Show an ad over header. AMP

I am the FIRST

Apple opens the encryption Pandora's box

Apple's plan to scan iPhones for child sexual abuse material (CSAM) provoked immediate criticism that it was opening a door to much broader efforts by governments seeking a way into citizens' devices.

Between the lines: That debate is important, but Apple is also laying out a technical approach that's worthy of the industry's attention.


  • Apple's scheme does some work in the cloud and other work on the device, and the two systems share information only under strictly defined circumstances. That could help preserve privacy by creating and sharing less user data.

Driving the news: Apple last week announced its plan to begin scanning iPhones in the U.S. to see if they contain material that has been flagged as illegal by the National Center for Missing and Exploited Children. A separate change would allow parents to be notified if children under 13 are sent nude images.

  • Critics immediately slammed the moves, saying that, however well intended, such systems would inevitably be used toward other ends, such as authoritarian governments spying on their opponents.
  • In a New York Times op-ed on Thursday, Matthew Green and Alex Stamos urged Apple to hold off implementing the planned moves until they could be studied by researchers to better understand their risks.
  • Apple employees "have flooded an Apple internal Slack channel with more than 800 messages," many criticizing the plan, per Reuters.

The big picture: Much of the debate mirrors past encryption controversies, in which encryption proponents have argued that any kind of exception or back door creates vulnerabilities that will be exploited by bad actors, so you might as well not bother using encryption at all.

Indeed, critics of Apple's approach here say that once it starts scanning devices on the client side, it really won't be offering end-to-end encryption at all.

  • "Once they’ve built this door, the policy choices that are designed to limit how it can be used are insufficient to provide the level of security that was previously provided," said Sharon Bradford Franklin, co-director of the security and surveillance project at the Center for Democracy and Technology.
  • CDT issued its own paper this week suggesting different tools that can co-exist with full end-to-end encryption, including user reporting of problematic content and analysis of metadata.
  • Will Cathcart, head of Facebook-owned messaging app WhatsApp, also blasted Apple's move.
  • "There is no way to make technology work for 'good reasons' only," Cathcart told Axios. "We're concerned that creating the power to scan people's private photos or documents on their devices to make reports to governments is going to lead to long term abuse. This is a surveillance system that many governments will want to control, including China."

My thought bubble: The immediate blowback suggests that Apple either didn't get the balance right in this instance, or did a bad job of communicating its system, or both.

  • However, Apple's plan does put forward a useful idea that bears consideration in future system designs.
  • With this system, Apple isn't just deploying a single broad tool for scanning devices. Instead, it's creating multiple systems that only create data that can be shared when a certain threshold is reached. While still problematic, such an approach creates far less data from far fewer users than more broad-brush approaches would.

Apple has explored this in other areas as well — including the system that it created with Google to notify users of potential COVID-19 exposure. A mix of information on a device and in the cloud ensured that only a narrow amount of new data about users' health and location was created, and even less was shared.

  • Apple's new CSAM tool is obviously different. The COVID-19 system was opt-in, while Apple will use the new CSAM detection system for all customers who use iCloud photo sharing. (Users who don't use iCloud won't have their photos screened.)

Even those who criticize Apple over its new CSAM detection feature acknowledge there is some benefit to Apple's approach.

  • "If the choice must be between a narrow backdoor with policy limits to minimize its reach and application, versus a complete abandonment of encryption, absolutely the former is preferable," Franklin said.

Why the startup world needs to ditch "unicorns" for "dragons"

When Aileen Lee originally coined the term "unicorn" in late 2013, she was describing the 39 "U.S.-based software companies started since 2003 and valued at over $1 billion by public or private market investors."

Flashback: It got redefined in early 2015 by yours truly and Erin Griffith, in a cover story for Fortune, as any privately-held startup valued at $1 billion or more. At the time, we counted 80 of them.

Keep reading... Show less

Scoop: Facebook's new moves to lower News Feed's political volume

Facebook plans to announce that it will de-emphasize political posts and current events content in the News Feed based on negative user feedback, Axios has learned. It also plans to expand tests to limit the amount of political content that people see in their News Feeds to more countries outside of the U.S.

Why it matters: The changes could reduce traffic to some news publishers, particularly companies that post a lot of political content.

Keep reading... Show less

Scoop: Amazon quietly getting into live audio business

Amazon is investing heavily in a new live audio feature that's similar to other live audio offerings like Clubhouse, Twitter Spaces and Spotify's new live audio platform, sources tell Axios.

Why it matters: As with Amazon's efforts in podcasting and music subscriptions, the company sees live audio as a way to bolster the types of content it can offer through its voice assistant, Alexa, and its smart speaker products.

Keep reading... Show less

Hurricane Ida exposes America's precarious energy infrastructure

The powerful hurricane that plunged New Orleans into darkness for what could be weeks is the latest sign that U.S. power systems are not ready for a warmer, more volatile world.

The big picture: “Our current infrastructure is not adequate when it comes to these kinds of weather extremes,” Joshua Rhodes, a University of Texas energy expert, tells Axios.

Keep reading... Show less

"We must go further": 70% of adults in European Union are fully vaccinated

About 70% of adults in the European Union are fully vaccinated against COVID-19, Ursula von der Leyen, the president of the European Commission, said Tuesday.

Why it matters: The milestone makes the E.U. one of the world's leaders in inoculations, after an initially lagging vaccine campaign, the New York Times notes.

Keep reading... Show less

What Elizabeth Holmes jurors will be asked ahead of fraud trial

Jury selection begins today in USA v. Elizabeth Holmes, with the actual jury trial to get underway on Sept. 8.

Why it matters: Theranos was the biggest fraud in Silicon Valley history, putting both hundreds of millions of dollars and thousands of patients' health at risk.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories