Apple Hit With $1.2B Lawsuit Over Abandoned CSAM Detection System

[atomic.flip]

I don’t think the lawsuit is broad enough. We should also be suing all the digital camera manufacturers and the developers of photo editing software.

Where do we begin and where does it end?

 

[HobeSoundDarryl]

It begins & ends where there is opportunity for a quick & good cash settlement. 💰💰💰

Remove the monetary prizes and court dockets would suddenly be significantly cut down, limited to crimes & judgements in which the prize is not money but jail time and some sense of justice being served.

 

[Ethosik]

This won’t solve anything unless they outright ban encryption as a whole. People just won’t use iCloud.

Part of the legal process will be if they are responsible for the damages. There is a difference between a platform like YouTube or X and something like iCloud. While someone can share iCloud data it’s not an inherently a platform for mass distribution. I’m not a lawyer but I work with many of them with my businesses. There is probably some legal link that could be made here but how would Apple be responsible for damages for someone’s personal iCloud data? As some of the posters have said, it’s like suing the ISP or camera maker too. Nearly just as equivalent.

This won’t solve anything. I want to see the ACT solve more than a random person getting an image. Address the source please I want this evil to stop. Consumers of horrible acts will just move to another platform or make their own unless encryption gets banned.

 

[Night Spring]

I don't believe they should - they aren't doing anything illegal. Those cases rely heavily on anti-second amendment right sentiment to force gun manufacturers to stop selling "assault weapons." By this logic, is the goal to stop Apple from selling devices with iCloud? If you want to ban high capacity weapons, then why not enforce a national ban and then the gun manufacturers wouldn't exist? And would an equivalent ban for Apple look like? No iPhones in CA or NY?

The problem with analogies to gun manufacturers getting sued for making and selling assault weapons is that assault weapons have only one purpose -- to kill. Therefore, it's much easier to argue that gun manufacturers are responsible when their products are used to kill people, because what else did they think they'll be used for? And btw, I do think assault weapons should be banned nationally.

But phones are multi-purpose devices, with making, storing and distributing child porn only one of its myriad uses. So it's much easier for Apple and other manufacturers to claim that it wasn't their intention that the devices would be used to facilitate child porn, and they shouldn't be held responsible if people use it for that.

 

[TheColtr]

If they can scan for one thing, they can scan for something else. I don't like child porn. Those who create it should be punished in the most extreme way possible. Those who view it should suffer a fate almost as bad. The problem is, I don't trust what the incoming administration will do with this technology. What will they force Apple to do? Will saying nasty things about the Dear Leader be a thought crime? If not in the upcoming administration, perhaps the next.

Note:
This is the political forum and my post is directly relevant to the question being discussed.

The issue isn’t even US only. Think about the rulers in the Middle East, in Russia, China, etc. On device scanning is a Pandora’s box we cannot let open.

 

[Skyscraperfan]

Those victims have no right to invade our privacy. With the same argument you could install a camera in every room of every house in order to prevent crime.

 

[drrich2]

The UK recently started imprisoning people for their social media posts. Would you believe it though? Inciting racial hatred is illegal in the UK. As is inciting riots, murder and other crimes.

I don't know the specifics of these posts, but you link 2 different things here. Riots and murder are acts. 'Racial hatred' is an opinion/belief/attitude mix, but it is not an act. In the U.S., you can hold whatever beliefs/opinions you wish, and you can express them. Many other people may consider you a morally deplorable idiot as a result of their beliefs/opinions, but it's not illegal to state your views.

It's kind of like the Holocaust denial thing. Seems nuts to me, but not illegal here.

 

[drrich2]

right to privacy is just an excuse when it comes to arguing against CSAM.

No. I disagree with some of your conclusions, but you raise some interesting points well worth discussing.

As soon as you connect to the internet, your service provider starts collecting masses amount of data. They know your location, they know what website you visited, they know what files you have downloaded, they log all your outgoing and incoming emails, EVERYTHING you do on the internet is captured and logged by your service provider and yet I never see people suing service providers on issues of privacy.

Mobile phone companies do the same, they log your location, all the websites you visit, all the app's you use, they log every instant message you send and receive, they log every incoming and outgoing email, they log your phone calls, who you called, the duration of the call and again no one sues the mobile phone companies for issues on privacy

There was a time in days of yore when 'long distance' calls weren't free, and phone companies mailed bills to people with call listings showing what they were being charged for. At times customers challenged some of these listings. The purpose was not to rat customers out to police for illegal activities or delete user content...it was to document what they were being billed for.

