Apple Delays Scanning iPhones For Child Abuse

Uploaded on 2021-09-07 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

Plans for software capable of detecting child abuse images to be built into iPhones have been temporarily suspended over privacy concerns. Apple has been developing a system which would automatically recognise illegal images when they are uploaded to iCloud and alert the authorities. The system was built to look for images that match those from libraries assembled by law enforcement to find and track the dissemination of child abuse material on the Internet.

It follows widespread criticism from privacy groups and others, worried that the on-device tracking set a dangerous precedent. There were concerns the system could be abused by authoritarian states. Apple said that it had listened to the negative feedback and was reconsidering. 

The so-called NeuralHash technology would have scanned images just before they are uploaded to iCloud Photos. Then it would have matched them against known child sexual abuse material on a database maintained by the National Centre for Missing and Exploited Children. 

If a match was found then it would have been manually reviewed by a human and, if required, steps taken to disable a user's account and report it to law enforcement.

In a statement, Apple said: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of child sexual abuse material. "Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features." Apple has previously been an exponent of privacy and end-to-end encryption.

As well as the CSAM scanning, Apple announced and has now paused a second set of updates, which would have seen it using an AI system to identify explicit images sent and received by users under 18 through the company’s Messages app and, where those users were under 13 and had their phones managed by family members, warn a parent or guardian.

Matthew Green, a cryptography researcher at Johns Hopkins University who had criticised the plan, told the AP news agency that he supported the delay. "You need to build support before you launch something like this,'' Green said. "This was a big escalation from scanning almost nothing to scanning private files.'' Green had been among the experts last month who warned that the NeuralHash scanning system could be used for nefarious purposes. For example, innocent people could be framed after having been sent seemingly innocuous images designed to trigger matches for child pornography. Green said it would be enough to fool the system and alert law enforcement.

Privacy campaigners expressed concern that the technology could be expanded and used by authoritarian governments to spy on citizens. 

The Electronic Frontiers Foundation has been one of the most vocal critics of the system, gathering a petition signed by 25,000 customers opposing the move. Its executive director Cindy Cohn told the BBC: "The company must go further than just listening and drop its plans to put a backdoor into its encryption entirely... The enormous coalition that has spoken out will continue to demand that user phones - both their messages and their photos - be protected, and that the company maintains its promise to provide real privacy to its users."

NBC:      Metro:     CNet:      DW:        Guardian:       BBC

You Might Also Read: 

Protecting Children In The Digital Age:

« Russian Trolls Target News Websites
FBI & CISA Advice On Ransomware Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

E-core

E-core

e-Core offers the highest quality standards in offsite software development, quality assurance, and application support services

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

LevelOps

LevelOps

LevelOps is an industry application security platform that tracks and develops your application security.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.