Apple puts its privacy reputation on the line

The Big Story

Apple's privacy balancing act

A move by Apple last week to try to curb child sexual abuse material, or CSAM, on its systems is turning into an intense debate over the future of the company's cherished privacy policies.

Apple confirmed that it's launching tools that could help identify such images on users' devices. It was a major step forward in tackling a horrifically widespread problem in the tech industry. But it quickly elicited strong pushback.

• In an open letter signed by thousands, opponents argued that the program "introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products."
• "I think this is the wrong approach and a setback for people's privacy all over the world," WhatsApp head Will Cathcart tweeted. People have asked if we'll adopt this system for WhatsApp. The answer is no."
• And Epic's Tim Sweeney went even harder, saying that "inescapably, this is government spyware installed by Apple based on a presumption of guilt. Though Apple wrote the code, its function is to scan personal data and report it to government."

The idea is simple enough: Apple will begin warning children and parents when explicit images are sent or received. The company is planning to use "on-device machine learning" to scan attached photos, but said it wouldn't have access to the actual messages.

• It will also review iCloud accounts for similar content by turning the information into "an unreadable set of hashes that is securely stored on users' devices."
• The goal is to effectively determine if the "fingerprints" Apple puts on an image match other known photos. That would prevent the system from flagging an image of, say, a kid in a bathtub in a mother or father's phone versus CSAM that is shared broadly.
• Apple posted a long FAQ over the weekend trying to explain its methods and tools, and how they can be implemented safely.

This kind of issue requires a difficult balancing act. Tech giants run into it anytime they're trying to moderate illegal or harmful content on their systems, while still protecting user privacy.

• Critics argued the move would create a loophole that could be exploited by authoritarian governments to restrict LGTBQ+ content, for example.
• "It's impossible to build a client-side scanning system that can only be used for sexually explicit images sent or received by children," wrote the Electronic Frontier Foundation. "All it would take to widen the narrow backdoor that Apple is building is an expansion of the machine learning parameters."
• Edward Snowden put a fine point on it: "Make no mistake: if they can scan for kiddie porn today, they can scan for anything tomorrow."

Apple is not the only tech giant to take these types of steps. Facebook, for example, flagged 20.3 million cases of child sexual abuse to law enforcement last year compared to Apple's 265, per The New York Times.

But it had to expect pushback, given how aggressive the company is at promoting its own privacy safeguards.

• Apple vowed it would not access photos or take action against users unless a certain threshold is crossed, though it still retains that authority more broadly.
• "If you're storing a collection of CSAM material, yes, this is bad for you. But for the rest of you, this is no different," Apple Chief Privacy Officer Eric Neuenschwander told the Times.
• The "innovative new technology allows Apple to provide valuable and actionable information to NCMEC and law enforcement … while providing significant privacy benefits over existing techniques," the company wrote in a blog post.

If it works, Apple's move could be a key middle ground between those who want end-to-end encryption on iCloud versus law enforcement agencies that oppose such measures. (John Gruber made a good case along those lines.)

While few would argue against the ultimate goal of Apple's effort, there are broad policy shift in play here. Apple swears it has safeguards in place to prevent the doomsday scenario that opponents are warning about. But given Apple's prominent role in the debate over user privacy, questions and criticism are sure to keep coming.

— Joe Williams (email | twitter)

A MESSAGE FROM SINGAPORE EDB

Singapore is fast becoming a global hotbed of tech innovation. It's easy to see why. Nearly 80 of the world's top 100 tech firms have set up outposts there, including Google, Facebook, Stripe, Salesforce and homegrown unicorns like the super-app Grab.

Learn More

---

Join Protocol's David Pierce for a conversation with Mural's CEO Mariano Suarez-Battan and Calendly's Annie Pearl during our upcoming event: A Better Meeting August 17 at 10 a.m. PT / 1 p.m. ET Learn More

---

People Are Talking

Tech companies say they don't face anti-Asian racism, but Hustle Fund partner Eric Bahn says that's not all true:

• "It looks awesome in the beginning. But then there's a wall you hit. It's a bait and switch."

Jack Dorsey hates the crypto amendment on the bipartisan infrastructure bill:

• "No rationale has been provided … only rumors."

The FCC has a new broadband map that Jessica Rosenworcel is really excited about:

• "For too long the FCC has not had truly accurate broadband maps. But we're changing that. Starting right here and now. This is the first-of-its-kind wireless coverage map the agency has produced. And we're just getting started. More to come."

Coming this week

ISMG's virtual cybersecurity conference is tomorrow. The event will focus on topics like fraud and zero-trust security across a range of industries.

Samsung's Galaxy Unpacked starts Wednesday, and it's not really keeping any of its announcements under wraps. The company is expected to reveal its foldable phones and a smartwatch.

Black Women Talk Tech starts Thursday. The two-day virtual conference will feature speakers, awards and recruiting sessions.

In Other News

• On Protocol | Workplace: Vaccine mandates are the new normal. Google, Facebook, Microsoft, Lyft, Uber and Twitter all now require proof of vax before allowing employees back into the office. Masks are back, too: Tesla's requiring them at its Nevada factory, and Amazon told all employees to wear them at work.
• Brian Brooks quit Binance.US after three months. The now-former CEO tweeted his departure, pointing to "differences in strategic direction" between him and his co-workers.
• Vaccinated Amazon workers are hitting the jackpot. The company is handing out hundreds of thousands of dollars in cash prizes and cars to inoculated employees. The company reinstated its mask mandate but still doesn't require vaccines.
• ByteDance is back in go-public mode. After the TikTok maker set aside plans to file a public listing overseas, the company says it addressed China's regulatory concerns and is now prepping for a Hong Kong listing by early next year.
• Google is building another Silicon Valley campus, which will house the company's hardware center and a separate, publicly accessible area dedicated to new tech. The new campus is expected to be called "Midpoint."
• Uber and Lyft prices are soaring. Even though more drivers are coming back to the companies, the cost of a ride has bumped to new highs over the past few months — in July, customers paid 50% more for a ride compared to the amount they would have in January 2020.
• Alibaba suspended several employees after a rape accusation. A female staff member wrote a blog post on the company's internal website accusing her boss of rape, prompting outrage from thousands of employees.
• China is suing Tencent, alleging the company's subsidiary, WeChat, broke the country's laws protecting minors. China says the messaging app's "youth mode" doesn't do enough to protect minors online, which Tencent is promising to investigate.

One More Thing

Doubling up on DoorDash

A MESSAGE FROM SINGAPORE EDB

Business leaders say they choose Singapore for its modern tech infrastructure, strong government support, robust pipeline of talent and pro-business regulations (the World Bank ranks it No. 2 in the world for ease of doing business). Plus, its location in the heart of Southeast Asia serves as a launchpad into the bustling Asian-Pacific market.

Learn More

Refer Five Friends, Get A Mug

Are you tired of explaining the tech news of the day to your co-workers every morning? Let us do the heavy lifting and refer them to Source Code.

Send them your referral link via Slack, text, email, or carrier pigeon and we'll send you your very own Protocol mug after you refer five friends!

Your referral link:*|RH_REFLINK|*

Share on Twitter — Share on LinkedIn — Share via email