There, Apple, I fixed it for you

Apple’s CSAM privacy fiasco (see my Sunday article) continues with apparently contradictory “iphone-ipad-csam-scanning-auditability" rel="noopener" data-href="https://www.theverge.com/2021/8/13/22623336/craig-federighi-apple-icloud-photos-iphone-ipad-csam-scanning-auditability">clarifications”. In trying to tell the public ‘there’s nothing to see here’ Apple released two documents on its use of CSAM technology: an FAQ and a CSAM Technical Summary (PDF links).

The CSAM Technical Summary seems to say scanning takes place “on-device” while the FAQ seems to contradict that with a flat “No”.

First, Just the FAQs

Apple’s FAQ states:

Excerpt from page 4 of Apple’s Expanded Protections for Children Frequently Asked Questions (FAQs)
August 2021 v1.1 (highlighting added)

The above makes it seem, to me, unequivocally that there there is “No” reading of photo files that happens on your iPhone, i.e., no on-device scanning. But the language seems lawyer weaselly in at least two spots:

[is] Apple…going to scan all the photos stored on my iPhone?

this feature only applies to photos that the user chooses to upload to iCloud Photos

If you read those statements hyper-literally, it does not answer the intended question broadly. To me, and I think to most reasonable people, a ‘private iPhone photo library’ means ‘anything on my iPhone’ whereas Apple seems to be hyper-technically defining ‘private iPhone photo library’ as ‘a library not selected for uploading to iCloud Photos’.

So, for example, if you have 2 photo albums on your iPhone (e.g., Album A and Album B) and you “choose” to upload only Album A to iCloud Photos, Apple will scan only Album A. So technically they are not scanning “all the photos stored on [your] phone”.

Technically True But Misleading

Nevertheless, that still means Apple can scan some of your files (i.e., all files from Album A) on your iPhone and the above FAQ statements can still be true. Worst still, many users don’t consciously choose anything. They basically have all their photos hit iCloud (e.g., via Photo Stream, monolithically turning on iCloud Photos for all their photos, etc.). As such, commonly, most users wont know Apple’s CSAM will scan most if not all photos on their phone, which, I think is contrary to the spirit of Apple’s above FAQ.

Why does that matter? The question of where Apple reads your files is super important. If Apple reads/scans photo files you chose to send to iCloud, and that only happens on Apple’s iCloud server, well, no big deal. That’s no longer on your device, and you chose to put it up on the cloud.

But if the scanning happens on your iPhone, then shame on Apple. Why? Because then Apple is not informing you nor getting your permission to do things to your device and data and its invading your privacy. Apple has then effectively created a potentially privacy destroying backdoor to your device and data.

That distinction may seem small and subtle, but it’s everything.

And Now the CSAM Technical Summary

Now lets compare the above FAQ with Apple’s CSAM Technical Summary:

Excerpt from page 4 of Apple’s CSAM Detection Technical Summary (CSAM Technical Summary) August 2021 (highlighting added) detailing that Apple sends CSAM images hashes to your device for matching
Excerpt from page 7 of Apple’s CSAM Technical Summary August 2021 (highlighting added)

Apple’s CSAM Technical Summary makes it apparently clear that it operates “on-device” — on your device/iPhone. For the “comput[ation]” of the image NeuralHash, the on-device matching process accesses, processes and transforms data from your image files. And to process your image, it must read into your files. Although the language throughout these documents is consistently obfuscating that your files are being read on your device by deftly avoiding even a single instance of the word “read” throughout, page 5 of Apple’s CSAM Technical Summary does tell that’s what’s going on:

Excerpt from page 5 of Apple’s CSAM Technical Summary August 2021 (highlighting added)

That the “image is passed” seems to be a euphemism for what Apple is doing, which is reading into your photo files on your device to create the NeuralHash. Bottom line, Apple’s CSAM implementation seems to have some process on-device that has access to your files and reads into them to create these hashes.

You’ve Lost That Loving Feeling

Apple pleads, you can trust it will not allow others to abuse such a backdoor process. But like I said earlier:

[C]ode is infinitely mutable…Even if you trust people at Apple to do the right thing today, the people there tomorrow may not have the same power, inclinations, or agenda. A simple change of management and a software patch update, and now the criteria and those pulling the strings are different.

Considering Apple’s FAQ, seemingly and perplexingly, is either, at best, deftly misleading, or, at worst, outright lying, I think it has exhausted all trust.

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Kamichi

I really like this article you shared. Thanks for taking the time to write it

Last edited 21 days ago by Kamichi
PSMacintosh

I disagree with the idea that Apple can or should SEARCH/SCAN through ANY of MY DATA regardless of where it is stored. So I disagree with your suggested premise that WHERE the data is stored changes the rights to privacy of that data. I’m NOT sharing my data with the general public. If you simply want to share/transfer?access data between your own devices (phone, computer, etc), you have to use iCloud. Just moving photos from iPhone to computer sometimes happens through iCloud. Beyond PHOTOS: CONTACTS, with all their notes, data, photos, are stored in iCloud. NOTES, with all that data… Read more »

Jeff Butts

Excellet analysis, John. I’m still going through an internal debate about this situation. On the one hand, I truly believe we should maintain rights to privacy on our iPhones. On the other hand, I’m vehemently enraged by any abuse or exploitation of children.

I think that, at a minimum, Cupertino needs to publish an explanation that is both easily accessible to end users of all levels of education and in agreement with the technical documentation already released. This sort of controversial technology is not the right place for the volumes of technobabble we’ve been seeing from Apple.