Just days after the California Consumer Privacy Act (CCPA) and as a panel of privacy experts convened at CES in Las Vegas, Apple Chief Privacy Officer (CPO) Jane Horvath confirmed the Cupertino-based company scans content in iCloud for indications of child sexual abuse.
“We are utilizing some technologies to help screen for child sexual abuse material,” Hovath said, while simultaneously voicing support for national privacy legislation that would see “every consumer regardless of where they live as entitled to the same strong protections.”
Hovarth’s comments prompted questions about Apple’s methods of examining iCloud content.
“Apple is being very opaque about how it goes about scanning users’ photos without breaking encryption,” said Paul Bischoff, privacy advocate with Comparitech.com.
Noting that “any photos uploaded to iCloud should be encrypted since says “Apple says all data uploaded to iCloud is encrypted both in transit and on the cloud storage server” and that “iPhones themselves are encrypted as well,” Bischoff asked, “At what point is Apple using the image matching algorithm to scan photos? Does it happen on users’ devices before photos are encrypted, or are the photos unencrypted at some point when being sent to the server?”
He believes the tech giant “has access to a law enforcement database of child abuse photos” and either “hashes or encrypts those photos with each users’ security key (password) to create unique signatures.”
If any signatures from the database match signatures of encrypted photos uploaded from an iPhone, “then the photo is flagged and presumably reported to authorities,” allowing “Apple to match photos uploaded to the cloud against the law enforcement database without ever breaking encryption or actually viewing the photos.”
That differs from Apple providing a backdoor to government by heeding law enforcement requests to decrypt an iPhone or iCloud. “It is more targeted and doesn’t allow for much third-party abuse,” said Bischoff, explaining that child pornography isn’t protected under the First Amendment.
“There is one drawback: If a child abuse photo is cropped or edited, if it’s converted to another type of image file, or if it’s compressed, then the encrypted signatures won’t match up,” he said. “It has to be an exact copy of the image from the law enforcement database.”