Apple using hashes to flag & evaluate emails to hunt down child abuse images
In a court filing, Apple has revealed how it is able to monitor emails passing through its systems for images of child abuse, with the iPhone maker keeping a look out for hashes pertaining to specific photographs and videos which are automatically flagged for inspection.
Like many other tech companies, Apple has systems in place to try and cut down on the amount of illegal traffic passing through its networks. Part of this is its monitoring of messages sent and received by its customers, which includes processes for the detection and reporting of images displaying child abuse.
Revealed in a search warrant filed in Seattle and found by Forbes, it is now known that Apple is using automated systems to check messages, specifically hashes. The system compares hashes of files with a database of existing hashes it knows belong to previously-reported abuse images.Emails that contain the questionable files are flagged for inspection.
For flagged emails, a staff member checks the content of the message and the files to check for illegal material. If a message is deemed to contain such content, Apple then passes the message along to the authorities.
Apple's process is seemingly more thorough than those of other firms, which typically pass the message over to organizations such as the National Center for Missing and Exploited Children when the automated system flags the message, with little to no manual checking of the content itself.
The details were brought up in the search warrant from comments made by an Apple employee, explaining how the system detected "several images of suspected child pornography" being uploaded by an iCloud user, which prompted an examination of their emails.
Emails containing suspect images are not delivered to their intended recipient, the employee wrote. In the warrant's case, one individual sent 8 emails, with 7 messages containing 12 images and the other holding another four, all to the same recipient.
As the seven emails were identical in terms of content and files, it was suspected by the employee either the person "was sending these images to himself and when they didn't deliver he sent them again repeatedly," or the intended recipient told them the messages weren't getting through.
As part of its disclosure to law enforcement, Apple also provided data on the iCloud user, including their name, address, and phone number, though it is unclear if this was included as part of the disclosure to law enforcement. The government later made requests for the user's emails, texts, instant messages, and "all files and other records stored on iCloud."
While there is the possibility some critics will object to the privacy implications of Apple staff inspecting flagged messages, the process of flagging the messages is performed using hashes and is automated, so the content of the images isn't taken into account. The use of humans for inspection helps limit the possibility of false positives in file verification, where a file may have the same hash value as another in an existing database, but have completely different properties.
The findings also cover communications that are not encrypted, namely those that don't go through the secure end-to-end encryption that has become one of the main elements of the ongoing encryption debate. Just as how law enforcement cannot access encrypted content on Apple's products or services, Apple also cannot look at the same material.
Like many other tech companies, Apple has systems in place to try and cut down on the amount of illegal traffic passing through its networks. Part of this is its monitoring of messages sent and received by its customers, which includes processes for the detection and reporting of images displaying child abuse.
Revealed in a search warrant filed in Seattle and found by Forbes, it is now known that Apple is using automated systems to check messages, specifically hashes. The system compares hashes of files with a database of existing hashes it knows belong to previously-reported abuse images.Emails that contain the questionable files are flagged for inspection.
For flagged emails, a staff member checks the content of the message and the files to check for illegal material. If a message is deemed to contain such content, Apple then passes the message along to the authorities.
Apple's process is seemingly more thorough than those of other firms, which typically pass the message over to organizations such as the National Center for Missing and Exploited Children when the automated system flags the message, with little to no manual checking of the content itself.
The details were brought up in the search warrant from comments made by an Apple employee, explaining how the system detected "several images of suspected child pornography" being uploaded by an iCloud user, which prompted an examination of their emails.
Emails containing suspect images are not delivered to their intended recipient, the employee wrote. In the warrant's case, one individual sent 8 emails, with 7 messages containing 12 images and the other holding another four, all to the same recipient.
As the seven emails were identical in terms of content and files, it was suspected by the employee either the person "was sending these images to himself and when they didn't deliver he sent them again repeatedly," or the intended recipient told them the messages weren't getting through.
As part of its disclosure to law enforcement, Apple also provided data on the iCloud user, including their name, address, and phone number, though it is unclear if this was included as part of the disclosure to law enforcement. The government later made requests for the user's emails, texts, instant messages, and "all files and other records stored on iCloud."
While there is the possibility some critics will object to the privacy implications of Apple staff inspecting flagged messages, the process of flagging the messages is performed using hashes and is automated, so the content of the images isn't taken into account. The use of humans for inspection helps limit the possibility of false positives in file verification, where a file may have the same hash value as another in an existing database, but have completely different properties.
The findings also cover communications that are not encrypted, namely those that don't go through the secure end-to-end encryption that has become one of the main elements of the ongoing encryption debate. Just as how law enforcement cannot access encrypted content on Apple's products or services, Apple also cannot look at the same material.
Comments
Some monetize the data in the emails themself (ie Earthlink, Edison and many others) while companies like Apple, Google and Microsoft do not monetize a user's emails but still do "read" them for protecting that user from spam/malware, organizing the person's inboxes, and for legally mandated reasons such as identifying child porn.
Email isn’t a very secure method of communication by default. Adding security (encryption) causes complications. For example protonmail uses openPGP to encrypt emails in transit. They also encrypt the data at rest. The issues include the inability to encrypt the header (for the openPGP standard). Also, having your emails encrypted makes indexing your mailbox difficult which means limited search functionality. The fact that headers aren’t encrypted means law enforcement can still get a lot of information or at least leads.
Bottom line, users have options if increased security is necessary. But, law enforcement tries to suggest there’s easy answers to very complex problems to get what they want.
My stance is an unwillingness to sacrifice the security of everyone, to make it easier to put a few people behind bars. In most cases, they’ll be caught and convicted anyways with a bit of old fashioned police work.
However hashing is reasonably robust that I can't be too critical of companies which automatically hand over the email itself. While hash collisions can occur, it's usually the result of deliberately attempting to engineer a collision, and if using a layered approach to hashes, then the chance of an already rare collision becomes incredibly remote. (I.E. When the seed images are hashed two different ways, then any positives are checked against a second, more robust hash - in Apple's case this is a pair of human eyes.)
I stand corrected. Here's what Google says: "When you open Gmail, you'll see ads that were selected to show you the most useful and relevant ads. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google. We will not scan or read your Gmail messages to show you ads."
Or I should say "Google NO LONGER reads your email to target ads." https://www.bloomberg.com/news/articles/2017-06-23/google-will-stop-reading-your-emails-for-gmail-ads
If you're interested in more information about how this works, the term to look up is CSAM (Child Sexual Abuse Material). That's the technical term which the NCMEC (National Center for Missing & Exploited Children) and others have used for well over a decade. Cloudflare has a neat article up about how this type of image matching works:
https://blog.cloudflare.com/the-csam-scanning-tool/
Casting aspersions on someone without even bothering to do 10 seconds of reading before blubbering is just laziness if not outright dishonesty. Post#8 assuming you care about accuracy, which you really should pay more attention to IMO but perhaps you haven't the time.
Since we don’t actually have real AI, human visual systems are the only proper determining factor. I’ve seen what Google’s idea of “similar images” can be (not even close to being similar)...