Apple seems to get a lot of credit for opposing the former, but gets mocked when they say they would oppose the latter. But as far as I can tell, the legal argument is exactly the same for both situations: can the government compel Apple to add functionality that they do not want to add?
Apple’s plans seem creepy to me, but I have been less than impressed with the specificity of arguments against it. Most seem to stop at “what if the government forces them to expand it” without addressing exactly how, under current federal law, the government would do that.
For example, see this Twitter thread arguing that it would be very difficult for the feds to do that:
https://twitter.com/pwnallthethings/status/14248736290037022...
The government does break these laws to get what they want AND they silence the people that they force to break the laws.
Why are we pretending that anything has changed?
Why get mad at Apple if we have already conceded that they are powerless before the government in general?
It's not "the government". There are many governments around the world. What happens when China, Russia, or another country legislates using this technology for some other purpose. Those are big markets. Will Apple back out of them or give in?
They will give in, at least in China. They currently host all of their iCloud content in China on Chinese servers (and turn over encryption keys), they have banned all VPN apps from the Chinese app store, and they removed the Hong Kong protest app at the behest of the CCP. They will do whatever China tells them to, because, at least from their perspective, they have to. All their manufacturing is in China.
I can't even imagine an outcome where Apple doesn't start looking for pictures of tank man or anti-government images on Chinese citizen's phones. The Chinese government will hand them a list of hashes and say "these photos are illegal here, tell us whenever you find one". Maybe Apple will hold the line of "only photos uploaded to iCloud", but even then they just built the capability to scan everything on someone's phone, and the iCloud part is simply a switch that we have to hope they don't flip.
I'm trying not to be too hopelessly negative here but I can't believe Apple decided that encrypting iCloud backups is worth trading for a file scanner on your phone. What the fuck.
Is this meant as a rhetorical question? Because they are pretty different from both a technical and policy perspective.
Breaking encryption means the government can have access to everything without restriction. It also means there is a backdoor for others to discover.
This approach of matching signatures means that the government needs to have specific content it is looking to match. The government asks "does the device have this specific file" and Apple returns a yes or no. They can't do broad searches for unknown content. Apple also remains as the gatekeeper between its users and the government when it comes to extending the scanning.
We can still be against the latter while acknowledging that this isn't as scary a scenario as the former and therefore it isn't purely a legal question of which approach Apple would be more likely to accept.
Apple can’t search phones under the technology they announced, so the government can’t ask Apple for information about what is on people’s phones.
The government could only ask Apple to add hashes to an operating system that Apple runs. Structurally, this is the same as asking them to add functionality, which is what they objected to in 2016.
There is also a scope issue; if every iPhone has the same hash list, then the government is essentially fishing in everyone’s phone for a file. This is typically illegal. The government has to be specific about why they think a certain person/people have a piece of data before they can get a warrant to go get it.
Remember that (as the Twitter thread reminds us) the entire CSAM scanning effort is voluntary. The government is not forcing Apple to scan for CSAM, so how would they force Apple to scan for anything else?
search without reasonable cause is a violation of the 4th amendment and due process
The selling points of apple to me were to provide excellent hardware combined with excellent software, combined with a guarantee to protect my privacy.
The first point still holds true, the 2nd not so much anymore, and the 3rd was destroyed by the most recent move.
My stance will cause a ripple effect, I convinced quite a few people to use apple if they can afford it due to their general stance and their commitment to democratic values. Not all of them will listen if I now tell the opposite story, but most will. I hope Apple feels the effects of this decision in one of the upcoming stock-holder meetings.
Of course, I don't believe this helps against child abuse or any crime at all, in fact I believe the opposite effect happens: criminals probably know about moves like this one far earlier than the general public and react accordingly.
Apple knew a supplier was using child labor but took 3 years to fully cut ties[1].
> taking a stance against widespread anti-democratic tendencies.
"While US lawmakers have proposed legislation aimed on curbing American companies' ability to use forced Uyghur labor, Apple sought to weaken the bill, The New York Times reported last month."[1]
> caring about their profits by respecting their customers
"Cook argued that people choose iOS specifically so they won’t have to make risky decisions with sensitive data."[2]
But also,
"Apple takes flak for disputing iOS security"[3]
---
Apple has always been ripe with hypocrisy, It's astonishing to see people claiming the latest incident to be like the only blemish on its record.
