Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


                Apple Explains Pullback from CSAM Photo-Scanning

   Adam Engst

   Two years ago, Apple first announced a photo-scanning technology aimed
   at detecting CSAM'child sexual abuse material'and then, after receiving
   widespread criticism, put those plans on hold. Read '[1]Apple Delays
   CSAM Detection Launch' (3 September 2021) for our last article, which
   links to the rest of our coverage. In December 2022, Apple told Wired
   that [2]those plans were dead, something I missed at the time, but gave
   no indication of why it was shelving its proposal.

   Now, in response to a child safety group, Apple has explained its
   reasoning, with Apple's Director of User Privacy and Child Safety Erik
   Neuenschwander writing:

     We decided to not proceed with the proposal for a hybrid
     client-server approach to CSAM detection for iCloud Photos from a
     few years ago, for a number of good reasons. After having consulted
     extensively with child safety advocates, human rights organizations,
     privacy and security technologists, and academics, and having
     considered scanning technology from virtually every angle, we
     concluded it was not practically possible to implement without
     ultimately imperiling the security and privacy of our users.

   [3]Wired's article includes a PDF of Neuenschwander's letter, which
   says Apple came to believe that scanning photos uploaded to iCloud
   Photos could potentially create new attack vectors, trigger a slippery
   slope of unintended consequences, and sweep innocent parties into
   'dystopian dragnets.' In this regard, Apple's messaging now lines up
   with its resistance to legislative proposals that seek back doors into
   end-to-end-encrypted messaging technologies.

   It's important to realize that although Apple speaks with a single
   voice when it makes public announcements, there are many voices within
   the company. Given Apple's uncharacteristically hamfisted job with the
   CSAM announcement, I suspect there was significant internal contention
   surrounding the CSAM proposal, especially given that fighting the
   horror of child sexual abuse and protecting user privacy are both
   highly laudable goals. But once criticism hit a certain level, those
   troubled by the possibility of scanning photos in iCloud Photos opening
   doors to digital thieves and government intelligence agencies gained
   ascendance in the debate.

   Neuenschwander said Apple is focusing its efforts on its Communication
   Safety technology:

     Communication Safety is designed to intervene and offer helpful
     resources to children when they receive or attempt to send messages
     that contain nudity. The goal is to disrupt grooming of children by
     making it harder for predators to normalize this behavior.

   In its next major operating system releases, Apple is expanding
   Communication Safety to cover video and photos, turning it on by
   default for all child accounts, and integrating it into AirDrop, the
   Photo picker, FaceTime video messages, and Contact Posters in the Phone
   app. Plus, Apple has opened the Communication Safety API up to
   independent developers so they can build such capabilities into other
   communication apps.

References

   1. https://tidbits.com/2021/09/03/apple-delays-csam-detection-launch/
   2. https://www.wired.com/story/apple-photo-scanning-csam-communication-safety-messages/
   3. https://www.wired.com/story/apple-csam-scanning-heat-initiative-letter/

.