By John Gruber
Build internal tools in minutes with Retool, where visual programming meets the power of real code.
Clarifying interview, with at least one bit of news: Federighi says the heretofore unspecified “threshold” for CSAM fingerprint matches that must be reached before an iCloud account is flagged (or even can be flagged, thanks to how the shared-key cryptography is implemented) is “on the order of 30 known child pornographic images”. Right around the 3:00 mark:
“And if, and only if you meet a threshold of something on the order of 30 known child pornographic images matching, only then does Apple know anything about your account and know anything about those images.”
There’s also a WSJ news story (News+ link), co-bylined by Stern and Tim Higgins, in which Federighi emphasizes that the database of CSAM fingerprints is auditable:
Beyond creating a system that isn’t scanning through all of a user’s photos in the cloud, Mr. Federighi pointed to another benefit of placing the matching process on the phone directly. “Because it’s on the [phone], security researchers are constantly able to introspect what’s happening in Apple’s [phone] software,” he said. “So if any changes were made that were to expand the scope of this in some way — in a way that we had committed to not doing — there’s verifiability, they can spot that that’s happening.”
Critics have said the database of images could be corrupted, such as political material being inserted. Apple has pushed back against that idea. During the interview, Mr. Federighi said the database of images is constructed through the intersection of images from multiple child-safety organizations — not just the National Center for Missing and Exploited Children. He added that at least two “are in distinct jurisdictions.” Such groups and an independent auditor will be able to verify that the database consists only of images provided by those entities, he said.
★ Friday, 13 August 2021