Apple phone scans are concerning

By Robert Gilway
|
August 18, 2021
| No Comments

By Jim Harper

Given the ongoing problem of illegal drug possession, imagine
that Home Depot and Whole Foods planned to scan each customer at the entrances
to their stores. Their harmless scans would use automated equipment to detect
contraband with a high degree of accuracy, using detection signatures provided
by the government. When contraband is detected, they plan to report it along
with shoppers’ identities to the government.

Would you continue going to these stores? Or would you decamp
to Lowe’s and Trader Joe’s?

Apple did not originate the practice of scanning its customers’ communications and content for illegal materials, but it is bringing the practice home with characteristic technical excellence. Apple recently announced that it will soon begin reviewing select images on customers’ iPhones for “child sexual abuse material” (CSAM). Apple will report its users to the government when the amount of CSAM on their phones reaches a certain threshold.

Apple’s CSAM announcement came out at the same time as two other programs. One would warn children and their parents when they are receiving or sending sexually explicit photos. Another would cause Siri and Search to intervene when users perform searches for queries related to CSAM. The searching of phones for CSAM is the most interesting and concerning.

via Twenty20

The National Center for Missing and Exploited Children (NCMEC) is the official national clearinghouse for information about missing and exploited children. Internet service providers are required by law to report child pornography to NCMEC’s “CyberTipline,” and NCMEC is required by law “to forward every single report it receives to federal law enforcement agencies and it may make its reports available to state and local law enforcement as well.”

The quoted language above is from a US Court of Appeals for the Tenth Circuit decision by then-Judge Neil Gorsuch finding that NCMEC is a state actor that has to follow constitutional rules. In US v. Ackerman, AOL used a system for scanning photos on its network and comparing them to those in NCMEC’s image database. AOL forwarded an email containing contraband material to NCMEC, and a NCMEC analyst reviewed it without getting a warrant. Opening and reading the email without a warrant violated the Fourth Amendment.

Apple’s planned scanning is akin to what AOL used in Ackerman. Both systems use cryptographic hashing to determine whether a given image is already recognized as CSAM. A “hash” is a long, alphanumeric string that is created from an image file or other content. A good hashing algorithm should create a completely distinct string for every file, so the automatic comparison of hashes can determine whether a given file found on a phone, network, or cloud service is CSAM. Apple’s algorithm is sophisticated and is meant to treat modified versions of the same image as the same. Poor design of the algorithm, dumb luck, or some diabolical coding could produce “hash collisions,” in which two different files create the same hash. An innocent file could be treated as CSAM in such a case.

Apple’s plan is to move this process to the phone, which will report the existence of CSAM in a cryptographically secure and blinded way to Apple. Apple will not be able to see one-off reports of CSAM. But once a phone reports the requisite number of CSAM images, the system will open the kimono to Apple, which after review of the content reported will turn illegal materials and customer identities over to government agents. Apple has not indicated how much CSAM will trigger this process. Any number above “one” is in tension with the law’s requirement to report “any.”

Apple is not governed by the Fourth Amendment. Companies should not generally be weighed down by the restrictions the Constitution places on governmental entities. But the direct and detailed cooperation Apple and other such companies provide to government investigators could justify expanding on Gorsuch’s treatment of NCMEC, making government actors of those who search our communications on behalf of government for crime prevention purposes.

The practice of searching customer materials on phones or in
the cloud is certainly inconsistent with the spirit of our laws, which include
the following principles: People are innocent until proven guilty. Only genuine
suspects of crime should have their persons, houses, papers, and effects
searched for evidence to be used against them. There should be no general
searching or rummaging of people’s things for crime control purposes.

I’d prefer my retailers to mind their own business, and my phone and cloud service providers, too.

Learn more: Unconstitutional aerial surveillance: The search for the best rationale | An obscure Supreme Court ruling is a cautionary tale of federal power | Why not a privacy-enhancing browser?

The post Apple phone scans are concerning appeared first on American Enterprise Institute – AEI.

Housing Finance, Housing Policy