Author Topic: Apple privacy letter (Law enforcement through your phone)  (Read 13407 times)

0 Members and 1 Guest are viewing this topic.

Offline MrMobodiesTopic starter

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Apple privacy letter (Law enforcement through your phone)
« on: August 07, 2021, 02:24:34 am »
I saw this in the Eevblog IRC ans thought this was interesting:

Quote
[Twitter] - eevblog - RT @wherati: @eevblog Please pass this on in hopes of stopping those countless idiots. https://t.co/hufhwPQkld

https://twitter.com/snowden/status/1423758676020678662

Quote
Edward Snowden

If you have a  @github account, you can join me in co-signing the first letter uniting security & privacy experts, researchers, professors, policy advocates, and consumers against  Apple 's planned moves against all of our privacy

Apple Privacy Letter
Read and sign the open letter protesting against Apple's roll-out of new content-scanning technology that threatens to overturn individual privacy on a global scale, and to reverse progress achieved...
appleprivacyletter.com

https://appleprivacyletter.com
Quote
An Open Letter Against Apple's Privacy-Invasive Content Scanning Technology
Security & Privacy Experts, Cryptographers, Researchers, Professors, Legal Experts and Apple Consumers Decry Apple's Planned Move to Undermine User Privacy and End-to-End Encryption
→ Sign the letter via GitHub.

Dear Apple,
On August 5th, 2021, Apple Inc. announced new technological measures meant to apply across virtually all of its devices under the umbrella of “Expanded Protections for Children”. While child exploitation is a serious problem, and while efforts to combat it are almost unquestionably well-intentioned, Apple's proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products.

Apple's proposed technology works by continuously monitoring photos saved or shared on the user's iPhone, iPad, or Mac. One system detects if a certain number of objectionable photos is detected in iCloud storage and alerts the authorities. Another notifies a child's parents if iMessage is used to send or receive photos that a machine learning algorithm considers to contain nudity.

Because both checks are performed on the user's device, they have the potential to bypass any end-to-end encryption that would otherwise safeguard the user's privacy.

Immediately after Apple's announcement, experts around the world sounded the alarm on how Apple's proposed measures could turn every iPhone into a device that is continuously scanning all photos and messages that pass through it in order to report any objectionable content to law enforcement, setting a precedent where our personal devices become a radical new tool for invasive surveillance, with little oversight to prevent eventual abuse and unreasonable expansion of the scope of surveillance.

The Electronic Frontier Foundation has said that “Apple is opening the door to broader abuses”:

...

So if the bot alerts the authorities over what it detects as questionable content and they decide to access all phone's content remotely through the backdoor I wonder what impact that would have over bandwidth especially if it is in a poor signal area or do they just send out the police with the details they possible obtained from the sale of the phone (if new) or from other information from tracking.

Interesting to see how this will turn out.

Just see it was posted on the BBC news an hour ago:

https://www.bbc.co.uk/news/technology-58124495
Quote
Apple criticised for system that detects child abuse
Published 1 hour ago

Apple is facing criticism over a new system that finds child sexual abuse material (CSAM) on US users' devices.

The technology will search for matches of known CSAM before the image is stored onto iCloud Photos. But there are concerns that the technology could be expanded and used by authoritarian governments to spy on its own citizens. WhatsApp head Will Cathcart called Apple's move "very concerning". Apple said that new versions of iOS and iPadOS - due to be released later this year - will have "new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy". The system will report a match which is then manually reviewed by a human. It can then take steps to disable a user's account and report to law enforcement. The company says that the new technology offers "significant" privacy benefits over existing techniques - as Apple only learns about users' photos if they have a collection of known child sex abuse material in their iCloud account.

But WhatsApp's Mr Cathcart says the system "could very easily be used to scan private content for anything they or a government decides it wants to control. Countries where iPhones are sold will have different definitions on what is acceptable". He argues that WhatsApp's system to tackle child sexual abuse material has reported more than 400,000 cases to the US National Center for Missing and Exploited Children without breaking encryption. The Electronic Frontier Foundation, a digital rights group, has also criticised the move, labelling it "a fully-built system just waiting for external pressure to make the slightest change".

