WhatsApp won’t be adopting Apple’s new Child Safety measures, meant to stop the spread of child abuse imagery, according to WhatsApp’s head Will Cathcart. In a Twitter thread, he explains his belief that Apple “has built software that can scan all the private photos on your phone,” and said that Apple has taken the wrong path in trying to improve its response to child sexual abuse material, or CSAM.
Apple’s plan, which it announced on Thursday, involves taking hashes of images uploaded to iCloud and comparing them to a database that contains hashes of known CSAM images. According to Apple, this allows it to keep user data encrypted and run the analysis on-device while still allowing it to report users to the authorities if they’re found to be sharing child abuse imagery. Another prong of Apple’s Child Safety strategy involves optionally warning parents if their child under 13 years old sends or views photos containing sexually explicit content. An internal memo at Apple acknowledged that people would be “worried about the implications” of the systems.
I read the information Apple put out yesterday and I’m concerned. I think this is the wrong approach and a setback for people’s privacy all over the world.
People have asked if we’ll adopt this system for WhatsApp. The answer is no.
— Will Cathcart (@wcathcart) August 6, 2021
Cathcart calls Apple’s approach “very concerning,” saying that it would allow governments with different ideas of what kind of images are and are not acceptable to request that Apple add non-CSAM images to the databases it’s comparing images against. Cathcart says WhatsApp’s system to fight child exploitation, which partly utilizes user reports, preserves encryption like Apple’s and has led to the company reporting over 400,000 cases to the National Center for Missing and Exploited Children in 2020. (Apple is also working with the Center for its CSAM detection efforts.)
WhatsApp’s owner, Facebook, has reasons to pounce on Apple for privacy concerns. Apple’s changes to how ad tracking works in iOS 14.5 started a fight between the two companies, with Facebook buying newspaper ads criticizing Apple’s privacy changes as harmful to small businesses. Apple fired back, saying that the change “simply requires” that users be given a choice on whether to be tracked.
It’s not just WhatsApp that has criticized Apple’s new Child Safety measures, though. The list of people and organizations raising concerns includes Edward Snowden, the Electronic Frontier Foundation, professors, and more. We’ve collected some of those reactions here to act as an overview of some of the criticisms levied against Apple’s new policy.
Matthew Green, an associate professor at Johns Hopkins University, pushed back on the feature before it was publicly announced. He tweeted about Apple’s plans and about how the hashing system could be abused by governments and malicious actors.
These tools will allow Apple to scan your iPhone photos for photos that match a specific perceptual hash, and report them to Apple servers if too many appear.
— Matthew Green (@matthew_d_green) August 5, 2021
The EFF released a statement that blasted Apple’s plan, more or less calling it a “thoroughly documented, carefully thought-out, and narrowly-scoped backdoor.” The EFF’s press release goes into detail on how it believes Apple’s Child Safety measures could be abused by governments and how they decrease user privacy.
Apple’s filtering of iMessage and iCloud is not a slippery slope to backdoors that suppress speech and make our communications less secure. We’re already there: this is a fully-built system just waiting for external pressure to make the slightest change. https://t.co/f2nv062t2n
— EFF (@EFF) August 5, 2021
Kendra Albert, an instructor at Harvard’s Cyberlaw Clinic, has a thread on the potential dangers to queer children and Apple’s initial lack of clarity around age ranges for the parental notifications feature.
The idea that parents are safe people for teens to have conversations about sex or sexting with is admirable, but in many cases, not true. (And as far as I can tell, this stuff doesn’t just apply to kids under the age for 13.)
— Kendra Albert (@KendraSerra) August 5, 2021
EFF reports that the iMessage nudity notifications will not go to parents if the kid is between 13-17 but that is not anywhere in the Apple documentation that I can find. https://t.co/Ma1BdyqZfW
— Kendra Albert (@KendraSerra) August 6, 2021
Edward Snowden retweeted the Financial Times article about the system, giving his own characterization of what Apple is doing.
Apple plans to modify iPhones to constantly scan for contraband:
“It is an absolutely appalling idea, because it is going to lead to distributed bulk surveillance of our phones and laptops,” said Ross Anderson, professor of security engineering. https://t.co/rS92HR3pUZ
— Edward Snowden (@Snowden) August 5, 2021
Politician Brianna Wu called the system “the worst idea in Apple History.”
This is the worst idea in Apple history, and I don’t say that lightly.
It destroys their credibility on privacy. It will be abused by governments. It will get gay children killed and disowned. This is the worst idea ever. https://t.co/M2EIn2jUK2
— Brianna Wu (@BriannaWu) August 5, 2021
Just to state: Apple’s scanning does not detect photos of child abuse. It detects a list of known banned images added to a database, which are initially child abuse imagery found circulating elsewhere. What images are added over time is arbitrary. It doesn’t know what a child is.
— SoS (@SwiftOnSecurity) August 5, 2021
Writer Matt Blaze also tweeted about the concerns that the technology could be abused by overreaching governments, trying to prevent content other than CSAM.
In other words, not only does the policy have to be exceptionally robust, so does the implementation.
— matt blaze (@mattblaze) August 6, 2021
Epic CEO Tim Sweeney also criticized Apple, saying that the company “vacuums up everybody’s data into iCloud by default.” He also promised to share more thoughts specifically about Apple’s Child Safety system.
It’s atrocious how Apple vacuums up everybody’s data into iCloud by default, hides the 15+ separate options to turn parts of it off in Settings underneath your name, and forces you to have an unwanted email account. Apple would NEVER allow a third party to ship an app like this.
— Tim Sweeney (@TimSweeneyEpic) August 6, 2021
I will share some very detailed thoughts on this related topic later.
— Tim Sweeney (@TimSweeneyEpic) August 6, 2021
Not every reaction has been critical, however. Ashton Kutcher (who has done advocacy work to end child sex trafficking since 2011) calls Apple’s work “a major step forward” for efforts to eliminate CSAM.