Apple Uses Surveillance To Detect Child Abuse

Apple has announced a new system for checking photos for abuse pictures to be carried out on a country-by-country basis. This process will be included in iPhones that will automatically scan devices to identify if they contain media featuring child sexual abuse. This initiative is part of a range of child protection features to be launched later this year in the US, which will be implemented through updates to iOS 15 and iPad OS and which will compare the images on users' devices to a database of known abuse images

Apple said it would implement to use the  new system to screens photos for such images before they are uploaded from iPhones in the United States to its iCloud storage. Child safety groups praised Apple as it joined Facebook Inc, Microsoft Corp, Alphabet Inc's Google in taking such measures.

Detection of child abuse image uploads sufficient to guard against false positiveswill trigger a human review of and report of the user to law enforcement, Apple said. It said the system is designed to reduce false positives to one in one trillion. Child safety groups praised Apple as it joined Facebook, Microsoft, Alphabet and Google in taking such measures. 

Apple's photo check on the iPhone itself raised concerns that the company is probing into users' devices in ways that could be exploited by governments. Many other technology companies check photos after they are uploaded to servers.

Apple's iPhones, iPads, and Macs will now also integrate the new system that checks images uploaded to iCloud in the US for known child sexual abuse images. That feature will use a cryptographic process that takes place partly on the device and partly on Apple's servers to detect those images and report them to the National Center for Missing and Exploited Children, or NCMEC, and ultimately US law enforcement.

 Apple has announced that it would make plans to expand the service based on the laws of each country where it operates.

The company said nuances in its system, such as "safety vouchers" passed from the iPhone to Apple's servers that do not contain useful data, will protect Apple from government pressure to identify material other than child abuse images. Apple will also implement a human review process that acts as a backstop against government abuse. The company will not pass reports from its photo checking system to law enforcement if the review finds no child abuse imagery.

Regulators are increasingly demanding that tech companies do more to take down illegal content. For the past few years, law enforcement and politicians have wielded the scourge of child abuse material to decry strong encryption, in the way they had previously cited the need to curb terrorism.

A few resulting laws, including in Britain, could be used to force tech companies to act against their users in secret.Facebook's WhatsApp, the world's largest fully encrypted messaging service, is also under pressure from governments that want to see what people are saying, and it fears that will now increase. WhatsApp chief Will Cathcart tweeted against Apple's plans for the new architecture.

"We've had personal computers for decades, and there has never been a mandate to scan the private content of all desktops, laptops or phones globally for unlawful content," he wrote. "It's not how technology built in free countries works.... This is an Apple built and operated surveillance system that could very easily be used to scan private content for anything they or a government decides it wants to control. Countries where iPhones are sold will have different definitions on what is acceptable”, he said.

Apple's experts argued that they were not really going into people's phones because data sent on its devices must clear multiple hurdles. For example, banned material is flagged by watchdog groups, and the identifiers are bundled into Apple's operating systems worldwide, making them harder to manipulate.

Critics suspect more complex motives in Apple's approach. They say the great technical lengths Apple has gone to to check images on a user's device, despite that process's privacy protections, only really make sense in cases where the images are encrypted before they leave a user's phone or computer and server-side detection becomes impossible.

In that case, Apple might easily extend the detection system to photos on users' devices that aren't ever uploaded to iCloud, a kind of on-device image scanning that would represent a new form of invasion into users' offline storage.

Reuters:      Wired:         Livemint:      NDTV:     Independent:   Yahoo:    

You Might Also Read: 

British Law To Protect Online Users:

 

 

« Pakistan’s New Cyber Security Policy
Alarming Surge In Malicious Apps »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.