PRIVACY: It’s Been a Good Week for Keeping Bossy Busybodies From Spying on Your Phone
Tech giant Apple is standing firm on protecting customers’ privacy rights, even on one of the thorniest, hot-button issues — and that’s not the only good news this week on the privacy front.
Today’s issue is preventing the spread of child sexual abuse material (CSAM) from one encrypted device (like a pedo’s smartphone) to someone else’s. It’s a serious problem but one with no easy solution.
Apple had a couple of years ago planned to build CSAM-scanning software right into the iOS operating system that runs every iPhone. Had it been implemented, software known as client-side scanning would examine literally every photo on every updated iPhone in the world, including embedded location data. Privacy groups were aghast at the prospect. Had the scanner been built into iOS, there would have been nothing preventing it from scanning for anything the government might demand in one of its infamous secret warrants.
“Hi, Apple? This is Jerry from the FBI. Yeah, we’re going to need you to scan everybody’s photo libraries for MAGA hats near the Capitol building on or around January 6, 2021. And next month we’re going to have you start sending us location data from gun stores. Kthnxbi.”
Apple scrapped those plans last year. I kinda doubt that CEO Tim Cook was worried much about the MAGA folks, but a privacy win is a privacy win. This week, however, a new anti-CSAM group called Heat Initiative presented its demand that the company “detect, report, and remove” CSAM photos and videos from its cloud servers, according to an Ars Technica report. Going further, Heat Initiative also wants Apple to create even more CSAM reporting tools for users.
Apple is notoriously tight-lipped about its product plans, but child abuse is such a sensitive issue, and rightly so, that Cupertino had Erik Neuenschwander, its director of user privacy and child safety, respond publicly in a written statement:
Scanning every user’s privately stored iCloud data would create new threat vectors for data thieves to find and exploit… It would also inject the potential for a slippery slope of unintended consequences. Scanning for one type of content, for instance, opens the door for bulk surveillance and could create a desire to search other encrypted messaging systems across content types.
Indeed. This is the San Bernadino Shooter problem all over again but, fortunately, this time without the FBI providing additional pressure.
Apple took heat after the 2015 San Bernadino shooting when the company refused an FBI request to create a special digital tool to unlock the killer’s iPhone. The Bureau even threatened to get a court order to force Apple’s hand, but the iPhone maker had two solid arguments against the FBI. The first is that creating a back door into one iPhone weakened security for all users, including tens of millions of Americans. The second is that the Supreme Court ruled that compelling companies to create a new product violates the takings clause.
Sure enough, the FBI was able to crack the killer’s phone without Apple’s help. Cracking tools like the one made by Azimuth Security that the FBI ended up using aren’t exactly unknown, yet the FBI waged a public pressure campaign to force Apple to create a tool that could instantly break into anyone’s phone to gather any and all information.
Think about that for a moment. The FBI knew full well they didn’t need Apple’s help to break into one iPhone but tried to pressure and threaten the company into creating a backdoor into every iPhone. My MAGA hat and gun store scenarios don’t sound so wild now, do they?
There’s nothing new here, either. Way back in 1993, then-President Bill Clinton pushed for a so-called “Clipper chip” to be built into every computer and phone. Using an NSA cryptographic algorithm, Clipper would have opened up the hard drives and communications of every American to instant probing by every three-letter agency in Washington.
Heat Initiative reminds me a bit of Mothers Against Drunk Driving. When MADD was founded in 1980, drunk driving was a much bigger — and deadlier — problem than it is today. It wasn’t just that penalties were much lighter, but culturally it was much more acceptable to drive drunk. I’m just old enough to remember when it was still cool to brag how you still managed to drive home last night, “Even though I was SO WASTED, man.”
But having changed the laws and even the culture, now MADD is basically against anything fun. Like a government agency that has outlived its mission but not its budget, MADD is always on the lookout for new missions, getting involved in everything from video game parental ratings to installing mandatory breath alcohol ignition interlock devices on all new cars.
Heat Initiative is also in pursuit of a worthy cause. The only people in favor of CSAM are creeps in need of a long walk off a short plank in shark-infested waters. But like other single-focus organizations, Heat Initiative is blind to the cons that go along with their very big pro. That makes them too eager to give government snoops easy access to your most personal data.
Over on the other side of the pond, our British cousins can breathe a sigh (soigh?) of relief, too — at least for the moment. Parliament has been considering a bill, the UK Online Safety Bill, that would require built-in scanning software for every text message, including encrypted messages. But
citing technical concerns, Lord Parkinson, minister for Digital, Culture, Media, and Sport, says the government will drop enforcement of Clause 122 mandating government eavesdropping.
Presumably, enforcement will come into force just as soon as the technical obstacles are overcome. So my British friends shouldn’t pop the champagne corks just yet.