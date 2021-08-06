



Apple has announced imminent changes to its operating system, including new protection for iCloud and iMessage’s children’s features. If you’ve spent some time after Crypto Wars, you know what this means. Apple plans to incorporate backdoors into its data storage and messaging systems.

Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy stance to combat it. However, that choice can be expensive for overall user privacy. Apple can elaborate on how its technical implementation maintains the privacy and security of the proposed backdoor, but after all, it’s fully documented, carefully thought out, and narrow in scope. Even backdoors are still backdoors.

It’s an understatement to say that you’re disappointed with Apple’s plans. Apple has historically been the champion of end-to-end encryption for the same reasons that EFF has explicitly stated over and over again. Apple could appease US and foreign government agencies by compromising end-to-end encryption, but it’s a shocking face for users who rely on corporate leadership in privacy and security.

There are two main features that the company plans to install on all Apple devices. One scans all the photos uploaded to iCloud Photos and matches the photos in the database of known Child Sexual Abuse Materials (CSAM) maintained by the National Center for Missing and Exploited Children (NCMEC). It is a scan function to check whether or not. Another feature is that it scans all iMessage images sent and received by the child account, that is, an account designated to be owned by a sexually explicit minor, and if the child is young enough, Notify parents when these images are sent and received. This feature can be turned on or off by parents.

When Apple releases these client-side scanning features, iCloud Photos users, iMessage child users, and anyone talking to minors through iMessage should carefully prioritize privacy and security in light of changes. What you need to consider and what to use safely, perhaps until this development becomes one of the outstanding encrypted messengers.

Apple opens the door to wider abuse

I said it before, but I still say it. It is not possible to build a client-side scanning system that can only be used for sexually explicit images sent and received by children. As a result, even well-meaning efforts to build such a system break the important promise of messenger encryption itself and open the door to wider abuse.

It’s not a slippery slope. It’s a fully built system that just waits for external pressure to make a slight change.

To widen the narrow backdoor that Apple is building, you need to extend machine learning parameters to look for additional types of content, or tweak configuration flags to scan anyone’s account, not just children. It’s not a slippery slope. It’s a fully built system that just waits for external pressure to make a slight change. Let’s look at the example of India, where recently passed rules include dangerous requirements for the platform to identify the origin of the message and the pre-screened content. In Ethiopia, new legislation may apply to messaging services that require the removal of incorrect information content within 24 hours. And in many other countries, countries with authoritarian governments often passed similar legislation. Apple’s changes will enable such screening, removal, and end-to-end messaging reporting. Abuse cases are easy to imagine. Governments that outlaw homosexuality may require trainers to train classifiers to limit apparent LGBTQ + content.

We have already seen this mission actually creep up. One of the technologies originally built to scan and hash images of child sexual abuse has been re-created to create a database of terrorist content that businesses can contribute and access to ban such content. It was used. Databases maintained by the Global Internet Forum for Counterterrorism (GIFCT) are in trouble without external oversight, despite calls from civil society. Therefore, it is impossible to know if the database is overkill, but that the platform regularly flags important content such as violence, oppression, counterarguments, art, and satirical documentation as terrorism. We know

Image scanning with iCloud photos: reduced privacy

Apple plans to scan photos uploaded to iCloud Photos, which is similar in some ways to Microsoft’s PhotoDNA. The main difference between the products is that Apple scans are done on the device. A (non-audit) database of processed CSAM images is distributed to the operating system (OS), the processed images are converted so that the user cannot see the images, and the device is not visible using a private set intersection. Matching is done on the converted image. Check if a match is found. This means that when the feature is rolled out, the NCMECCSAM database version will be uploaded to all iPhones. The results of the match will be sent to Apple, but Apple will only know that a match has been found if a sufficient number of photos match the preset thresholds.

When a certain number of photos are detected, the photo in question is sent to a human reviewer within Apple, who determines that the photo is actually part of the CSAM database. If confirmed by a human reviewer, those photos will be sent to NCMEC and the user account will be invalidated. Again, the important thing here is that every photo uploaded to iCloud is scanned, whatever the privacy and security aspects of the technical details.

There is no mistake. This is a reduction in privacy for all iCloud Photos users, not an improvement.

