In years previous, take the San Bernadino shooter for instance, Apple argued in the court of law that creating backdoors or reversible encryption was insecure and also subject to exploits by malicious actors, and thus not reasonable and was "unreasonably burdensome". As well, they made the argument that compelling them to do write back doors also violated the first amendment.
It was most likely a winning strategy that the FBI actively avoided getting rulings on and found a workaround.
What apple is creating here is an avenue for the FBI/NSA/Alphabet agency to create a FISA warrant and NDL to mandate hits on anything. The argument its gotta be pre-icloud upload or subject to manual review or on some arbitrary threshold is something is just the marketing to get the public to accept it.
All of that can easily be ordered to be bypassed. So it can be a scan, single hit for x, report.
Ill take the downvotes, but if anything, someone more conspiracy minded could easily take this as a warrant canary. Given the backlash apple ahs faced and ignored, it doesnt make much good business sense for them not to back off unless they are
A) betting on it being a vocal minority to resorts to action (which is entirely possible, especially given the alternatives and technical hurdles to get to a suitable alternative)
B) Being pressured by governments now. (also entirely possible given their history with the FBI and previous investigations).
> What apple is creating here is an avenue for the FBI/NSA/Alphabet agency to create a FISA warrant and NDL to mandate hits on anything. The argument its gotta be pre-icloud upload or subject to manual review or on some arbitrary threshold is something is just the marketing to get the public to accept it.
Why would they make things even more complicated with limited access, since they can already access everything in cloud? Let’s leave out the argument for expanding scan to whole device. If that is what happens, then people start really discarding their phones.
Well for one scanning on-device lets them expand the amount of stuff they search for without an impact on their servers.
We can all assume they will eventually start scanning for more things than just photos only before they are sent to iCloud. It can easily and _silently_ be expanded to be any file on the phone.
Except that right now thy don't have a plausible reason to be scanning things, and any indication of something like that happening without prior expectation would be an even bigger deal than this is. Setting the expectation that this is acceptable is how you hide overstepping and abuse.
Just because my neighbor physically can run out and physically attack me every time he sees me exit my house isn't a valid defense of him running out and verbally abusing and threatening me every time I leave, not is it a valid excuse not to worry about it escalating to that.
We were talking about silent things here. So there is no prior expectation for them? Silently expanding scan for every file for example would count still overstepping similar way for the most of the people. Because that is abuse, and usually there is zero tolerance. Apple has avoided marks of the abuse in the past pretty well.
But anyway, Photos spotlight, Files app or Siri are already scanning you files and getting metadata. Metadata is even stored to iCloud to be able to keep sync process working. There are excuses if you want to make them.
> Except that right now thy don't have a plausible reason to be scanning things, and any indication of something like that happening without prior expectation would be an even bigger deal than this is. Setting the expectation that this is acceptable is how you hide overstepping and abuse.
How do we know Apple isn't doing this right now? How do we know if and when they do? Are people keeping track of everything the phone sends back to Apple's servers? Is it even possible any more?
Considering Apple doesn't let you have full access to the device, the phone could do anything, encrypt the message and send it. The only way I know would be by monitoring the traffic off-device on the network all the time, which means only while on Wifi. And that wouldn't give you content, only metadata, as by then it's encrypted and you don't have the key.
Because they dont have access to everything in the cloud.You dont have to use iCloud, or Siri, or Spotlight.
This was specifically addressed in the San Benadino and other cases. Apple gave the FBI everything in the cloud. FBI was looking for everything on the device.
What this change does is all a method, without an opt out option, for them to scan for anything on the device. Be it a string of text/keywords, or certain pictures of a place with certain metadata etc.
This is just speculation.
Current technical implementation limits scan only for images to be uploaded into cloud, which can be opted. If you don’t trust that, you can’t trust to use their devices right now either.
>Current technical implementation limits scan only for images to be uploaded into cloud, which can be opted.
