Edward Snowden calls Apple CSAM plans 'disaster-in-the-making'

Posted:
in General Discussion edited August 26
Apple's CSAM detection feature is the topic of Edward Snowden's latest editorial on Substack, with the former intelligence contractor and whistleblower turned journalist calling the strategy a "tragedy."

Privacy


In a Wednesday installment of his newsletter, Snowden dispenses with technical refutations of Apple's CSAM system and cuts to the chase, saying the solution will "permanently redefine what belongs to you, and what belongs to them."

The feature, which is slated to roll out with iOS 15 this fall, will hash and match user photos marked for upload to iCloud against a hashed database of known CSAM pulled from at least two different entities. Importantly, and unlike existing systems, Apple's variation conducts all processing on-device. This will, according to Snowden, "erase the boundary dividing which devices work for you, and which devices work for them."

"Once the precedent has been set that it is fit and proper for even a 'pro-privacy' company like Apple to make products that betray their users and owners, Apple itself will lose all control over how that precedent is applied," Snowden writes.

He further argues that Apple's rollout of CSAM detection features has more to do with brand image than the protection of children or conforming to regulations, noting the feature can be avoided simply by disabling iCloud Photos uploads. The idea that Apple will introduce the measure in preparation of end-to-end encryption across iCloud is also pooh-poohed. Implementation of such a system would not matter, Snowden says, because iPhone will already have surveillance capability built in.

Both notions have been lobbed by experts and critics as part of a wider online debate.

Like others, Snowden fears governments will abuse the system by compelling Apple to expand the on-device CSAM feature or mandate that it be active by all users at all times. Arguments concerning mission creep have been central to criticism of Apple's plans since the effort was announced earlier this month.

"There is no fundamental technological limit to how far the precedent Apple is establishing can be pushed, meaning the only restraint is Apple's all-too-flexible company policy, something governments understand all too well," Snowden writes.

Apple for its part says it will not bend to government demands to expand the system beyond its original directive.

A number of high-profile figures in the information security sector, as well as some governments and civil rights groups, have urged Apple to reconsider its strategy, but the company appears undeterred.

The hubbub stems in part from Apple's very public commitment to user privacy. Over the past few years the company has positioned itself as a champion of privacy and security, investing in advanced hardware and software features to forward those goals. Critics argue the CSAM features, particularly photo hash scanning, will not only tarnish that reputation, but pave the way for a new era of digital surveillance.

Read on AppleInsider
«13

Comments

  • Reply 1 of 55
    bluefire1bluefire1 Posts: 1,178member
    Champion of privacy no more.
    edited August 26 baconstangxyzzy01muthuk_vanalingamdarkvaderxyzzy-xxxpulseimagesOferchemengin1
  • Reply 2 of 55
    This is really bad. No way around it. 

    Snowden would know.
    baconstangxyzzy01muthuk_vanalingammike54darkvaderxyzzy-xxxrattlhedOferravnorodomchemengin1
  • Reply 3 of 55
    In a single moment Apple is destroying all of its credibility. It’s amazing to see the complete self destruction of a brand image they worked so hard to achieve. I’m awestruck by their utter ignorance of what they are doing. How rapidly the fall is happening. First, the company and CEO appear to be fully committed to user privacy, to the idea that a corporation or government doesn’t get to just march into our homes or property without a reasonable cause… to a company and CEO that in their actions deny any concept of private ownership of a device or a set of data or basically whatever they decide they or a government might want to poke around in. Not to mention the inevitable hacking that happens with all technology over time. 
    baconstangxyzzy01muthuk_vanalingamrbelizemike54darkvaderxyzzy-xxxBeatsOfer9secondkox2
  • Reply 4 of 55
    mygigmygig Posts: 35member
    I have huge respect for Snowden and what he did, but as of the last few years he just seems like a attention wh***. Going by that logic, Apple is just an update away from introducing backdoors and selling out data!
    baconstangchasmikirxyzzy-xxxBeats9secondkox2
  • Reply 5 of 55
    cpsrocpsro Posts: 2,906member
    iOS 15 Mail has a feature to obscure your IP address when loading remote images… and Apple offers to load them automatically with the obscured IP. How many people will have no idea what this is really about and choose to load images automatically? While the IP is obscured, the mere act of loading images confirms your email address is valid, that the messages are read, and indicates when they are read. So much for privacy.
    baconstangmike54darkvaderpulseimagescaladanian
  • Reply 6 of 55
    KJH86KJH86 Posts: 7member
    I agree with Snowden. It sounds nuts, but the only thing that seems to explain Apple’s sudden commitment to an ineffective, unpopular, and brand destroying policy would be that they’ve been compromised by the government. They are probably being threatened with regulation so they struck some corrupt deal to avoid it. Look at how both of the latest administrations have been threatening big tech with regulation or anti-trust on an almost constant basis. These ideas have been getting popular on both sides of the political aisle as well. I think because of the bi-partisan popularity of these ideas the government now has a very powerful threat it has probably been using to compromise all of the big tech companies in exactly the way they’ve wanted to do for years. I think Apple was the last domino… welcome to the panopticon. 
    baconstangmuthuk_vanalingammike54darkvaderxyzzy-xxxmrstepbeowulfschmidtJMStearnsX2Beatscornchip
  • Reply 7 of 55
    netroxnetrox Posts: 1,083member
    You guys, I just have to remind you that MS, Google, Facebook, and Twitter have been "scanning" your videos and images for CSAM for years. Apple was actually "late" to this feature. Now you're upset about Apple? LOL

    Clearly, none of you people have a clue on how it works. 