Currently, Apple holds a key to view the photos stored in iCloud Photos, but it doesn’t scan these images. Civil free organizations have asked companies to remove their ability to do so. However, Apple has taken the opposite approach to increase users’ knowledge of content.

iMessage Machine Learning and Parental Notifications: Migrating from Strong Encryption

Apple’s second major new feature is two types of notifications based on scanning photos sent and received by iMessage. To implement these notifications, Apple deploys machine learning classifiers on devices designed to detect sexually explicit images. According to Apple, these features are limited to US users under the age of 18 who have a family account (at launch). In these new processes, if an account owned by a child under the age of 13 wants to send an image that the machine learning classifier on the device determines to be a sexually explicit image, a notification will pop up and the age of 13 Notify parents to send to children under this content will be notified. If a child under the age of 13 chooses to continue sending content, they must accept the notification to their parents. The image is irrevocably stored in the parental controls section of the phone for later viewing by parents. For users between the ages of 13 and 17, there is no notification to parents, but a similar warning notification pops up.

Similarly, if a child under the age of 13 receives an image that iMessage considers to be sexually explicit, the parent must have received it for the child under the age of 13 before the photo is allowed to be displayed. A notification will pop up informing you that you will be notified. A sexually explicit image. Again, if a user under the age of 13 accepts the image, parents will be notified and the image will be saved on the phone. Users between the ages of 13 and 17 will receive a warning notification as well, but no notification about this action will be sent to the parent device.

This is because, for example, if a minor using an iPhone that doesn’t have these features turned on sends a photo to another minor who has these features enabled, iMessage will send their image. It means that you will not receive any notifications that you consider to be explicit or that the recipient’s parents are notified. Recipient parents are notified about the content without the sender agreeing to their involvement. In addition, sexually explicit images cannot be removed from the device of users under the age of 13 after being sent or received.

Whether you send or receive such content, users under the age of 13 have the option of rejecting it without notice to their parents. Nonetheless, these notifications give the feeling that Apple is watching over the user’s shoulder, and if you’re under the age of 13, it’s essentially what Apple can do for its parents.

These notifications give the feeling that Apple is watching over the user’s shoulder, and if you’re under the age of 13, it’s essentially what Apple can do for your parents.

It’s also important to note that Apple has chosen to use technology that is notorious for machine learning classifier auditing to determine what constitutes a sexually explicit image. Years of documentation and research have shown that machine learning technologies used without human supervision have a habit of misclassifying content, including sexually explicit content. When blogging platform Tumblr introduced a sexual content filter in 2018, it caught all kinds of other images on the net, including pictures of Pomeranian puppies, self-portraits of fully dressed individuals, and more. It is famous. When Facebook tried to crack down on nudity, photos of famous statues such as Little Mermaid in Copenhagen were deleted. These filters have a cool history of expression, and there are many reasons to believe that Apple will do the same.

Sexually explicit image detection uses machine learning on the device to scan the content of the message, preventing Apple from end-to-end encrypting iMessage and calling it honestly. Apple and its advocates may argue that scanning messages before or after they are encrypted or decrypted does not break the end-to-end promise, which is the company’s attitude towards strong encryption. It would be a semantic operation to hide structural changes.

No matter what Apple calls it, it’s no longer secure messaging

As a reminder, a secure messaging system is one in which only the user and their intended recipients can read the message or analyze the content to infer what they are talking about. End-to-end encrypted messages do not allow the server to know what the message is, even though the message passes through the server. If the same server has a channel for publishing information about most of the content of the message, it is not end-to-end encryption. In this case, Apple doesn’t look at the images sent and received by the user, but has created a classifier that scans the images that provide notifications to parents. Therefore, Apple will be able to easily abort and cool speech by adding new training data to the classifier sent to the user’s device or sending notifications to a larger audience. ..

But even without such extensions, the system provides parents who are not thinking of their children’s best interests with another way to monitor and control their children, otherwise their lives are restricted. Limits the possibilities of the Internet to expand the world of people who are. Also, it’s not easy to imagine using this feature as a form of stalking wear, as family sharing plans can be organized by abusive partners.

People, including minors, have the right to communicate personally without backdoors or censorship. Apple needs to make the right decision. Keep these backdoors away from your device.

