Apple giving into Russia twice this week on key civil liberties issues proves that the company’s CSAM misuse assurances cannot be trusted, argues a high-profile security expert.
Apple today pulled from the App Store an opposition tactical voting app after the Russian government threatened specific local company employees with “punishment” if they refused. It turns out that Apple also turned off its Private Relay service in Russia just yesterday, likely also in response to government pressure…
When Apple announced its plans to scan iPhones for Child Sexual Abuse Materials (CSAM), many pointed out that exactly the same technology could be used to scan phones for things like political content by opponents of repressive governments.
A digital fingerprint can be created for any type of material, not just CSAM. What’s to stop an authoritarian government adding to the database images of political campaign posters or similar?
So a tool that is designed to target serious criminals could be trivially adapted to detect those who oppose a government or one or more of its policies.
Apple – who would receive the fingerprint database from governments – would find itself unwittingly aiding repression or worse of political activists.
Security experts, civil rights groups, democratic governments, and even Apple’s own employees called on the company to abandon its plans for this reason.
Apple responded by saying that it would never allow this. It would, it said, only search for image hashes in at least two different child safety organization databases.
Addressing the issue of a repressive government forcing it to search for particular materials, Apple said it would “refuse such demands.” But it also states that it obeys the laws in each of the countries in which it operates, and commenters said that pressure could be applied to the company, even in the absence of such laws.
Apple giving into Russia proves the risks are real
As much as Apple claims it would never give in to government pressure to misuse its CSAM scanning feature, cryptography academic Matthew Green argues that the company just proved these assurances are worthless.
Apple spent the entire summer telling the public that they were confident they could resist government pressure, when defending their CSAM scanning system. Today they’re pulling voting guides from the Russian App Store. What changed in a month?
Apple’s defense of removing voting guides is that they have to obey the law of the nations they operate in. And yet if legislators demand they expand their image scanning corpus, they say they will refuse. They intend to break the law in that case, but not this one?
A Russian citizen replied saying that’s not all.
It doesn’t stop there. Yesterday they turned their new Private Relay quasi-VPN service off for Russians even though it worked fine in iOS beta versions plus there’s still hundreds of RU IP addresses reserved for it. No explanation given.
Personally, I can’t see how Apple can possibly continue to argue the case. We know it will do what local laws require, because it has done so, and it has said so. We know it will give in to blackmail, because it has just done so.
So far, Apple has merely delayed its plans to think of additional safeguards, but it’s hard to see how any safeguard could protect against legally imposed or blackmailed capitulation.