If a lone developer from some village releases a software and makes a claim that its secure we'd rush to ask for source code, 3rd party security audit and what not; But if Apple asks for our trust because it's Apple, Why not the hardware is shiny right?
When did the premise for security shift from 'zero trust' to 'Apps open fast, So I'm fine with it'?
[1] https://www.businessinsider.com/apple-knowingly-used-child-l...
[2] https://www.theverge.com/2021/5/22/22448139/tim-cook-epic-fo...
[3] https://arstechnica.com/information-technology/2019/09/apple...
There are already cases linked in other comments where the same hash dataset has had valid hits, via Google-stored photos, iirc.
All your posturing is just that: posturing. As with so many things they offer via iCloud, Apple does offer non-cloud solutions for most things their devices do, and in such scenarios the data is not subjected to the things people often object to (hash scanning in this case, unencrypted iOS backups, etc etc).
As has been pointed out elsewhere this is not about breaking encryption or arbitrarily browsing through all your dick pics or whatever. It’s a compromise to be able to say that Apple is doing something with a reasonable expectation of effectiveness to combat child abuse materials, without needing to just give whichever prick inhabits the FBI directors chair an easy way to view everything you store in iCloud.
And as I said if you’re not happy with that compromise you can turn off iCloud photos, the same as you can turn off iCloud backups.
So, you can believe all you want about what criminals will or won’t do or about how smart they are or are not, and even about how much influence you have over other peoples buying decisions. Just remember though, believing something doesn’t necessarily mean you’re right.
> "However mobile OS's may now and then answer popular ends, they are likely in the course of time and things, to become potent engines, by which cunning, ambitious, and unprincipled men will be enabled to subvert the power of the people and to usurp for themselves the reins of government, destroying afterwards the very engines which have lifted them to unjust dominion." -- George Washington
>a man [was] arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect's Gmail account
https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-le...
In the case of a false positive, that information lives on Google's server where it can be subpoenaed and misused to incriminate you.
We've seen it before with location data.
>Innocent man, 23, sues Arizona police for $1.5million after being arrested for murder and jailed for six days when Google's GPS tracker wrongly placed him at the scene of the 2018 crime
https://www.dailymail.co.uk/news/article-7897319/Police-arre...
With Apple's system, a single false positive would never even leave the device. Multiple images have to be found to match known kiddie porn images before a human review is triggered.
With that one post, Apple and Tim earned trust from a group of people that trust very few. And in an instance, both Apple and Tim have now burned all of it.
I think I can see the issue pretty clearly here.
- Real harm is enabled with encryption. I get it.
- Back doors break encryption for everyone and don't stop encryption for bad guys.
Am I missing something?
https://techcrunch.com/2021/08/10/interview-apples-head-of-p...
Highlights:
Unlike Google, Microsoft, Facebook, and the rest Apple has not been scanning your online data (iCloud) for the past decade.
When this is turned on, only images you attempt upload to iCloud will be scanned.
If you turn off photo synching to iCloud, nothing will be scanned.
If photo scanning shows that many images on your device match known kiddie porn images (not just one), a human will review the data to make sure passing it on to the authorities is called for or if there have been multiple false positives.
If multiple images do not match known kiddie porn images, nothing happens.
They have already proven that.
I switched back from a Dell XPS 13 9350 running Ubuntu to a Macbook Air M1 quite recently.
- Lenovo laptops with Fedora preinstalled[1]
- Clevo and its HW customers: System76 and Tuxedo being the most notable ones (I think)
- Purism Librem 14
- Framework modular laptop[2]
Now I can’t help but wonder if this was all for show.
I don't agree with today's apple shift on encryption and disregard of privacy but we should also make sure not to hide the huge problematic that global interconnected networks have right now on vulnerable people, their lives and the lives of the ones around them.
be on guard against threat to privacy is important but maybe we should focus on finding solution for these problems too
