Last week, Apple announced that they are hitting pause on their initiative to implement a surveillance system to add software to users’ iPhones to perform client-side scanning for CSAM. Here’s hoping that the “pause” is mostly just Apple PR trying to save face and that they ultimately are going to quietly scrap the plans.
I continue to be disappointed in the lack of privacy advocacy among the tech press. An example from Nick Heer, of Pixel Envy
If you think Apple lacks the backbone to resist political pressure for expanding the CSAM matching database, you definitely cannot hope for wholly encrypted iCloud storage without any way of detecting abuse.
Why the hell shouldn’t we? Apple themselves know that when you create a tool that pokes a hole in a system that protects privacy, it’s hard not to abuse that. That’s the entire reason they refused to build a custom iOS image for the FBI to guess the San Bernardino suspect’s iPhone passcode. They knew the mere existence of that tool was dangerous because it would get abused. And now they’ve gone and built a tool that is just as abuse prone, they added extra steps of obfuscation to try to justify, and they are rolling it out on a scale several orders of magnitude larger than the San Bernardino suspect’s FBI request would have been.
On a similar note, I don’t know why this narrative has come up with tech journalists recently that we are going to get encrypted iCloud storage as some kind of exchange for CSAM monitoring. Sure, maybe there’s some tea leaf reading going on in there, but Apple has given no indication that they are building encrypted iCloud storage, and if they were and if they had any sense, they’d announce these both as a pair of features.
And even if we were being offered iCloud encryption with the caveat that your phone will monitor your content, that’s a fucking stupid tradeoff and it’s ridiculous that the tech press keeps telling the public it’s only fair we make that trade off.
When computers shipped with floppy disks there wasn’t an “abuse detection” mechanism on them.
The files stored on my hard drive aren’t subject to this. My hard drive is, in fact, fully encrypted at rest and I am the only person with the key.
The files on my hard drive are mine and mine alone. The photos in my photo library are mine and mine alone. The fact that an offsite server is involved doesn’t change that entitlement to privacy. We don’t casually allow police to thumb through our personal possessions in our homes on the off chance we’re doing something illegal. If a person (government or private) tried to enter every person’s home and demand to look through their photo albums, but with the reassurance that the person was only looking for CSAM, we’d be creeped out and we wouldn’t allow it. Why, then, should we allow it to happen to our digital photo albums in our digital homes?
I’ve said it before, and I’ll say it a million times: when you try to frame mass surveillance as something that’s inevitable, you’re just serving to make an invasion of your privacy look reasonable because “obviously we have to do something.” That is a false framing. Always has been.