, like US Senator Richard Blumenthal and UK Health Secretary Sajid David. An open letter from the Five Eyes countries, India and Japan in October 2020 had asked tech companies to find ways around end-to-end encryption, a technology that keeps outsiders from viewing content on users' devices, etc.
āIn light of these threats, there is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cybersecurity must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online," the letter said, citing terrorism and child sexual abuse as key areas of concerns.