    Snowden is a traitor and betrayed our Americans for exposing our privacy for the internet to see and you're worried about Apple who is making sure no child porn is shared across the Internet while preserving privacy? 
     

    chasmikirmwhitetemperordewmeJWSCrobabaricmactechrider
  • Reply 8 of 55
    chasmchasm Posts: 2,400member
    Again for the slow ones in the back (and exiled in Russia): every photo service you could probably name that is based in Europe or North America (at least) is “scanning” (hashing, actually) your photos you share or upload/store against databases of CSAM images. This tech was invented by Microsoft 13 years ago and has been used by Google, Dropbox (et al), Facebook, Twitter, Yahoo, Microsoft, and many others for the last eight to 10 years.

    Apple is among the last to implement it because it had to figure out a way to maintain their existing privacy policies. Those other companies may or may not have bothered with user privacy. ISTR that FB reported 20 million instances of CSAM matching last year? Anyway, point is: if you’re just learning about this, it’s because those other sites just didn’t tell you. If you’re still willfully arguing against it, you appear to be pro-CSAM.
    ikirh4y3stemperordewmeJWSCrobabatechridercaladanian
  • Reply 9 of 55
    KJH86KJH86 Posts: 7member
    chasm said:
     “If you’re still willfully arguing against it, you appear to be pro-CSAM.”
    Congratulations on using the most transparent and despicable tactic in the book to self-righteously condemn anybody who disagrees with you. Were you one of the cohort who argued that those who opposed the Patriot Act must be “pro-terrorist” and anti-American as well? 

    You are the “slow” one in the back making straw-man arguments. The people defending this are deliberately missing the point. The controversy is that this is scanning done CLIENT SIDE, on the local machine. That’s a radical new precedent that implies that we do not own our phones or computers. If it were a physical scenario this would be called illegal search and seizure. Most reasonable people expect scanning is done on servers hosting content. The servers are theirs to do with as they please and you agree to the terms in order to store your content there. This whole controversy probably doesn’t exist without the scanning taking place on the local machine instead of on the server. Are you actually so thick that it makes sense to you that this is for security purposes? 

    Think about it-  Apple is claiming the average user’s device is more secure than their own servers by making that claim. If somebody agrees to use the server and they are willing to send the data there and trust Apple’s servers, why would there be any issue doing the scan SERVER SIDE? The reason people are crying foul is because of this insistence on having the scanning done on the local machine and a justification for it that doesn’t add up to anybody familiar with cyber-security. 

    There is a reason that cyber-security and privacy groups internationally are almost universally condemning this. I suppose you know more than they do though, right?
    edited August 26 Pascalxxmuthuk_vanalingamxyzzy-xxxdavgatorguymrsteprattlhedbeowulfschmidtJMStearnsX2Ofer
  • Reply 10 of 55
    Everything you do online is watched, cataloged, followed. Wether via hacks or capitalist inspired marketing. The first thing that’s explained to children as they begin to use the internet is- nothing you send, say or look at is guaranteed to be private. I imagine we are close to technologies like Apple is introducing to be standard. And I’d like to know why anyone thinks their Amazon, Google or other photo services are not already doing this. What does it all mean? I don’t F’n know and neither does everyone else mouthing off about this. Good? Bad? Or like most everything else - some good, some bad. Just like all technology.
  • Reply 11 of 55
    pmhpmh Posts: 14member
    bluefire1 said:
    Champion of privacy no more.
    I don't take advice from from the chicken little residing in Hotel Putin.
    ikirmwhiteEsquireCatsdewmerobaba9secondkox2
  • Reply 12 of 55
    KJH86KJH86 Posts: 7member
    pmh said:
    bluefire1 said:
    Champion of privacy no more.
    I don't take advice from from the chicken little residing in Hotel Putin.
    He’s literally there because he exposed the US government committed criminal constitutional violations against the American public. In fact, he’s there because our government has been proven capable of doing the exact type of illegal surveillance that people concerned about this new Apple program are talking about. You go ahead and keep cheering on totalitarianism wrapped in “save the children” and “stop terrorism” though.
    mike54muthuk_vanalingamdarkvaderdavmrstepbeowulfschmidtJMStearnsX2OferDogpersonbaconstang
  • Reply 13 of 55
    mike54mike54 Posts: 476member
    Do people lack any critical thinking ability, any idea of history, or just blindly regurgitate what Apple and the supporting media tell them?
    Everything is scanned so it alright if Apple installs the software on your phone and other devices.
    Others are doing it so it's alright for Apple too (Apple is going a step further).
    Snowden points out the obvious, he is a traitor.
    Snowden exiled in Russia for telling the truth, he can't be trusted.
    If you disagree with Apple you are pro-CSAM.