But some politicians have welcomed Apple's development. Sajid Javid, UK Health Secretary, said it was time for others, especially Facebook, to follow suit. US Senator Richard Blumenthal also praised Apple's move, calling it a "welcome, innovative and bold step". "This shows that we can protect children and our fundamental privacy rights," he added.

Facebook and Apple don't like each other. That dislike has come to a head in recent months over privacy Apple's Tim Cook has consistently beaten the drum of "privacy first". He has not so subtly criticised Facebook's business model - that it essentially sells peoples' data to advertisers. A recent feature of Apple's new iOS update asked users whether they wanted to be tracked around the internet when they downloaded a new app. Facebook hated the move, and warned shareholders it could hurt their profits. So it's not entirely surprising that Facebook owned WhatsApp has come out so emphatically against Apple's new move. Looking at it cynically, Apple's announcement is a chance for Facebook to tell the world that Apple isn't as keen on privacy as it likes to say. But the WhatsApp chief isn't alone in his criticism. There are some very real concerns that this technology - in the wrong hands - could be used by governments to spy on its citizens. Facebook has said in no uncertain terms that it thinks this vision of online safety is dangerous and should be canned.Not for the first time the two companies have illustrated a totally different philosophical position on of the issues of our age -privacy.

Sounds like a serious problem that they would feel the need to do that.
« Last Edit: August 07, 2021, 02:48:24 am by MrMobodies »
 
The following users thanked this post: duckduck

Offline rsjsouza

  • Super Contributor
  • ***
  • Posts: 6106
  • Country: us
  • Eternally curious
    • Vbe - vídeo blog eletrônico
Re: Apple privacy letter
« Reply #1 on: August 07, 2021, 02:33:35 am »
Louis Rossmann made a video about it:
Vbe - vídeo blog eletrônico http://videos.vbeletronico.com

Oh, the "whys" of the datasheets... The information is there not to be an axiomatic truth, but instead each speck of data must be slowly inhaled while carefully performing a deep search inside oneself to find the true metaphysical sense...
 
The following users thanked this post: wraper, BrianHG, DC1MC, MrMobodies, duckduck

Offline MrMobodiesTopic starter

  • Super Contributor
  • ***
  • Posts: 2028
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #2 on: August 07, 2021, 05:13:03 am »
Something doesn't make sense to me, for a criminal to knowingly upload/access illegal/forbidden or pirated content I thought they normally use something decentralized/low profile and likes of Bittorent with a computer or laptop where control is easier over the internal/local storage but using phones and tablets with established online storage/cloud services where they could have backups of things and I believe they can be tracked. I somehow think that the criminals are unlikely to go for that.
« Last Edit: August 07, 2021, 05:17:51 am by MrMobodies »
 

Online magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #3 on: August 07, 2021, 07:53:29 am »
Read and sign the open letter protesting against Apple's roll-out of new content-scanning technology that threatens to overturn individual privacy on a global scale, and to reverse progress achieved...
I don't feel affected :-//

Poor Apple fanboys :-DD

But on second though, I'm sure they will find some way to justify it :phew:
« Last Edit: August 07, 2021, 07:55:12 am by magic »
 

Online magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #4 on: August 07, 2021, 08:01:15 am »
Something doesn't make sense to me, for a criminal to knowingly upload/access illegal/forbidden or pirated content I thought they normally use something decentralized/low profile and likes of Bittorent with a computer or laptop where control is easier over the internal/local storage but using phones and tablets with established online storage/cloud services where they could have backups of things and I believe they can be tracked. I somehow think that the criminals are unlikely to go for that.
"Think of the children" is the American "hate speech". In plain English it means: we want to monitor you and if you don't agree then you are a racist or rapist. It's one of the oldest memes.

Who would have expected that monopolization and dumbing down aka democratization of computing could possibly have that kind of effect? :wtf:
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #5 on: August 07, 2021, 08:17:46 am »
Apple fanboy here. I have a MacBook Air, iPhone, iPad and Apple Watch. I also use iCloud and iCloud email.