That is conflating policy with a technical limitation. Their changes negate the technical discussion at this point.
Their POLICY is that it will only scan for images to be uploaded. They no longer have a *legal* argument to not comply with government requests for device scanning of any data now, since the framework is now included.
That is a big change in that regard. Whereas in the past there was a layer of trust that Apple would hold governments accountable and push back on behalf of a users privacy (and there is a very tangible history there), this implementation creates a gaping hole in that argument.
Actually it is not just POLICY. This scanning is build very deeeep in to the iCloud upload process. They need huge revamp for the system, and it seems intentional just because of this speculation. So we are in the same discussion whether this is implemented or not.
None of the tech documents point to this being the case. In fact in many of the articles I have read, it’s quite the opposite. Including the peer reviewed paper that had the dangers of such a program outlined in the conclusions. [1][2]
Do you have any sources here here to the contrary?
> This feature runs exclusively as part of the cloud storage pipeline for images being uploaded to iCloud Photos and cannot act on any other image content on the device. Accordingly, on devices and accounts where iCloud Photos is disabled, absolutely no images are perceptually hashed. There is therefore no comparison against the CSAM perceptual hash database, and no safety vouchers are generated, stored, or sent anywhere.
and
> Apple’s CSAM detection is a hybrid on-device/server pipeline. While the first phase of
the NeuralHash matching process runs on device, its output – a set of safety vouchers –
can only be interpreted by the second phase running on Apple’s iCloud Photos servers,
and only if a given account exceeds the threshold of matches.
We should also take account the way how blinding the hash works from CSAM paper[2]:
> However, the blinding step using the server-side secret is not possible
on device because it is unknown to the device. The goal is to run the final step on the server and finish the process on server. This ensures the device doesn’t know the result of the match, but it can encode the result of the on-device match process before uploading to the server.
What this means, that whole process is tied strictly to specific endpoint in the server.
To be able to match some other files from device into the server, these are also required to be uploaded into the server (PSI implementation forces it). And based on the pipeline description, upload of other files should not be possible. However, if it is and they suddenly change policy to expand to scan all files of your device, they will end-up into the same iCloud as other files, and you will notice them and you can't opt out from that with the current protocol. So they have to modify whole protocol to include only those images which are actually meant to be synced, and then scan all the files (which are then impossible to match on server side because of the how PSI protocol works).
If they create some other endpoint for files which are not supposed to end up into iCloud, they need store them in the cloud anyway, because of the PSI protocol. Otherwise, they have no possibility to detect matches.
It sounds like that this is pretty far away from just policy change away.
Many people have succumbed to populism as it benefits them, and it takes some knowledge and time to really understand the whole system, so I am not surprised that many keep talking, that it is just policy change away. Either way, we must trust everything what they say, or we can't trust a single feature they put on the devices.
I just want to say thanks for the links and taking the time to explain it. I think it’s pretty logical. I see your viewpoint and I think I need to take some more time to consider my stance (again…).
It was most likely a winning strategy that the FBI actively avoided getting rulings on and found a workaround.
What apple is creating here is an avenue for the FBI/NSA/Alphabet agency to create a FISA warrant and NDL to mandate hits on anything. The argument its gotta be pre-icloud upload or subject to manual review or on some arbitrary threshold is something is just the marketing to get the public to accept it.
All of that can easily be ordered to be bypassed. So it can be a scan, single hit for x, report.
Ill take the downvotes, but if anything, someone more conspiracy minded could easily take this as a warrant canary. Given the backlash apple ahs faced and ignored, it doesnt make much good business sense for them not to back off unless they are
A) betting on it being a vocal minority to resorts to action (which is entirely possible, especially given the alternatives and technical hurdles to get to a suitable alternative)
B) Being pressured by governments now. (also entirely possible given their history with the FBI and previous investigations).
[1] https://www.rpc.senate.gov/policy-papers/apple-and-the-san-b...
[2] https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...