Apple Delays Scanning iPhones For Child Abuse

Plans for software capable of detecting child abuse images to be built into iPhones have been temporarily suspended over privacy concerns. Apple has been developing a system which would automatically recognise illegal images when they are uploaded to iCloud and alert the authorities. The system was built to look for images that match those from libraries assembled by law enforcement to find and track the dissemination of child abuse material on the Internet.

It follows widespread criticism from privacy groups and others, worried that the on-device tracking set a dangerous precedent. There were concerns the system could be abused by authoritarian states. Apple said that it had listened to the negative feedback and was reconsidering. 

The so-called NeuralHash technology would have scanned images just before they are uploaded to iCloud Photos. Then it would have matched them against known child sexual abuse material on a database maintained by the National Centre for Missing and Exploited Children. 

If a match was found then it would have been manually reviewed by a human and, if required, steps taken to disable a user's account and report it to law enforcement.

In a statement, Apple said: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of child sexual abuse material. "Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features." Apple has previously been an exponent of privacy and end-to-end encryption.

As well as the CSAM scanning, Apple announced and has now paused a second set of updates, which would have seen it using an AI system to identify explicit images sent and received by users under 18 through the company’s Messages app and, where those users were under 13 and had their phones managed by family members, warn a parent or guardian.

Matthew Green, a cryptography researcher at Johns Hopkins University who had criticised the plan, told the AP news agency that he supported the delay. "You need to build support before you launch something like this,'' Green said. "This was a big escalation from scanning almost nothing to scanning private files.'' Green had been among the experts last month who warned that the NeuralHash scanning system could be used for nefarious purposes. For example, innocent people could be framed after having been sent seemingly innocuous images designed to trigger matches for child pornography. Green said it would be enough to fool the system and alert law enforcement.

Privacy campaigners expressed concern that the technology could be expanded and used by authoritarian governments to spy on citizens. 

The Electronic Frontiers Foundation has been one of the most vocal critics of the system, gathering a petition signed by 25,000 customers opposing the move. Its executive director Cindy Cohn told the BBC: "The company must go further than just listening and drop its plans to put a backdoor into its encryption entirely... The enormous coalition that has spoken out will continue to demand that user phones - both their messages and their photos - be protected, and that the company maintains its promise to provide real privacy to its users."

NBC:      Metro:     CNet:      DW:        Guardian:       BBC

You Might Also Read: 

Protecting Children In The Digital Age:

« Russian Trolls Target News Websites
FBI & CISA Advice On Ransomware Attacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Exponential-e

Exponential-e

Exponential-e provide Cloud and Unified Communications services and world-class Managed IT Services including Cybersecurity.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Infinidat

Infinidat

Infinidat delivers enterprise-proven solutions for data storage, data protection, business continuity, and sovereign cloud storage.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Exiger

Exiger

Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.