Where does the manual review process kick in, though?
These are all the steps spelled out, go to Step 7 for manual/human review.
Step 0
- Apple releases iOS15
- iOS 15 contains the hashes database, downloaded in full to every iPhone
- subsequent updates to the database can only happen as an iOS update, so the system cannot be abused for time sensitive searches (like targeting dissidents that were at a march “last week”)
Step 1
- the user activates iCloud Photos, basically surrendering his photos to Apple servers, like calling the police and saying “I am going to bring the whole content of my home to the local police station”
-
then and only then the local scanning process begins
- said scanning process by itself has no way to phone home to Apple HQ
Step 2
- the scanning process creates fingerprints of the user photos (the photos that the user has already promised to surrender to Apple servers, not photos that the user “hasn’t shared with anyone” like some privacy advocate said, not a contradiction to “what happens on iphone stays on iphone”)
Step 3
- said fingerprints are compared by a super smart trained AI to the fingerprints in the database
- the AI is needed not to look at the content of the picture (the content is no longer part of the equation since Step 2) but to have some leeway, some wiggle room to be able to catch slightly modified (cropped, etc.) versions of the known offending picture
- the system is engineered to only match the known offending old photos from the NCMEC repository, it can’t look for new/personal children-related content
Step 4
- the output of the matching process is a label called a “security voucher”, attached to every photo
- this label only says 2 possible things
1) YES, this photo matches a known CSAM photo from the NCMEC repository
2) NO, this photo doesn’t match a known photo from the NCMEC repository
- at this stage though this label is still cryptographically secured GIBBERISH, no human on Earth can read it, not even someone having physical access to your phone
- embedded in the security voucher there’s also a low-res version of the user’s photo
- the label will remain gibberish till the end of time if Step 6b (see below) doesn’t happen
- (is a search whose output is gibberish on a post-it note that just sits there till the end of times an actual search?)
Step 5
- the user uploads the photos to iCloud Photos just like HE promised to do in Step 1
-
now and only now the company known as Apple Inc. is involved in any way
- at this time, Apple Inc. can do
one thing and one thing only: count the positive matches security vouchers
- now 2 things can happen
1) the number of positive security vouchers is smaller than the threshold —> go to step 6a
2) the number of positive security vouchers is bigger than the threshold —> go to step 6b
Step 6a
- the security vouchers remain
unreadable gibberish till the end of times, well after we are all dead
- not even Tim Cook, the Pope, God, Thanos with all the stones, etc. can crack their multi factor encryption, it’s like granpa Abe Simpson Hellfish unit treasure in that classic Simpsons episode, you need a set number of keys to open the vault, that’s why the “threshold” system is not a policy decision that could be changed easily by Apple Inc. but a technical safeguard that’s built-in in the system:
no one could ever end up in Step 6b and Step 7 because of a single unlucky wrong match (or “false positive”)
- Apple Inc. says that a good ballpark estimate of the chance of getting enough false positives to surpass the threshold is 1 in 1 trillion per year; some people dismiss this as “yeah how do I know they’re not being too optimistic” but it should be pointed out that Apple Inc. has given 3 external experts some access to the system, and that even if that quote was wrong
by tenfold (1 in 10^11 instead of 1 in 10^12) it would be still be an extremely rare event (one innocent account flagged every 117 years); moreover, the order of magnitude of said quote is perfectly plausible since we’re talking about the
compound probability of multiple rare events (as an example, it would be easy to get to 1 in 10^12 as the compound probability of six 1 in 10^2 rare events)
Step 6b
- if the number of positive security vouchers is above the threshold, finally Apple Inc. has enough cryptographic keys to decrypt the positive security vouchers
-
now and only now said security vouchers stop being gibberish, basically
any user that only reaches Step 6a has his privacy completely preserved (compare this to server-side searches of decrypted data on servers that
equally invade the privacy of both innocent and not-so-innoncent users)
Step 7 - HUMAN REVIEW
-
now and only now the positive security vouchers, no longer gibberish, can be looked at by a human reviewer at Apple Inc. HQ
- the human reviewer will be able to look at a low-res version on the user’s supposedly offending photo
- if the low-res photo is something innocuous like a sunset, a bucket of sand, a cat, a goldfish, etc., (and remember: the matching is based on hashes, not content, so the content won’t necessarily be children-related, that’s not the kind of similarity the AI would catch, don’t worry about the pics of your kids, they have no more probability of being accidentally flagged than any other subject), the human reviewer will acknowledge the system made an error and discard it, no automatic calls to the cops
- if the low-res photo actually looks like actual kiddie p0rn (that gotta be the worst job on Earth and these reviewer are sometimes psychologically scarred), then Apple Inc. will disable your iCloud account and maybe report you or maybe not (depending on the follow up internal investigation)
(phew that was long…imagine people trying to encapsulate the complex implications of all of this in a buzzword, a meme with dogs, or a simplistic hot take or an imprecise real-world analogy)
Users with 0 matches (likely 99%+ of iCloud accounts) will never go past Step 6a and never reach human review.
Users with 1 match will never go past Step 6a and never reach human review.
Users with 2 matches will never go past Step 6a and never reach human review.
Users with n-1 matches (with “n” being the unknown threshold Apple has chosen to use) will never go past Step 6a and never reach human review.
Hope this long recap post helps as many people as possible make an informed evaluation of how this works and what are the actual privacy implications.
I dedicate this to the “it’s not about the tech” crowd who’d wish to bury all this under blind buzzwordy outrage.
