By John Gruber
Due — never forget anything, ever again.
Jon Porter, reporting for The Verge:
Two of the three safety features, which released earlier this week with iOS 15.2, are still present on the page, which is titled “Expanded Protections for Children.” However references to the more controversial CSAM detection, whose launch was delayed following backlash from privacy advocates, have been removed.
When reached for comment, Apple spokesperson Shane Bauer said that the company’s position hasn’t changed since September, when it first announced it would be delaying the launch of the CSAM detection. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company’s September statement read.
Crucially, Apple’s statement does not say the feature has been canceled entirely. Documents outlining how the functionality works are still live on Apple’s site.
I wouldn’t read too much into this. Now that some of the new child safety features are shipping with this week’s iOS 15.2 update (machine-learning-based nude/sexually-explicit image detection in Messages, and “Expanded guidance in Siri, Spotlight, and Safari Search”), Apple has updated the page to state which features are currently shipping.
I think the CSAM fingerprinting, in some form, is still forthcoming, because I suspect Apple wants to change iCloud Photos storage to use end-to-end encryption. Concede for the moment that CSAM identification needs to happen somewhere, for a large cloud service like iCloud. If that identification takes place server-side, then the service cannot use E2E encryption — it can’t identify what it can’t decrypt. If the sync service does use E2E encryption — which I’d love to see iCloud Photos do — then such matching has to take place on the device side. Doing that identification via fingerprinting against a database of known and vetted CSAM imagery is far more private than using machine learning.
I also continue not to agree, at all, with the “slippery slope” argument, which goes along the lines of “authoritarian regimes around the world will force Apple to add non-CSAM image fingerprints to the database”. Machine learning algorithms are far more ripe for that sort of abuse than fingerprint matching. Machine learning can be crazy smart; fingerprint matching, by design, is a bit simplistic. Apple’s Photos app already uses very clever machine learning to identify the content of photos in your library. Search in the Photos app for “dog” or “cocktail” or someone’s name and it’s going to find those photos. Trust in Apple is the only thing protecting iOS users from surreptitious abuse of machine learning in Photos now — which is no different from Android users’ trust in Google for the same sort of thing.
Put another way, if governments, authoritarian or otherwise, were able to force Apple (or Google, or Microsoft) to add secret snooping features — like say finding photos of Tank Man on Chinese users’ devices and reporting them to the CCP — to our operating systems, the game is over. They wouldn’t need this proposed device-side CSAM fingerprinting feature to abuse, they could just demand whatever they want. Access to your email, everything.
★ Wednesday, 15 December 2021