The IPI global network is alarmed by tech company Apple’s recent decision to introduce a new client-side scanning feature on its devices. While the system is designed to catch cases of child sexual abuse through iCloud and iMessage, it risks being used beyond this original scope and triggering a global chain reaction of inceased surveillance that would affect journalists. On July 5, Apple announced it will implement the feature in the U.S. on an iOS update later this year.
The new system will detect images uploaded to iCloud classified as Child Sexual Abuse Material (CSAM) using a process called hashing, which transforms pictures into unique numbers and compares them to the existing database of CSAM classified images by the National Center for Missing and Exploited Children (NCMEC). If more than a threshold number of matches are found, an Apple reviewer will be able decrypt and access the flagged images. Under U.S. law Apple is obligated to report such findings to the authorities.
Another feature of the system update is an optional parental-control tool which scans messages sent and received on the iPhone’s Messages app for explicit images. If the child chooses to view or send images flagged as explicit content, the child’s parents will be informed of the possible exchange of nude photos. A third change consists of updates to the search apps on iPhones. Siri and Search will intervene when people try to make CSAM-related searches.
An open letter on August 19 signed by more than 90 civil society organizations urged Apple to withdraw the scanning feature. “Apple will have laid the foundation for censorship, surveillance and persecution on a global basis”, the statement said. Many privacy advocates, such as the Electronic Frontier Foundation, are worried about how the system could be developed and expanded beyond its original scope.
Pandora’s box
However, Apple’s new surveillance tool doesn’t just open a Pandora’s box of risks for privacy. It also endangers press freedom. Journalists regularly store sensitive information on their phones and rely on secure methods of communication such as end-to-end encryption, in which only the sender and recipients have access to the information sent, to contact sources and colleagues.
Even though the CSAM message scanning program is currently limited to the United States, it is likely only a matter of time until other countries will want to utilize the backdoor Apple has created to scan encrypted material on the user’s device.
Child protection is undoubtably a serious global issue and understandably a priority for law enforcement. But in technical terms there is nothing to stop this kind of hash-based surveillance method from being used to monitor and report other types of content – including data and images collected by journalists that governments do not want seen. However narrow Apple’s initial application, its scanning tool opens the door to increased censorship and surveillance of critical journalists and their sources.
Apple’s new system update introduces a particular risk of misuse in the hands of authoritarian governments. But democratic countries such as India and Indonesia have already passed content censorship laws for which Apple’s tool could be used as an enforcement mechanism.
Apple has stated that it will not allow governments to add non-CSAM images to the hash list. On the other hand Apple’s CEO Tim Cook has previously said that the company follows the laws in each country it operates in. Governments could therefore pressure Apple – and other device manufacturers – into scanning different types of content, such as images of political protests, leaked data and content labelled “extremist”.
Apple’s actions may be well-intentioned. And it may well fight government efforts to undermine encryption and user privacy for illegitimate ends. But can it really guarantee that this new surveillance feature won’t be misused? Experience suggests that pressure from governments can be too great. Earlier this year, the company compromised its users’ private data in China by placing them on servers controlled by a state-owned firm and censored apps in the country under pressure from the Chinese government.
As seen with the misuse of Pegasus mobile surveillance tool, journalists are being targeted with spyware around the world and risk government surveillance and prosecution for their work. Apple, which has strongly touted its privacy credentials in the past, should not contribute to this risk. The company’s new scanning feature has the potential to harm press freedom and freedom of expression, in particular in countries where the rule of law does not protect independent journalism and other voices critical of the government. The IPI global network calls on Apple to withdraw these plans.