This is too far and since this they have been pushing internal memos doubling down on this being a good idea and stating that people are misunderstanding it. They are not. I live in the UK which is a large surveillance state. This can and will be leveraged. Apples ecosystem was previously “the least bad” for privacy but now they choose to build in feature which make it by far the worst while pushing arrogant misinformation about the potential uses under secondary mandates. As someone said on HN: don’t shit in my hand and call it chocolate.

As of yesterday I have a Ubuntu desktop machine and all my data has been migrated. All iCloud storage and email has been disabled and forwarded. All my devices will be disposed of over the next few weeks.

This is a bucket load of inconvenience for me but I will not walk into this future willingly. Back to 2005 technology it is.

Edit: I was surprised to find that literally all the Apple centric news outlets shit the bed over this. Everyone is talking about walking. You can see the sentiment here were a post revelation pro privacy article is pushed and everyone is turning against Apple and the news site https://forums.macrumors.com/threads/ios-15-privacy-guide-private-relay-hide-my-email-mail-privacy-protection-app-reports-and-more.2306760/
« Last Edit: August 07, 2021, 08:22:35 am by bd139 »
 
The following users thanked this post: wraper, MrMobodies

Offline olkipukki

  • Frequent Contributor
  • **
  • Posts: 790
  • Country: 00
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #6 on: August 07, 2021, 09:59:51 am »
https://appleprivacyletter.com
Because both checks are performed on the user's device, they have the potential to bypass any end-to-end encryption that would otherwise safeguard the user's privacy.

Also, before to do a check, they will need

Quote

"...said an on-device matching process is performed for that image against the unreadable set of known CSAM hashes..."

, so technically they will upload an illegal content on your device.

As per Apple diagram, it doesn't make sense since all these they can do much more easily during a upload to iCloud...


1242920-0
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #7 on: August 07, 2021, 10:08:29 am »
Well they're not uploading the illegal content to your device at all. They're uploading a hash of an approximation of it and then taking all of your images and calculating an approximation of those and comparing them to the hash on the device.

These are the concerns I have:

1. The algorithm is closed.
2. The CSAM database is closed.
3. All image hash based algorithms so far can be tricked into providing matching hashes by adding noise thus leading to easy to SWAT scenarios.
4. At no point should they be able to selectively decrypt my data.
5. At no point should they even allow doing this unless under warrant by a court in the juristiction of the user in question. To do it preemtively is a million times worse and will lead to completely innocent people having their lives ruined.
6. This mechanism can and will be repurposed under mandate of various nefarious states to prevent state inconvenient political and person freedoms.

Just no.
 
The following users thanked this post: thm_w, SilverSolder, jmh

Offline rsjsouza

  • Super Contributor
  • ***
  • Posts: 6106
  • Country: us
  • Eternally curious
    • Vbe - vídeo blog eletrônico
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #8 on: August 07, 2021, 11:04:18 am »
6. This mechanism can and will be repurposed under mandate of various nefarious states to prevent state inconvenient political and person freedoms.
That is the point where it gets me: once the state gets ahold of an individual right they will not give it back. And Android users like me should be worried as well: if they get their way with a large chunk of the marketshare, they will try to get their way with the rest of it. It helps that Android is more decentralized, but large swaths are in the hands of one or two players.

Rob Braxman is a YT that has been beating this phone lack of privacy drum for a long time.
Vbe - vídeo blog eletrônico http://videos.vbeletronico.com

Oh, the "whys" of the datasheets... The information is there not to be an axiomatic truth, but instead each speck of data must be slowly inhaled while carefully performing a deep search inside oneself to find the true metaphysical sense...
 
