Science

New report reveals Apple has been scanning emails for child-porn pictures since 2019

Published

Amid concerns about Apple’s new plan to scan users’ photos for child porn, a new report alleges the company has already been scouring emails for such imagery for at least the past two years. 

Tech giant has been looking at iCloud Mail for child sex abuse material (CSAM) since 2019, Apple-focused news outlet 9to5Mac confirmed.

An iMessage chain surfaced on August 20, in which Apple anti-fraud chief Eric Friedman wrote that the company was unintentionally ‘the greatest platform for distributing child porn,’ The Verge first reported. 

The Apple-focused news website asked Apple how Friedman could make such a claim if the company wasn’t scanning iCloud photos. 

An unnamed representative confirmed that Apple had been looking at emails on the cloud, as well scanning other data ‘on a tiny scale,’ but not iCloud photos or backups.

Since email is not encrypted, scanning attachments ‘would be a trivial task,’ 9to5Mac wrote. 

Apple has not yet responded to a request for comment from DailyMail.com. 

The thread, from February 2020, was part of evidence submitted by Apple as part of the discovery process in the lawsuit filed by Epic Games. 

Scroll down for video

According to a report from 9 to 5 Mac, Apple has confirmed it has scanned certain emails for child sex abuse material (CSAM) at least since 2019

According to a report from 9 to 5 Mac, Apple has confirmed it has scanned certain emails for child sex abuse material (CSAM) at least since 2019

Friedman’s comment was part of a longer conversation about whether Apple might be focusing on privacy at the expense of public safety.

‘We have chosen to not know in enough places where we really cannot say,’ Friedman wrote, saying he suspected Apple was underreporting the CSAM problem.

‘The spotlight at Facebook etc. is all on trust and safety (fake accounts, etc). In privacy, they suck,’ he wrote.

‘Our priorities are the inverse. Which is why we are the greatest platform for distributing child porn, etc.’

Apple's disclosure came after an iMessage thread surfaced in which Apple anti-fraud chief Eric Friedman said the company's emphasis on privacy over safety has made it 'the greatest platform for distributing child porn, etc'

Apple’s disclosure came after an iMessage thread surfaced in which Apple anti-fraud chief Eric Friedman said the company’s emphasis on privacy over safety has made it ‘the greatest platform for distributing child porn, etc’

After 9to5Mac asked Apple how Friedman could say the platform was a safe haven for porn if the company didn't scan for it , an unnamed rep disclosed it screened certain emails, and scanned other data 'on a tiny scale,' but not iCloud photos or backups.

After 9to5Mac asked Apple how Friedman could say the platform was a safe haven for porn if the company didn’t scan for it , an unnamed rep disclosed it screened certain emails, and scanned other data ‘on a tiny scale,’ but not iCloud photos or backups.

In an update to the story, 9to5Mac writer Ben Lovejoy theorized Friedman’s statement was more about how relatively lax Apple’s cloud service is in scanning photos for CSAM compared to other platforms.

‘If other services were disabling accounts for uploading CSAM, and iCloud Photos wasn’t (because the company wasn’t scanning there), then the logical inference would be that more CSAM exists on Apple’s platform than anywhere else,’ he wrote. 

‘Friedman was probably doing nothing more than reaching that conclusion.’ 

He also points to an archived version of Apple’s child safety page from January 2020, which reads ‘Apple uses image matching technology to help find and report child exploitation.’

The page, which is no longer on the live Apple.com site, says the company ‘use[s] electronic signatures to find suspected child exploitation.’

Each match is validated and accounts with child exploitation content are disabled, according to the defunct FAQ.

Speaking at a panel at CES in Las Vegas in 2020, Jane Horvath  said Apple uses specialized software to automatically screen iPhone images backed up to iCloud for child porn

 Speaking at a panel at CES in Las Vegas in 2020, Jane Horvath  said Apple uses specialized software to automatically screen iPhone images backed up to iCloud for child porn

In January 2020, Apple senior privacy officer Jane Horvath told a panel at CES in Las Vegas that the company used specialist software to automatically check iPhone images backed up to iCloud for signs of child abuse images.

Horvath didn’t go into any detail about the software, or clarify it was used in emails or iCloud Photos, only saying that it was used to ‘help screen for child sexual abuse material.’

She made the comments as part of a roundtable debate into privacy issues and whether legislation is required to protect users personal information. 

Horvath endorsed software to detect signs of child abuse over other solutions, like opening ‘back doors’ into encryption as suggested by some law enforcement organizations.

‘Our phones are small and they are going to get lost and stolen’, Horvath told the audience.

Craig Federighi (picured), Apple's senior vice president of software engineering, said Apple's AI-driven program scanning for child abuse pics will be protected against misuse through 'multiple levels of auditability'

Craig Federighi (picured), Apple’s senior vice president of software engineering, said Apple’s AI-driven program scanning for child abuse pics will be protected against misuse through ‘multiple levels of auditability’ 

‘If we are going to be able to rely on having health and finance data on devices then we need to make sure that if you misplace the device you are not losing sensitive information.’