Internet Service Providers are generally not collecting data for the purpose of policing user content usage. I don't think their systems are routinely scanning looking to flag certain kinds of content.

They will let internet service providers and mobile phone providers hoover up every bit of personal information about a person they can and not a court case in site on privacy issues but as soon as a system is mooted about scanning people's photo's suddenly it's a case oh 'oh no, my privacy is being invaded, that cannot be allowed to happen'.

Now if the ISP system starts using A.I. to scan my incoming and outgoing e-mails and texts for objectionable (to some 3rd party) content and deleting my content or reporting me to the authorities (though I don't think I'm doing anything illegal), that's another story.

And quite a number of people are angry about automated, warrantless data collection by various online platforms.

 

[Devyn89]

Delete

 

[sentiblue]

How do we please entitled people here guys?

If Apple implemented CSAM, they would have undoubtedly been sued for privacy violation. They sensed that risk so they stopped it. Now, without implementing it, they get sue for even more money for "not helping".

 

[ForkHandles]

I don't know the specifics of these posts, but you link 2 different things here. Riots and murder are acts. 'Racial hatred' is an opinion/belief/attitude mix, but it is not an act. In the U.S., you can hold whatever beliefs/opinions you wish, and you can express them. Many other people may consider you a morally deplorable idiot as a result of their beliefs/opinions, but it's not illegal to state your views.

It's kind of like the Holocaust denial thing. Seems nuts to me, but not illegal here.

Beliefs are one thing I agree. Both uk and us systems have no penalties regardless of how crazy mean you are.

Incitement is different, America is no different to the UK in our prosecution of those that incite others to commit crimes. If I invite you to kill someone, then you do, I am guilty of a crime in the US, even if I never entered the United States.

You have a freedom of speech, just not complete freedom of consequence.

 

[drrich2]

How do we please entitled people here guys?

Your answer is 'the courts,' and it is a very bad answer for a number of reasons.

In the U.S., a common saying is that ignorance of the Law is no excuse when caught violating it. Understandable, and if that were as far as it went, likely the way things must be (never mind that the laws are so extensive virtually no one knows them all).

The problem is that activist types (and some on the political Left and Right are guilty of this) use the courts to achieve 'case law' precedents, what's called 'legislating from the bench,' in order to establish legally binding precedents and get their way without going through Congress.

Problem: that means you can be charged with something based on an unforeseen possible future interpretation of the law and amounts to new law, but if a judge and jury are sympathetic (and ethically lacking) enough, and you win, BAM!, new case law!

This means companies have to not only obey the Law, but obey future interpretations of the Law, which aren't very foreseeable so it becomes necessary to obey potential future interpretations of the Law, and despite your lack of reliable psychic prophesying resources, ignorance of the Law as it will unforeseeably be interpreted in the future is also no exclusive.

People who work in mental health often hear the name Tarasoff, dealing with a couple of cases related to alleged caregiver duty to protect 3rd parties from a patient. The 'Scopes Monkey Trial' over teaching evolution vs. creationism in U.S. public schools was an opportunistic move to use the courts to make changes.

The issue isn't what you think public policy should be on any of these topics (e.g.: whether Apple should or should not routinely scan private content on their services with no warrant). The issue is the courts are used to settle it, and the new 'case law' can then effectively rob the defendant of millions.

 

[Hogswarts]

Maybe add the police phone number to your spam list if they won't stop calling.

 

[drrich2]

Incitement is different, America is no different to the UK in our prosecution of those that incite others to commit crimes. If I invite you to kill someone, then you do, I am guilty of a crime in the US, even if I never entered the United States.

Agreed. From another forum, Quora, I've gotten the impression that a large influx of foreign immigrants from very different cultures has met opposition from what might be called 'traditional citizens' who see this as creating an inconvenient, disruptive burden on the host nation (them), and threatening the stability of the host country's native culture. There is the perception by some that some European governments are driven by more liberal/Leftist immigration enablers who are much more open to this, attempt to downplay the drawbacks of it.

Which ticks off some of the 'natives,' who express their displeasure. Since a number of these immigrants have common cosmetic differences (I'm guessing brown skin/Middle Eastern or African origin?), and may have religious differences (e.g.: Muslim), the natives' complaints can get written off by critics as racism, bigotry, Islamophobia, xenophobia, etc...

