Apple Uses Surveillance To Detect Child Abuse

Uploaded on 2021-08-11 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

Apple has announced a new system for checking photos for abuse pictures to be carried out on a country-by-country basis. This process will be included in iPhones that will automatically scan devices to identify if they contain media featuring child sexual abuse. This initiative is part of a range of child protection features to be launched later this year in the US, which will be implemented through updates to iOS 15 and iPad OS and which will compare the images on users' devices to a database of known abuse images

Apple said it would implement to use the  new system to screens photos for such images before they are uploaded from iPhones in the United States to its iCloud storage. Child safety groups praised Apple as it joined Facebook Inc, Microsoft Corp, Alphabet Inc's Google in taking such measures.

Detection of child abuse image uploads sufficient to guard against false positiveswill trigger a human review of and report of the user to law enforcement, Apple said. It said the system is designed to reduce false positives to one in one trillion. Child safety groups praised Apple as it joined Facebook, Microsoft, Alphabet and Google in taking such measures. 

Apple's photo check on the iPhone itself raised concerns that the company is probing into users' devices in ways that could be exploited by governments. Many other technology companies check photos after they are uploaded to servers.

Apple's iPhones, iPads, and Macs will now also integrate the new system that checks images uploaded to iCloud in the US for known child sexual abuse images. That feature will use a cryptographic process that takes place partly on the device and partly on Apple's servers to detect those images and report them to the National Center for Missing and Exploited Children, or NCMEC, and ultimately US law enforcement.

 Apple has announced that it would make plans to expand the service based on the laws of each country where it operates.

The company said nuances in its system, such as "safety vouchers" passed from the iPhone to Apple's servers that do not contain useful data, will protect Apple from government pressure to identify material other than child abuse images. Apple will also implement a human review process that acts as a backstop against government abuse. The company will not pass reports from its photo checking system to law enforcement if the review finds no child abuse imagery.

Regulators are increasingly demanding that tech companies do more to take down illegal content. For the past few years, law enforcement and politicians have wielded the scourge of child abuse material to decry strong encryption, in the way they had previously cited the need to curb terrorism.

A few resulting laws, including in Britain, could be used to force tech companies to act against their users in secret.Facebook's WhatsApp, the world's largest fully encrypted messaging service, is also under pressure from governments that want to see what people are saying, and it fears that will now increase. WhatsApp chief Will Cathcart tweeted against Apple's plans for the new architecture.

"We've had personal computers for decades, and there has never been a mandate to scan the private content of all desktops, laptops or phones globally for unlawful content," he wrote. "It's not how technology built in free countries works.... This is an Apple built and operated surveillance system that could very easily be used to scan private content for anything they or a government decides it wants to control. Countries where iPhones are sold will have different definitions on what is acceptable”, he said.

Apple's experts argued that they were not really going into people's phones because data sent on its devices must clear multiple hurdles. For example, banned material is flagged by watchdog groups, and the identifiers are bundled into Apple's operating systems worldwide, making them harder to manipulate.

Critics suspect more complex motives in Apple's approach. They say the great technical lengths Apple has gone to to check images on a user's device, despite that process's privacy protections, only really make sense in cases where the images are encrypted before they leave a user's phone or computer and server-side detection becomes impossible.

In that case, Apple might easily extend the detection system to photos on users' devices that aren't ever uploaded to iCloud, a kind of on-device image scanning that would represent a new form of invasion into users' offline storage.

Reuters:      Wired:         Livemint:      NDTV:     Independent:   Yahoo:    

You Might Also Read: 

British Law To Protect Online Users:

 

 

« Pakistan’s New Cyber Security Policy
Alarming Surge In Malicious Apps »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.

Reclaim Security

Reclaim Security

Reclaim Security is your always-on force multiplier, empowering security teams to eliminate threat exposure using your existing security stack.

Cyber Command Pvt Ltd

Cyber Command Pvt Ltd

Cyber Command is your one-stop Cyber Security Service Provider, dedicated to delivering customized cybersecurity solutions that safeguard businesses from today's complex threat landscape.