She said that while encryption is vital to people’s security and privacy, child abuse and terrorist material was ‘abhorrent.’

‘We are very dedicated and none of us want that kind of material on our platforms but building a backdoor into encryption is not the way we are going to solve those problems,’ she said.  

WHAT ARE APPLE’S NEW CHILD-SAFETY FEATURES? 

The new features, which will come with iOS 15, iPadOS 15, watchOS 8 and macOS Monterey later this year, will allow Apple to: 

1. Flag images to the authorities after being manually checked by staff if they match images already flagged as child sexual abuse images by the US National Center for Missing and Exploited Children 

2. Scan images that are sent and received by minors in the Messages app. If nudity is detected, the photo will be automatically blurred and the child will be warned that the photo might contain private body parts 

3. Allow Siri to ‘intervene’ when users try to search topics related to child sexual abuse 

4. Notify parents If a child under the age of 13 sends or receives a suspicious image, if the child’s device is linked to Family Sharing. 

        Coming as part of the next iOS upgrade, the controversial feature to scan iPhones for images of child abuse has raised concerns by privacy advocates who say Apple is creating a backdoor for bad actors to scan for any kind of image or data.

        Using ‘hashes’ or digital fingerprints, images in a CSAM database will be compared to pictures on a user’s iPhone. Any match is then sent to Apple and, after being reviewed by a human, will be sent on to the National Center for Missing and Exploited Children. 

        It would only take a tweak of the machine-learning system’s parameters to look for different kinds of content, said India McKinney and Eric Portnoy of the Electronic Frontier Foundation. 

         ‘The abuse cases are easy to imagine: governments that outlaw homosexuality might require the classifier to be trained to restrict apparent LGBTQ+ content, or an authoritarian regime might demand the classifier be able to spot popular satirical images or protest flyers,’ they warned in a statement.

        In the Frequently Asked Questions section about its ‘Expanded Protections for Children,’ Apple countered it would ‘refuse any such demands’ from government agencies, in the US or abroad.’

        On August 13, Craig Federighi, Apple’s senior vice president of software engineering, defended the rollout, telling The Wall Street Journal the AI-driven program will be protected against misuse through ‘multiple levels of auditability.’

        ‘We, who consider ourselves absolutely leading on privacy, see what we are doing here as an advancement of the state of the art in privacy, as enabling a more private world,’ Federighi said.

        Federighi said a user would have to meet a threshold on the order of 30 known child sexual abuse material (CSAM) images to have their account flagged.

        ‘Only then does Apple know anything about your account and know anything about those images, and at that point, only knows about those images, not about any of your other images,’ he said.

        ‘This isn’t doing some analysis for, did you have a picture of your child in the bathtub? Or, for that matter, did you have a picture of some pornography of any other sort? This is literally only matching on the exact fingerprints of specific known child pornographic images.’ 

        HOW APPLE WILL SCAN YOUR PHONE FOR CHILD ABUSE PHOTOS 

        The new image-monitoring feature is part of a series of tools heading to Apple mobile devices, according to the company. 

        Here is how it works:

        1.) User’s photos are compared with ‘fingerprints’ from America’s National Center for Missing and Exploited Children (NCMEC) from its database of child abuse videos and images that allow technology to detect them, stop them and report them to the authorities. 

        Those images are translated into ‘hashes’, a type of code that can be ‘matched’ to an image on an Apple device to see if it could be illegal.

        2.) Before an iPhone or other Apple device uploads an image to iCloud, the ‘device creates a cryptographic safety voucher that encodes the match result. It also encrypts the image’s NeuralHash and a visual derivative. This voucher is uploaded to iCloud Photos along with the image.’   

        3.) Apple’s ‘system ensures that the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content,’ Apple has said.  

        At the same time Apple’s texting app, Messages, will use machine learning to recognize and warn children and their parents when receiving or sending sexually explicit photos, the company said in the statement.

        ‘When receiving this type of content, the photo will be blurred and the child will be warned,’ Apple said.

        ‘As an additional precaution, the child can also be told that, to make sure they are safe, their parents will get a message if they do view it.’

        Similar precautions are triggered if a child tries to send a sexually explicit photo, according to Apple.  Personal assistant Siri, meanwhile, will be taught to ‘intervene’ when users try to search topics related to child sexual abuse, according to Apple.

        4.) Apple says that if their ‘voucher’ threshold is crossed and the image is deemed suspicious, its staff ‘manually reviews all reports made to NCMEC to ensure reporting accuracy’

        Users can ‘file an appeal to have their account reinstated’ if they believe it has been wrongly flagged. 

        5.) If the image is a child sexual abuse image the NCMEC can report it to the authorities with a view to a prosecution.    

        source: dailymail.co.uk