Corellium Launching New Initiative to Hold Apple Accountable Over CSAM Detection Security and Privacy Claims

[giggles]

So which law in US is Apple mandated to follow? It would be good to know because none of the articles cite this and it would mean google would have to follow this too?

Ben Thompson on Stratechery mentioned the relevant laws, for example.

Apple’s Mistake

While it’s possible to understand Apple’s motivations behind its decision to enable on-device scanning, the company had a better way to satisfy its societal obligations while preserving…

stratechery.com

 

[bobcomer]

The law doesn’t necessarily mandate all the technically nitty gritty implementations to achieve a certain compliance.

And it’s not on device scanning remotely polled by Apple, it’s offline pre-labeling (not performed by Apple but by your device, not tethered to Apple in any way) to prevent illegal stuff from getting to Apple servers. Only once the pics have been uploaded on Apple servers the output of the scanning is collected by Apple. I will never not stress that the double blind on-device part of this process is just a technicality. Never. You say 100 times it’s on-device scanning and I will be there 100 times to correct all of you. I don’t make the rules.

We'll just have to agree to disagree, because there is no way I can agree with what you just said. Double blind is irrelevant, it's scanning on *my* device and not for my own benefit.

 

[cmaier]

The hash database is stored on your device, and will scan your photos as long as iCloud photos is turned on, even when you have no internet connection. Yes, the scanning is done *on your device*.

No it won’t. The scanning occurs when you upload photos onto iCloud, by creating a voucher that accompanies the uploaded file. If you want to prevent scanning, you don’t even have to turn off your internet connection - just turn off iCloud photo sync.

By the way, even if scanning WAS done on your device when the internet connection is off, it wouldn’t be “worse” as you claim. The results would, in that case, not go anywhere, and simply be sitting in the encrypted file store on your phone, where they cannot possibly hurt you.

 

[giggles]

We'll just have to agree to disagree, because there is no way I can agree with what you just said. Double blind is irrelevant, it's scanning on *my* device and not for my own benefit.

You’ll be asked to consent to this in updated Terms and Condition. You can opt-out by not uploading your pics to iCloud Photos. Just like you can opt-out from error telemetry (not for your own benefit).

The fact that the results of the scan aren’t going anywhere unless you upload the pics to Apple’s servers is far from irrelevant. Moreover, they’re also encrypted in a way that can’t be decrypted till the end of times unless you score 30 CSAM matches. Sitting in your phone doing nothing, and unreadable to anybody (even Apple), those results may as well not exist. It’s like you allow a cop to search your home but then you can make him blind, deaf, mute and unable to ever leave your home or communicate with the outside, UNLESS he finds 30 stashes of drugs in your drawers.

 

[oldoneeye]

I'm staying with iOS 14 for as long as possible - maybe forever

 

[giggles]

I'm staying with iOS 14 for as long as possible - maybe forever

If you don’t trust Apple, how do you know a nefarious background scanner won’t be silently pushed to your iOS 14 device in the form of a security update?

 

[bobcomer]

You can opt-out by not uploading your pics to iCloud Photos. Just like you can opt-out from error telemetry (not for your own benefit).

As if that isn't going to change when governments ask for more. That's basically my problem in a nutshell -- I don't trust Apple to keep it that way, no matter what they say. The scanner on device makes it ever so easy for them to change the behavior. (at someone else's *request*.)

I already disable iCloud Photos, that's a given, but I don't think it'll change anything in the long run.

 

[oldoneeye]

If you don’t trust Apple, how do you know a nefarious background scanner won’t be silently pushed to your iOS 14 device in the form of a security update?

hard to do that on a dumb feature phone which may well be my next device. I'm tired of this un-ending snooping, and especially disappointed in Apple, as this completely flies in the face of their previous publicity campaigns.

 

[dgrey]

No it won’t. The scanning occurs when you upload photos onto iCloud, by creating a voucher that accompanies the uploaded file. If you want to prevent scanning, you don’t even have to turn off your internet connection - just turn off iCloud photo sync.

By the way, even if scanning WAS done on your device when the internet connection is off, it wouldn’t be “worse” as you claim. The results would, in that case, not go anywhere, and simply be sitting in the encrypted file store on your phone, where they cannot possibly hurt you.

