Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say the world’s top cryptographic experts.
Read “Bugs in our Pockets: The Risks of Client-Side Scanning” by the 14 scientists here. Very thorough paper and lots of high profile contributors.
Apple’s proposal to compel iPhone users to accept updates that would automatically and covertly search shared images for possible abuse material and send reports to Apple or law enforcement agencies are today condemned as unworkable, vulnerable to abuse, and a threat to safety and security by the world’s top cryptographic experts and internet pioneers.
The 14 top computer scientists’ detailed technical assessment of why Apple’s ideas are foolish and dangerous in principle and in practice, Bugs in our pockets: The risks of client-side scanning, was published this morning by Columbia University and on Arxiv.
Apple’s plan, unveiled in August, is called client-side scanning (CSS). The panel acknowledges that “Apple has devoted a major engineering effort and employed top technical talent in an attempt to build a safe and secure CSS system”, but finds it a complete failure, citing over 15 ways in which states or malicious actors, and even targeted abusers, could turn the technology around to cause harm to others or society.
Apple has “not produced a secure and trustworthy design”, they say. “CSS neither guarantees efficacious crime prevention nor prevents surveillance. The effect is the opposite… CSS by its nature creates serious security and privacy risks for all society.”
The report’s signatories include Ron Rivest and Whit Diffie, whose pioneering 1970s mathematical inventions underpin much of the cryptography in use today; Steve Bellovin of Columbia University, one of the originators of Usenet; security gurus Bruce Schneier and Ross Anderson, of Cambridge University; Matt Blaze of Georgetown University, a director of the Tor project; and Susan Landau, Peter G Neumann, Jeffrey Schiller, Hal Abelson and four others, all giants in the field.
Apple’s plan “crosses a red line”, they say. “The proposal to pre-emptively scan all user devices for targeted content is far more insidious than earlier proposals for key escrow and exceptional access. In a world where our personal information lies in bits carried on powerful communication and storage devices in our pockets, both technology and laws must be designed to protect our privacy and security, not intrude upon it.”