    I wonder if smiling Tim Cook will go on and on about privacy in his next presentation. If he has no shame or conscious, he will.
    edited August 26 darkvadermuthuk_vanalingammrstepOferbaconstang
  • Reply 14 of 55
    longfanglongfang Posts: 254member
    KJH86 said:
    pmh said:
    bluefire1 said:
    Champion of privacy no more.
    I don't take advice from from the chicken little residing in Hotel Putin.
    He’s literally there because he exposed the US government committed criminal constitutional violations against the American public. In fact, he’s there because our government has been proven capable of doing the exact type of illegal surveillance that people concerned about this new Apple program are talking about. You go ahead and keep cheering on totalitarianism wrapped in “save the children” and “stop terrorism” though.
    One big difference though. Apple is telling you up front what they plan to do. Going forward you get to decide if you will be participating. The US govt did it all in secret. 
    mwhiteEsquireCatspmhcaladanian
  • Reply 15 of 55
    crowleycrowley Posts: 8,904member
    I respect Snowden, but I respectfully disagree with him here.
    StrangeDays9secondkox2
  • Reply 16 of 55
    I'd take the commentators more seriously if they accurately described the feature. Whether due to ignorance or malice each portray the feature inaccurately to support their various doomsday argument. My opinion leans toward the latter, deliberately malicious description of the feature, because: 1. it supports elevating their profile and argument, 2. there are far more, actually pressing, legitimate threats which aren't being discussed at all, 3. it's devolved into a strawman pile-on: people are adding voices late into the argument.

    I hear absolutely no meaningful discussion about how social media providers and other photo services: each who all currently perform a more-privacy invasive version of CSAM scanning, are a threat to democracy and the like. Social media is a richer government target as it's the platform used to spread the information. The other issue is other service providers, such as Google's services - which has a *significantly* larger user base seemingly get no attention on the CSAM topic. While Apple uses hashes from the intersection of two known CSAM databases, Google additionally uses AI to guess if a photo is CSAM - so Google's human reviewers are fine, but Apple's are not? The double standard by commentators is clear.

    In short: I don't buy the counter-arguments: they're filled with flaws big enough to drive a truck through. The real scandal is that Apple *didn't* have this feature for so long.
    edited August 26 fastasleepdewmepmhlkrupprobabanetrox
  • Reply 17 of 55
    fastasleepfastasleep Posts: 5,827member
    cpsro said:
    iOS 15 Mail has a feature to obscure your IP address when loading remote images… and Apple offers to load them automatically with the obscured IP. How many people will have no idea what this is really about and choose to load images automatically? While the IP is obscured, the mere act of loading images confirms your email address is valid, that the messages are read, and indicates when they are read. So much for privacy.
    How is this related to this article in any way? "So much for privacy", like it's Apple's fault. They remove tracking pixels and will be doing a few other things to obfuscate data for senders, but yes you are correct that loading remote content attached to your user ID reveals you opened it. This is an improvement over what's currently offered, and there's no magic solution here. What is your solution?
    StrangeDays
  • Reply 18 of 55
    cpsro said:
    iOS 15 Mail has a feature to obscure your IP address when loading remote images… and Apple offers to load them automatically with the obscured IP. How many people will have no idea what this is really about and choose to load images automatically? While the IP is obscured, the mere act of loading images confirms your email address is valid, that the messages are read, and indicates when they are read. So much for privacy.
    How is this related to this article in any way? "So much for privacy", like it's Apple's fault. They remove tracking pixels and will be doing a few other things to obfuscate data for senders, but yes you are correct that loading remote content attached to your user ID reveals you opened it. This is an improvement over what's currently offered, and there's no magic solution here. What is your solution?

    Don't open remote images in mail.  The solution couldn't be more obvious or simple, and it should be the default.

    And yes, that's completely different from Apple's spyware that scans your data on your phone.
    davOfer
  • Reply 19 of 55
    Every other cloud provider has been scanning/hashing your photo's for years. So they know everything, Apple's implementation makes it so that Apple knows nothing about you, except if you have CSAM pictures ... and only if you are using iCloud. Mister Snowdon has been silent on all the other implementations that are truly a privacy disaster (The Billions made from it scanning your content are just a proof how effective Google and Facebook use this data). The assumption that governments may ask Apple to scan for other content is just plain stupid, it's speculative and if they really want this, tech companies would be forced already with legislation.
    PS wonder why there is no FaceTime in the middle east ... pure legislation ... 
    pmh9secondkox2
  • Reply 20 of 55
    I agree 100% with Snowden, doing this spying on the device is the worst thing ever from Apple.
    Hopefully Apple changes mind and put this in iCloud.
    This would make me updating to iOS 15 and buying an iPhone 13 Pro as I originally planned.
    mrstepOfer9secondkox2davgregbaconstangchemengin1
Sign In or Register to comment.