The following users thanked this post: bd139

Offline Brumby

  • Supporter
  • ****
  • Posts: 12413
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #9 on: August 07, 2021, 11:34:47 am »
Where have I heard something similiar....  Oh yes, 1984 by George Orwell
 

Offline themadhippy

  • Super Contributor
  • ***
  • Posts: 3266
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #10 on: August 07, 2021, 11:48:55 am »
Quote
Sajid Javid, UK Health Secretary, said it was time for others, especially Facebook, to follow suit
                                                                               
What happened to the usual government  statement trotted out when privacy concerns are raise "you have nothing to fear if you haven't done anything wrong" although im guessing there will be a version available without  the "feature" especially for government officials in the name of national security.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #11 on: August 07, 2021, 01:30:50 pm »
I would suspect so considering the nature of our government to do things wrong :)
 

Offline Ranayna

  • Frequent Contributor
  • **
  • Posts: 986
  • Country: de
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #12 on: August 07, 2021, 01:47:42 pm »
What really irks me about this shit:
Most people i know are not technically minded *at all*. If i would start explaining this to them, they would cheer Apple on for fighting against child abuse, and brand me at best an idiot, and at worst a potential sex offender, because i do not want my pictures scanned.  |O
That is not even starting about the potential abuses this will get in the future.
 
The following users thanked this post: HobGoblyn, jmh

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #13 on: August 07, 2021, 01:54:43 pm »
Surprisingly the non technical folk I know who I have mentioned this too have gone "what the fuck" as well which is a good thing. There has been a lot of press here over the last couple of years about "big tech" and surveillance culture which has demonised such things.

The killer is mentioning the risk of false positives when communicating with them.
 

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 9964
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #14 on: August 07, 2021, 02:25:35 pm »
Apple wouldn't unlock the cell phone belonging to a known terrorist and now they want to go pawing through everybody's iPhone, iPad and computer.  This isn't just limited to cell phones, you know.  It applies to i<everything>.

They're screwed at this point.  Even if they publicly back away from this proposal, nobody will EVER trust them again.  How do we know they're not doing it quietly?  How could they even consider doing something like this?

In a perfect world, Apple would be out of business on Monday.


 
The following users thanked this post: Miti, bd139

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #15 on: August 07, 2021, 02:28:46 pm »
Someone just needs to make a viral picture (completely legal) that false positives and the system will get DDoSed in no time.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 
The following users thanked this post: bd139

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 9964
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #16 on: August 07, 2021, 02:35:32 pm »
You have to wonder what the DOJ has on Apple that made them come up with this idea.  Were they going to break up Apple under some 'monopoly' statute?  Maybe force them into 'right to repair' on steroids?
 
The following users thanked this post: Miti

Offline tooki

  • Super Contributor
  • ***
  • Posts: 13157
  • Country: ch
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #17 on: August 07, 2021, 03:39:41 pm »
While I very much share the concerns about oppressive governments legislating that this technology be used for other things, many commenters seem to be confused about what it does and does not do, technically speaking.

Nothing in the technical documentation even hints at the ability for Apple or law enforcement to decrypt the user’s devices, nor at it forwarding the offending images themselves. Remember the context: Apple has always been able and willing to share unencrypted data that’s on iCloud when subpoenaed to do so, and I don’t think they’ve ever claimed that iCloud Photos is end to end encrypted. This thing seems to scan the photos in the user’s device at the same time the user uploads it to iCloud. The entire process seems to operate on the hashes themselves.

As for the sexting filter for kids, it’s kinda strange to me, insofar as I don’t really believe in empowering helicopter parents. But it is done entirely on-device, and no part of it involves breaking iMessage’s end to end encryption, nor of forwarding the images themselves to parents or anyone else. (On the other hand, as a consenting adult, I actually wouldn’t mind the app obscuring incoming nudie pics initially, so as to not have any embarrassing surprises on the bus or the bar.)
 

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 9964
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #18 on: August 07, 2021, 04:06:10 pm »
This thing seems to scan the photos in the user’s device at the same time the user uploads it to iCloud. The entire process seems to operate on the hashes themselves.

Sounds like 'theft of services' to me!  I own those compute cycles, I paid for them and I don't want them stolen for something like this.

OK, I looked it up and using computer services without permission is larceny.  Section 502 (15) C 3 here:

https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=502.&lawCode=PEN

Quote
(3) Knowingly and without permission uses or causes to be used computer services.

Lawsuits to follow...
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #19 on: August 07, 2021, 04:23:10 pm »
While I very much share the concerns about oppressive governments legislating that this technology be used for other things, many commenters seem to be confused about what it does and does not do, technically speaking.

