A group of top cybersecurity experts has spoken against Apple’s plans to monitor images of child sexual abuse on iPhones claiming that it is a form of massive surveillance and should be halted.
In the spring of this year, Apple made public plans to launch client-side scanning, which would allow users to search individual devices in the iCloud photo library for child sexual exploitation material (CSAM). Images will be scanned with a method known as NeuralHash, compared to previously identified CSAM materials, and then reported to authorities.
These plans got delayed in the last month, and Apple declared that feedback from customers advocates, researchers, and other groups prompted the company to make enhancements.
There’s more information, and it’s from reliable sources that are difficult to dismiss. In a paper entitled Bugs inside our Pockets, The Dangers of Client-Side Scanning and cryptographic specialists Hal Abelson, Ross Anderson Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, and Carmela Troncoso say the technology has gone over the edge.
“In this report, we contend that CSS neither guarantees efficacious crime prevention nor prevents scrutiny,” they write.
“Indeed, the effect is the opposite. CSS, by nature, creates serious security and privacy risks for all society, while the assistance it can supply for law enforcement is at best problematic. There are so many ways in which client-side scanning can fail, can be evaded, and can be abused.”
The primary concern is the threat of abuse by dictatorial governments. Although Apple states that only CSAM or terrorist material will be flagged for investigation, the researchers aren’t sure.
“If device sellers are compelled to install remote surveillance, the requests will start to roll in. Who could be so cold-hearted as to argue against the system being extended to search for missing children?” says Ross Anderson, professor of safety engineering at the University of Cambridge.
“Then President Xi will want to understand who has pictures of the Dalai Lama, or men standing in front of tanks, and label lawyers will get court orders blocking whatever they claim infringes their clients’ rights.”
The EU is believed to be looking into the possibility of scanning devices as a component of an upcoming law regarding child protection. Researchers suggest that it is a national security prioritization to stop attempts to snoop on or influence the lawful citizens’.
They also point out that they point out that the Data Retention Directive has already been struck down on the basis that this type of surveillance, with no warrant of suspicion or warrant, was an unjust privacy violation even in the fight against terrorists.
The scanning of clients is also a problem, Researchers say.
“Instead of having chosen capabilities such as to wiretap communications with a warrant and to do forensics on blocked devices, the agencies’ direction of travel is the bulk scanning of everyone’s private data, all the time, without a warrant,” they write.
“That crosses a red line. Is it prudent to deploy compelling surveillance technology that could easily be extended to undermine basic freedoms?”