So if someone says law enforcement is going after social media posters for posting 'racial hatred,' I wonder what we're talking about. Neo-Nazis calling for gang violence against groups, or regular citizenry voicing strong opposition to the disruption of their communities and culture by a large influx of a different people group? You wrote:

Inciting racial hatred is illegal in the UK.

Inciting how? In the U.S., we have the Klu Klux Klan and white supremacists, widely regarded as hateful, bigoted nutcases, but they have free speech rights, freedom of assembly and can attempt to persuade others to share their views without breaking the law.

 

[acader]

The day one goes on the internet, 1/3 of the privacy is given up. The day any type of social media account is created, 2/3 of the privacy is given up. The day your profile photo goes up on the internet, your entire privacy is given up. All these privacy advocates, should focus their energies elsewhere.

 

[hans1972]

It wasn't the scanning of iCloud storage that was the issue (personally, I think they should be doing this), it was the on-device scanning that was the problem.

No, because the scanning locally only happened if you had iCloud Photo Library turned on and thus had all your photos in Apple's cloud anyway.

Here is how it worked:

1. Turn on iCloud Photo Library
2. Take photo
3. Device scans locally and could be reported
4. Photo sendt to iCloud

Your implementation:

1. Turn on iCloud Photo Library
2. Take photo
3. Photo sendt to iCloud
4. Apple scans centrally and could be reported

One problem was that lot's of people didn't understand the system.

In particular, people though it was a good system for finding photos of other things which were illegal in some countries when in fact the system was designed to be extremely bad for such as task.

 

[hans1972]

Is Apple really interested in protecting the privacy of their customers, or would that scanning technology have uncovered much more than the pedophiles in positions of power were willing to permit?

It shows you didn't understand the system. It was exceptional bad at uncovering other things.

 

[FineWoven]

We CAN sue anyone and everyone over about anything. Filing a suit is relatively easy. Winning it is another story.

That's if it even makes it as far as a trial which often isn't the case and they end up getting dismissed entirely by a judge who looks at it and basically says "Why tf is this even being brought to me? Next."

 

[hans1972]

Exactly. Many here argued it was OK because it was only comparing a hash, completely ignoring the fact that the hash was generated on YOUR device. Almost like generating a hash from a file on your device was supposed to just happen by “Apple magic”.

It was OK because the photo was only analysed when using iCloud Photo Library. So every analysed photo would be sendt to iCloud where Apple could have analysed themselves.

Generating a hash can be a simple task and occurs million of times on your iPhone today. All modern encryption technology relies on generating and comparing hashes.

 

[hans1972]

If they can scan for one thing, they can scan for something else.

No, the system was designed to be exceptional bad at scanning for anything else including undiscovered CSAM.
The system couldn't even find regular pornography or nudity.

 

[No5tromo]

Did they ever officially announce that they were abandoning this? As much as I support the supposed motive this was a PR disaster summed up like "We own iCloud including your iCloud photos and we will be thoroughly scanning them to find illegal content, then our employees will have a peek at your personal photos, which could include photos of your kids, to make sure it wasn't a false positive, if you don't want us to look at your personal photos just disable iCloud sync". Then they went to on to introduce iCloud encryption to mitigate this disastrous privacy mess.

 

[hans1972]

No. You can turn off icloud photo uploads. Mine don’t get uploaded since I don’t care to pay for additional storage kust to have photos in the cloud.
But the key is that the hash was generated on your device, before the image was uploaded to iCloud. So the implementation of that hash generating scan was on-device.

Yes, but the photo would be scanned anyway.

If a photo is going to be analysed anyway, does it really matter if it happened on Apple servers or your device?
To me local device scanning is better since it allows the cloud version to be encrypted even for Apple.

 

[hans1972]

One can sue for anything, but I don't think they have much legal grounds. It isn't Apple's legal responsibility to do this any more than Google's, Microsoft's, Facebook's, etc.

But those three companies do scan images on their servers.

 

[hans1972]

You can use an Apple ID without turning on photo sync to iCloud. There are plenty of other photo-syncing solutions.

Apple's CSAM technology did require you to have iCloud Photo Library turned on.

If you didn't want local scanning it was very easy to avoid.

 

[hans1972]

Indeed, in its technical documents made available online, Apple published openly a roadmap for authoritarian regimes to detect on mobile devices any kind of content in pictures, from flags to posters to faces.

That's not true. The system was exceptional bad at detecting other kind of content including unknown CSAM, pornorgaphy and nudity.

If an authoritarian regime wants to detect content on phones, there are better and simpler to implement methods already out there as open source.