Nothing in the technical documentation even hints at the ability for Apple or law enforcement to decrypt the user’s devices, nor at it forwarding the offending images themselves. Remember the context: Apple has always been able and willing to share unencrypted data that’s on iCloud when subpoenaed to do so, and I don’t think they’ve ever claimed that iCloud Photos is end to end encrypted. This thing seems to scan the photos in the user’s device at the same time the user uploads it to iCloud. The entire process seems to operate on the hashes themselves.

As for the sexting filter for kids, it’s kinda strange to me, insofar as I don’t really believe in empowering helicopter parents. But it is done entirely on-device, and no part of it involves breaking iMessage’s end to end encryption, nor of forwarding the images themselves to parents or anyone else. (On the other hand, as a consenting adult, I actually wouldn’t mind the app obscuring incoming nudie pics initially, so as to not have any embarrassing surprises on the bus or the bar.)

Actually the terms state that on a number of suitable matches (poorly defined), they will manually review the images. That means they will decrypt them at that point in time and it will be an Apple staff member doing it.

As for the hashes I get the feeling people don’t know what these are. These are not binary level hashes of the image files but perceptual hashes of the content. They are very easy to attack and cause collisions on. See: https://towardsdatascience.com/black-box-attacks-on-perceptual-image-hashes-with-gans-cc1be11f277

I’ve attached the key image which shows how easy they are to cause collisions with from the article.

The article says they should not be used for privacy sensitive applications and they’re right.

Edit: what’s worrying is that the assertion that 1 in 1 trillion images causes a false match. What’s their corpus? Where’s the public proofs. Where’s the source code for independent validation?
« Last Edit: August 07, 2021, 04:26:03 pm by bd139 »
 
The following users thanked this post: Miti, wraper, MrMobodies

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 9003
  • Country: us
  • Retired, now restoring antique test equipment
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #20 on: August 07, 2021, 04:23:44 pm »
Caravaggio's naughty paintings of pre-pubescent nudes are all out of copyright, and could be uploaded to test the procedure.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7549
  • Country: 00
  • +++ ATH1
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #21 on: August 07, 2021, 04:29:46 pm »
Its a long term investment for "future" leaders, remember Jeffrey Epstein's black-op team's leverage power from recorded materials from the hidden cameras at his places.

Actually the founder of US FBI started this effective method for the establishment to rule the nation, Western European countries included.
 
The following users thanked this post: bd139

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15797
  • Country: fr
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #22 on: August 07, 2021, 04:55:26 pm »
Where have I heard something similiar....  Oh yes, 1984 by George Orwell

Apple who was so much against privacy-invading stuff a few years back, to the point of not willing to cooperate with the FBI. And now this.

Ahah yeah.
We seem to be really eager to live in a 1984-like world. That's fascinating.

 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #23 on: August 07, 2021, 05:17:25 pm »
This didn't age well...

 
The following users thanked this post: Miti, Gregg, SiliconWizard, MrMobodies

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 7681
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #24 on: August 07, 2021, 06:27:38 pm »
Privacy is a myth with modern computing - that's your phone, PC, tablet and car.
Talking with my compsi friends, we are all astonished that we are being tracked at the operating system level, as well as the app level, without full knowledge or consent and nothing is changing about it.
From booting CP/M on an Altair through to having mega corporations, mega monopolies blatently data mine and correlate, who'd have thought this is what computers would turn to be. At least the CCP is upfront about it.

Apple Police should benefit the world, pushing a "really nice" reason to rummage through people's data, all in the name of fighting crime, when I think it's really just to get data to develop and feed new AI algorithms, they are the next cash cow for Silicon Valley. Would the Apple Police do anything about political corruption, organized crime, money laundering ?

Nobody can find the next hardware innovation, the next new great product, the monopolies are impotent despite having: Google market cap $1.818T, Apple $2.416T, FB $1.03T, Microsoft $2.175T they are swimming in cash.
And all unable to make anything significant at all, but spyware :palm:
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf