Experts argue that Apple is clearing a path for governments to gain access to their citizens’ data–essentially an encryption backdoor.
A firestorm emerged on Friday and raged during the weekend over Apple’s new “Expanded Protections for Children,” a series of measures across Apple’s platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations.
The flashpoint for cryptographers, cybersecurity specialists, and privacy advocates is Apple’s planned use of “new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy.” The plan is to scan users’ photo libraries and then apply a new form of encryption to compare those photos to images from existing CSAM libraries.
The new cryptography applications in iOS and iPadOS would allow Apple to scan users’ entire photo libraries hunting for known CSAM images uploaded from their devices to iCloud Photos and then report these instances to the National Center for Missing and Exploited Children (NCMEC). Apple says, “the hashing technology, called NeuralHash, analyzes an image and converts it to a unique number specific to that image,” which allows systems “to perform on-device matching using a database of known CSAM image hashes provided by NCMEC and other child-safety organizations.”
“This is a really bad idea,” leading cryptographer Matthew Green tweeted at the start of a lengthy thread that sparked the now widespread uproar over Apple’s plan. The problem is that this system could be the tip of the spear that essentially provides an encryption backdoor that the US and other global authorities have sought since the 1990s. “This sort of tool can be a boon for finding child pornography in people’s phones, but imagine what it could do in the hands of an authoritarian government,” Green tweeted.
As the implications of what Apple is proposing became clear, over 4,000 security and privacy experts, cryptographers, researchers, professors, legal experts, and Apple customers signed An Open Letter Against Apple’s Privacy-Invasive Content Scanning Technology. The signatories, including NSA whistleblower Edward Snowden, contend that “Apple’s proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products.”
This article appeared in CSO Online. To read the rest of the article please visit here.