Apple plan to scan users’ iCloud photos raises new…

Experts argue that Apple is clearing a path for governments to gain access to their citizens’ data–essentially an encryption backdoor.

A firestorm emerged on Friday and raged during the weekend over Apple’s new “Expanded Protections for Children,” a series of measures across Apple’s platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations.

The flashpoint for cryptographers, cybersecurity specialists, and privacy advocates is Apple’s planned use of “new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy.” The plan is to scan users’ photo libraries and then apply a new form of encryption to compare those photos to images from existing CSAM libraries.

The new cryptography applications in iOS and iPadOS would allow Apple to scan users’ entire photo libraries hunting for known CSAM images uploaded from their devices to iCloud Photos and then report these instances to the National Center for Missing and Exploited Children (NCMEC). Apple says, “the hashing technology, called NeuralHash, analyzes an image and converts it to a unique number specific to that image,” which allows systems “to perform on-device matching using a database of known CSAM image hashes provided by NCMEC and other child-safety organizations.”

“This is a really bad idea,” leading cryptographer Matthew Green tweeted at the start of a lengthy thread that sparked the now widespread uproar over Apple’s plan. The problem is that this system could be the tip of the spear that essentially provides an encryption backdoor that the US and other global authorities have sought since the 1990s. “This sort of tool can be a boon for finding child pornography in people’s phones, but imagine what it could do in the hands of an authoritarian government,” Green tweeted.

As the implications of what Apple is proposing became clear, over 4,000 security and privacy experts, cryptographers, researchers, professors, legal experts, and Apple customers signed An Open Letter Against Apple’s Privacy-Invasive Content Scanning Technology. The signatories, including NSA whistleblower Edward Snowden, contend that “Apple’s proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by iMattSmart on Unsplash


CISA unveils Joint Cyber Defense Collaborative with tech heavyweights…

The new initiative aims to provide organizations with unprecedented levels of information and context with an initial focus on ransomware and incident response for cloud providers.

Jen Easterly, the freshly installed head of the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), unveiled yesterday a new federal initiative called the Joint Cyber Defense Collaborative (JCDC) which has been structured to help lead the development of the country’s cyber defense plans. The JCDC aims to bring together the public and private sectors in a joint planning capacity to tackle cyber readiness and threats.

CISA’s announcement of the JCDC states that it will “bring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated execution of these plans.”  The hope is that the plans will “promote national resilience by coordinating actions to identify, protect against, detect, and respond to malicious cyber activity targeting US critical infrastructure or national interests.”

The West Point-trained Easterly has a long career in the government, having served in the military, at US Cyber Command and the National Security Agency (NSA), and as senior director for counterterrorism on the National Security Council during the Obama administration. She also served a stint as head of global cybersecurity at Morgan Stanley. Speaking at the Black Hat conference, she appealed to the industry to help CISA refine the JCDC’s products to be more valuable and helpful.

Easterly relied on her military background to underscore the importance of planning in cybersecurity. “You got to plan in peacetime to prepare for wartime,” she said.

This article appeared in CSO Online. To read the rest of the article please visit here.