The fact that my phone is the privacy invader and the snitch is quite enough. THAT is what makes it even more insidious. This is all done on device. It isn’t done after the files are uploaded to icloud. Matches are made on your device, and then sent to iCloud.

 

[giggles]

As if that isn't going to change when governments ask for more. That's basically my problem in a nutshell -- I don't trust Apple to keep it that way, no matter what they say.

That could be said about any server-side search as well?
With the added benefit that at least with this implementation your pics aren’t routinely decrypted on-server?

 

[star-affinity]

Only in the very specific case of the post you are replying to. Elsewhere in this debate, plenty of arguments have been presented as to why doing A might increase the risk of Z. Some (knowledgable) groups are claiming that this scanning would be illegal in the EU, others that it might be unconstitutional in the US, and/or that the clauses in the T&Cs whereby users agree to this are unconscionable - if Apple wins a court ruling on that subject, it could set/break a legal precedent which would make future expansion easier. Then there's the self-evident fact that by possessing the facility, Apple could be legally forced to (ab)use it - true, they could also be legally forced to create such a facility from scratch, but already having the infrastructure makes it easier.

Also, if you follow these threads you'll see some people defending Apple by saying something like "your photos are only checked if you choose to uploaded them to iCloud"... When did it get to be OK that your photos can be scanned on iCloud? Did people dismiss any fears about that as "slippery slope fallacies?"

Anyway, these "logical fallacies" sites themselves tend to play to the fallacy that every debate is over a "falsifiable" fact that can be proven true or false. They mix up genuine logical fallacies of the "Dogs have 4 legs, Felix has 4 legs, therefore Felix is a dog" variety with common argument tropes that are often used as weak or fallacious arguments. Or to put it another way "Bob used 'slippery slope' in a fallacious argument, therefore all 'slippery slope' arguments are fallacies." - To be fair, most of them cover themselves once you read past the first sentence.

Still, from that site, "Want to share this fallacy on Facebook? Here's a button for you:" is the funniest line I've read all week.

You have som good points I think!
And yes, it's not always black and white like the logical fallacies sites seem to imply– I agree.
I wonder what the people behind the site would say about that feedback.

What about Tim Cook's own words previously?

Good question. Maybe he doesn't consider this to qualify as a backdoor? 🤔

 

[giggles]

The fact that my phone is the privacy invader and the snitch is quite enough. THAT is what makes it even more insidious. This is all done on device. It isn’t done after the files are uploaded to icloud. Matches are made on your device, and then sent to iCloud.

Nope, not “all”.
Only half of the scan is on-device.
The second half (collecting and making a sense of the results of said scan) is 100% on-server.
The first half without the second half is nothing, just gibberish sitting on your phone.

 

[AstonSmith]

If somebody jailbreaks their (IOS 15) device and prevents the scanner from creating vouchers, does that mean they will be able to upload as many dodgy images as they want to within iCloud Photos?

If the answer is "no" because Apple will continue scanning iCloud Photos with whatever they have now, then surely that makes this software pointless?

If the answer is "yes" due to the possible E2E encryption rumors, then they might actually end up storing more of this than before.

 

[giggles]

hard to do that on a dumb feature phone which may well be my next device. I'm tired of this un-ending snooping, and especially disappointed in Apple, as this completely flies in the face of their previous publicity campaigns.

Does Apple’s track record really warrant going back to feature phones on a whim? Let’s be reasonable.

 

[nt5672]

Companies and banks do “the policing” all the time by reporting illegal activity they’re legally mandated to report.

The problem is not the the theoretical good of "policing", it is the abuse from the ever changing definition of "illegal activity".

 

[bobcomer]

That could be said about any server-side search as well?
With the added benefit that at least with this implementation your pics aren’t routinely decrypted on-server?

I have no problem with server side scanning, it's not my device, it's Apple's, and they can do what they want. I assumed my pics were always decrypted on the server anyway since apple has the keys. I got the benefit of cloud storage, so I did gain something from that.

 

[ian87w]

Sure, and then it'll be discovered in audit and be a huge scandal for Apple. Do you think Apple wants that? I bet this doesn't happen. Besides, it's US only for the time being, so let's just wait and see.

Scandals have happened with Apple before, such as confidential SIRI data given to outside contractors. The China server issue didn't even bat anyone's eyes. Apple as a brand is strong enough to withstand scandals.

Besides, in some countries, the news media is a lot more controlled, so even if anything happens, reports might not even surface.

Cat is out of the bag, Pandora's box is open. Nothing much people can do other than not updating to ios15.

 

[ian87w]

What about Tim Cook's own words previously?

It's interesting that we actually have not heard anything from Tim Cook about this, at all. Craig became the damage control after the privacy dude's blab. But so far, nothing from Tim Cook, which is interesting as he tends to be vocal about virtue signaling.

 

[oldoneeye]

Does Apple’s track record really warrant going back to feature phones on a whim? Let’s be reasonable.

I think you and I probably value privacy differently. I am being reasonable. I don't consider Apple using my device against me to be reasonable. This is the software equivalent of early morning police raid on your premises. Only the police would need a warrant. Apple appear to think they don't.

 

[giggles]

I think you and I probably value privacy differently. I am being reasonable. I don't consider Apple using my device against me to be reasonable. This is the software equivalent of early morning police raid on your premises. Only the police would need a warrant. Apple appear to think they don't.

No it isn’t.
This is the police raiding your house after you already surrendered a perfect copy of your home to them anyway.
That’s why analogies with physical objects don’t work: data can exist in 2 places at the same time. (your phone and iCloud)

 

[giggles]

I have no problem with server side scanning, it's not my device, it's Apple's, and they can do what they want. I assumed my pics were always decrypted on the server anyway since apple has the keys. I got the benefit of cloud storage, so I did gain something from that.

You’re being unreasonable, sorry. Server-side searches should utterly scare any privacy-minded individual just as much, if not more.
And Apple’s scan results are collected ONLY AFTER you surrender your pics to iCloud anyway. Hence for all intents and purposes is comparable privacy-wise to a server-side scan. The fact you people don’t acknowledge this simple fact is beyond me. But I’ve been already banned 2 days for writing “MUH DEVICE” so I’ll try to bite my tongue.

 

[Maximara]

Ben Thompson on Stratechery mentioned the relevant laws, for example.

Apple’s Mistake

While it’s possible to understand Apple’s motivations behind its decision to enable on-device scanning, the company had a better way to satisfy its societal obligations while preserving…

stratechery.com

Basically the five laws I provided a few posts back:

18 U.S. Code § 2258 - Failure to report child abuse
* 18 U.S. Code § 2258A - Reporting requirements of providers
* 18 U.S. Code § 2258B - Limited liability for providers or domain name registrars
* 18 U.S. Code § 2258C
* 18 U.S. Code § 2258D - Limited liability for NCMEC
* 18 U.S. Code § 2258E - Definitions

 

[bobcomer]

You’re being unreasonable, sorry.

lol!

Server-side searches should utterly scare any privacy-minded individual just as much, if not more.

They don't scare me at all, unlike my device searches. It's their servers, I have no say in the matter if I want to use them. Part of the EULA.

And Apple’s scan results are collected ONLY AFTER you surrender your pics to iCloud anyway. Hence for all intents and purposes is comparable privacy-wise to a server-side scan. The fact you people don’t acknowledge this simple fact is beyond me. But I’ve been already banned 2 days for writing “MUH DEVICE” so I’ll try to bite my tongue.

You just don't understand our complaint. Did you ever read 1984? If not, I suggest it.

 

[giggles]

lol!


They don't scare me at all, unlike my device searches. It's their servers, I have no say in the matter if I want to use them. Part of the EULA.


You just don't understand our complaint. Did you ever read 1984? If not, I suggest it.

I missed the part in 1984 where people complained about a technicality and were otherwise happy to be surveilled left and right.

 

[dgrey]

Nope, not “all”.
Only half of the scan is on-device.
The second half (collecting and making a sense of the results of said scan) is 100% on-server.
The first half without the second half is nothing, just gibberish sitting on your phone.

I don’t want ANY part of the scan on my phone. I don’t want any scan AT ALL, ANYWHERE.