Security News > 2021 > August > Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy
Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts to warn parents of sexually explicit photos in the messaging platform.
What's more, Apple is expected to use another cryptographic principle called threshold secret sharing that allows it to "Interpret" the contents if an iCloud Photos account crosses a threshold of known child abuse imagery, following which the content is manually reviewed to confirm there is a match, and if so, disable the user's account, report the material to NCMEC, and pass it on to law enforcement.
Apple's CSAM initiative has prompted security researchers to express anxieties that it could suffer from a mission creep and be expanded to detect other kinds of content that could have political and safety implications, or even frame innocent individuals by sending them harmless but malicious images designed to appear as matches for child porn.
U.S. whistle-blower Edward Snowden tweeted that, despite the project's good intentions, what Apple is rolling out is "Mass surveillance," while Johns Hopkins University cryptography professor and security expert Matthew Green said, "The problem is that encryption is a powerful tool that provides privacy, and you can't really have strong privacy while also surveilling every image anyone sends."
Apple already checks iCloud files and images sent over email against known child abuse imagery, as do tech giants like Google, Twitter, Microsoft, Facebook, and Dropbox, who employ similar image hashing methods to look for and flag potential abuse material, but Apple's attempt to walk a privacy tightrope could renew debates about weakening encryption, escalating a long-running tug of war over privacy and policing in the digital age.
In December 2020, Facebook was forced to switch off some of its child abuse detection tools in Europe in response to recent changes to the European commission's e-privacy directive that effectively ban automated systems scanning for child sexual abuse images and other illegal content without users' explicit consent.