Apple’s plan to scan images will allow governments into smartphones | John Naughton

Client-side scanning, as the technology is called, should really be treated like wiretapping and regulated accordingly

For centuries, cryptography was the exclusive preserve of the state. Then, in 1976, Whitfield Diffie and Martin Hellman came up with a practical method for establishing a shared secret key over an authenticated (but not confidential) communications channel without using a prior shared secret. The following year, three MIT scholars – Ron Rivest, Adi Shamir and Leonard Adleman – came up with the RSA algorithm (named after their initials) for implementing it. It was the beginning of public-key cryptography – at least in the public domain.

From the very beginning, state authorities were not amused by this development. They were even less amused when in 1991 Phil Zimmermann created Pretty Good Privacy (PGP) software for signing, encrypting and decrypting texts, emails, files and other things. PGP raised the spectre of ordinary citizens – or at any rate the more geeky of them – being able to wrap their electronic communications in an envelope that not even the most powerful state could open. In fact, the US government was so enraged by Zimmermann’s work that it defined PGP as a munition, which meant that it was a crime to export it to Warsaw Pact countries. (The cold war was still relatively hot then.)

In the four decades since then, there’s been a conflict between the desire of citizens to have communications that are unreadable by state and other agencies and the desire of those agencies to be able to read them. The aftermath of 9/11, which gave states carte blanche to snoop on everything people did online, and the explosion in online communication via the internet and (since 2007) smartphones, has intensified the conflict. During the Clinton years, US authorities tried (and failed) to ensure that all electronic devices should have a secret backdoor, while the Snowden revelations in 2013 put pressure on internet companies to offer end-to-end encryption for their users’ communications that would make them unreadable by either security services or the tech companies themselves. The result was a kind of standoff: between tech companies facilitating unreadable communications and law enforcement and security agencies unable to access evidence to which they had a legitimate entitlement.

In August, Apple opened a chink in the industry’s armour, announcing that it would be adding new features to its iOS operating system that were designed to combat child sexual exploitation and the distribution of abuse imagery. The most controversial measure scans photos on an iPhone, compares them with a database of known child sexual abuse material (CSAM) and notifies Apple if a match is found. The technology is known as client-side scanning or CSS.

Powerful forces in government and the tech industry are now lobbying hard for CSS to become mandatory on all smartphones. Their argument is that instead of weakening encryption or providing law enforcement with backdoor keys, CSS would enable on-device analysis of data in the clear (ie before it becomes encrypted by an app such as WhatsApp or iMessage). If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device.

CSS evangelists claim that it’s a win-win proposition: providing a solution to the encryption v public safety debate by offering privacy (unimpeded end-to-end encryption) and the ability to successfully investigate serious crime. What’s not to like? Plenty, says an academic paper by some of the world’s leading computer security experts published last week.

The drive behind the CSS lobbying is that the scanning software be installed on all smartphones rather than installed covertly on the devices of suspects or by court order on those of ex-offenders. Such universal deployment would threaten the security of law-abiding citizens as well as lawbreakers. And even though CSS still allows end-to-end encryption, this is moot if the message has already been scanned for targeted content before it was dispatched. Similarly, while Apple’s implementation of the technology simply scans for images, it doesn’t take much to imagine political regimes scanning text for names, memes, political views and so on.

In reality, CSS is a technology for what in the security world is called “bulk interception”. Because it would give government agencies access to private content, it should really be treated like wiretapping and regulated accordingly. And in jurisdictions where bulk interception is already prohibited, bulk CSS should be prohibited as well.

In the longer view of the evolution of digital technology, though, CSS is just the latest step in the inexorable intrusion of surveillance devices into our lives. The trend that started with reading our emails, moved on to logging our searches and our browsing clickstreams, mining our online activity to create profiles for targeting advertising at us and using facial recognition to allow us into our offices now continues by breaching the home with “smart” devices relaying everything back to motherships in the “cloud” and, if CSS were to be sanctioned, penetrating right into our pockets, purses and handbags. That leaves only one remaining barrier: the human skull. But, rest assured, Elon Musk undoubtedly has a plan for that too.

What I’ve been reading

Wheels within wheels
I’m not an indoor cyclist but if I were, The Counterintuitive Mechanics of Peloton Addiction, a confessional blogpost by Anne Helen Petersen, might give me pause.

Get out of here
The Last Days of Intervention is a long and thoughtful essay in Foreign Affairs by Rory Stewart, one of the few British politicians who always talked sense about Afghanistan.

The insider
Blowing the Whistle on Facebook Is Just the First Step is a bracing piece by Maria Farrell in the Conversationalist about the Facebook whistleblower.

Contributor

John Naughton

The GuardianTramp

Related Content

Article image
If Apple is the only outfit capable of defending our privacy, it really is time to worry | John Naughton
A giant private company is doing the work governments should be doing on regulation of user data. That’s not a good thing

John Naughton

22, May, 2021 @3:00 PM

Article image
Apple’s FBI row was an opportunity missed | John Naughton
Technology firms have given us military-grade encryption, but can we demand it as a right?

John Naughton

08, May, 2016 @8:00 AM

Article image
Apple's iOS update will be bad news for developers, but a boon for users | John Naughton
The tech giant’s monopoly over App Store content will bring a change to data privacy on its devices that has advertisers worried

John Naughton

05, Sep, 2020 @3:00 PM

Article image
Is Apple’s image-scan plan a wise move or the start of a slippery slope? | John Naughton
The tech giant says its iCloud security update is designed to help weed out images of abuse their children, but activists have voiced concerns

John Naughton

14, Aug, 2021 @3:00 PM

Article image
Apple comes out swinging in the duel of the data titans | John Naughton
The tech firm’s new mobile operating system can stop apps tracking you, but is it as big a deal as everyone, especially Facebook, thinks?

John Naughton

01, May, 2021 @3:00 PM

Article image
Think your iPhone is safe from hackers? That’s what they want you to think…
Forget Apple’s much-vaunted iOS safeguards – attackers have been quietly breaking and entering for years

John Naughton

08, Sep, 2019 @6:00 AM

Article image
The tech giants, the US and the Chinese spy chips that never were… or were they? | John Naughton
A sensational Bloomberg story about a major hardware hack was swiftly denied. But the journalists aren’t backing down

John Naughton

13, Oct, 2018 @4:00 PM

Article image
Ten years after its launch, Apple’s iPad still has some way to go | John Naughton
Though Steve Jobs’s sleek tablet was a worldwide hit, it can still be naggingly awkward to use

John Naughton

01, Feb, 2020 @4:00 PM

Article image
Apps to keep you in tune with the times
From your own digital DJ to making a ‘lip-dub’ video, there are lots of inventive new ways to enjoy music

Stuart Dredge

16, Oct, 2016 @6:59 AM

Article image
There’s always an excuse to hack into our lives | John Naughton
The FBI’s attempt to force Apple to unlock a phone is only the latest example of the state challenging fundamental freedoms

John Naughton

27, Mar, 2016 @8:00 AM