Apple is reportedly working on a tool to detect child sexual abuse material (CSAM) by scanning photo libraries of iPhone users.
The crackdown on CSAM is a very real one and Apple intends to help by developing an identification system that pinpoints certain material on iPhone photo libraries.
The hashing algorithms used will detect whether an iPhone user’s library contains any flagged known CSAM, then a human reviewal will be made to determine if the flagged images genuinely match already known CSAM. The tech can bring a litany of misuse concerns, as this voyeurism into an iPhone user’s personal library could be marked as nonconsensual surveillance.
This hashing algorithm is used in other photodetection systems, similar to the ones you find in Captcha requests to prove “you are not a robot.” This is notably done on the client-side of the spectrum, which would scan the image before it is uploaded and encrypted by the cloud. Apple uses an end-to-end encryption model which assures its consumers the constitutional right to privacy, but photos uploaded to iCloud aren’t necessarily protected in this way.
This allows Apple to provide law enforcement with information they could need if a subpoena is issued. This is not uncommon for digital photo storing services. While these scans seem to only happen if you utilize Apple’s iCloud backup, without enabling the iCloud, the end-to-end encryption is still shatterproof.
Noteworthy Security Expert, Matthew Green raised his concerns over this new tech and hashing system via a Twitter thread that listed many possible problems.
The suggestion that this method of scanning could be utilized by governments to suppress their people and possibly surveil data is a real issue. The precedent of manufacturing this tool can set can be a problem the right to privacy can face in the near future. The current information provided does not emphasize whether the scanned information is only existing cloud images, or if it will scan new content also.
However, Apple has always utilized their user’s privacy as a top priority in the past, as they claim the data stored on only encrypted iPhone are no longer accessible to them if the data isn’t stored in their iCloud.