{"id":191882,"date":"2021-08-16T12:00:13","date_gmt":"2021-08-16T11:00:13","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=191882"},"modified":"2021-08-15T05:43:35","modified_gmt":"2021-08-15T04:43:35","slug":"if-you-build-it-they-will-come-apple-has-opened-the-backdoor-to-increased-surveillance-and-censorship-around-the-world","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2021\/08\/if-you-build-it-they-will-come-apple-has-opened-the-backdoor-to-increased-surveillance-and-censorship-around-the-world\/","title":{"rendered":"If You Build It, They Will Come: Apple Has Opened the Backdoor to Increased Surveillance and Censorship around the World"},"content":{"rendered":"

\"\"<\/a><\/p>\n

11 Aug 2021 – <\/em>Apple\u2019s new program<\/a> for scanning images sent on iMessage steps back from the company\u2019s prior support<\/a> for the privacy and security of encrypted messages. The program, initially limited to the United States, narrows the understanding of end-to-end encryption<\/a> to allow for client-side scanning. While Apple aims at the scourge of child exploitation and abuse, the company has created an infrastructure that is all too easy to redirect to greater surveillance and censorship. The program will undermine Apple\u2019s defense that it can\u2019t comply with the broader demands.
\n<\/b><\/p>\n

For years, countries around the world<\/a> have asked for access to and control over encrypted messages, asking technology companies to \u201cnerd harder\u201d when faced with the pushback that access to messages in the clear was incompatible with strong encryption. The Apple child safety message scanning program<\/a> is currently being rolled out only in the United States.<\/p>\n

The United States has not been shy about seeking access<\/a> to encrypted communications, pressuring the companies to make it easier to obtain data with warrants and to voluntarily turn over data. However, the U.S. faces serious constitutional issues if it wanted to pass a law that required warrantless screening and reporting of content. Even if conducted by a private party, a search ordered by the government is subject to the Fourth Amendment\u2019s protections. Any \u201cwarrant\u201d issued for suspicionless mass surveillance would be an unconstitutional general warrant. As the Ninth Circuit Court of Appeals has explained<\/a>, “Search warrants . . . are fundamentally offensive to the underlying principles of the Fourth Amendment when they are so bountiful and expansive in their language that they constitute a virtual, all-encompassing dragnet[.]” With this new program, Apple has failed to hold a strong policy line against U.S. laws undermining encryption, but there remains a constitutional backstop to some of the worst excesses. But U.S constitutional protection may not necessarily be replicated in every country.<\/p>\n

Apple is a global company, with phones and computers in use all over the world, and many governments pressure that comes along with that. Apple has promised<\/a> it will refuse government \u201cdemands to build and deploy government-mandated changes that degrade the privacy of users.\u201d It is good that Apple says it will not, but this is not nearly as strong a protection as saying it cannot, which could not honestly be said about any system of this type. Moreover, if it implements this change, Apple will need to not just fight for privacy, but win in legislatures and courts around the world. To keep its promise, Apple will have to resist the pressure to expand the iMessage scanning program to new countries, to scan for new types of content and to report outside parent-child relationships.<\/p>\n

It is no surprise that authoritarian countries demand companies provide access and control to encrypted messages, often the last best hope for dissidents to organize and communicate. For example, Citizen Lab\u2019s research<\/a> shows that\u2014right now\u2014China\u2019s unencrypted WeChat service already surveils images and files shared by users, and uses them to train censorship algorithms. \u201cWhen a message is sent from one WeChat user to another, it passes through a server managed by Tencent (WeChat\u2019s parent company) that detects if the message includes blacklisted keywords before a message is sent to the recipient.\u201d As the Stanford Internet Observatory\u2019s Riana Pfefferkorn explains<\/a>, this type of technology is a roadmap showing \u201chow a client-side scanning system originally built only for CSAM [Child Sexual Abuse Material] could and would be suborned for censorship and political persecution.\u201d As Apple has found<\/a>, China, with the world\u2019s biggest market, can be hard to refuse. Other countries are not shy about applying extreme pressure on companies, including arresting local employees<\/a> of the tech companies.<\/p>\n

But many times potent pressure to access encrypted data also comes from democratic countries that strive to uphold the rule of law, at least at first. If companies fail to hold the line in such countries, the changes made to undermine encryption can easily be replicated by countries with weaker democratic institutions and poor human rights records\u2014often using similar legal language, but with different ideas about public order and state security, as well as what constitutes impermissible content, from obscenity to indecency to political speech. This is very dangerous. These countries, with poor human rights records, will nevertheless contend that they are no different. They are sovereign nations, and will see their public-order needs as equally urgent. They will contend that if Apple is providing access to any nation-state under that state\u2019s local laws, Apple must also provide access to other countries, at least, under the same terms.<\/p>\n

‘Five Eyes’ Countries Will Seek to Scan Messages\u00a0<\/b><\/h3>\n

For example, the Five Eyes\u2014an alliance of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States\u2014warned<\/a> in 2018 that they will \u201cpursue technological, enforcement, legislative or other measures to achieve lawful access solutions\u201d if the companies didn\u2019t voluntarily provide access to encrypted messages. More recently, the Five Eyes have pivoted<\/a> from terrorism to the prevention of CSAM as the justification, but the demand for unencrypted access remains the same, and the Five Eyes are unlikely to be satisfied without changes to assist terrorism and criminal investigations too.<\/p>\n

The United Kingdom\u2019s Investigatory Powers Act, following through on the Five Eyes\u2019 threat, allows their Secretary of State to issue \u201ctechnical capacity notices<\/a>,\u201d which oblige telecommunications operators to make the technical ability of \u201cproviding assistance in giving effect to an interception warrant, equipment interference warrant, or a warrant or authorisation for obtaining communications data.\u201d As the UK Parliament considered the IPA, we warned<\/a> that a \u201ccompany could be compelled to distribute an update in order to facilitate the execution of an equipment interference warrant, and ordered to refrain from notifying their customers.\u201d<\/p>\n

Under the IPA, the Secretary of State must consider \u201cthe technical feasibility of complying with the notice.\u201d But the infrastructure needed to roll out Apple\u2019s proposed changes makes it harder to say that additional surveillance is not technically feasible. With Apple\u2019s new program, we worry that the UK might try to compel an update that would expand the current functionality of the iMessage scanning program, with different algorithmic targets and wider reporting. As the iMessage \u201ccommunication safety\u201d feature is entirely Apple\u2019s own invention, Apple can all too easily change its own criteria for what will be flagged for reporting. Apple may receive an order to adopt its hash matching program for iPhoto into the message pre-screening. Likewise, the criteria for which accounts will apply this scanning, and where positive hits get reported, are wholly within Apple\u2019s control.<\/p>\n

Australia followed suit with its Assistance and Access Act, which likewise allows for requirements to provide technical assistance and capabilities, with the disturbing potential to undermine encryption. While the Act contains some safeguards, a coalition of civil society organizations, tech companies, and trade associations, including EFF and\u2014wait for it\u2014Apple, explained<\/a> that they were insufficient.<\/p>\n

Indeed, in Apple\u2019s own submission<\/a> to the Australian government, Apple warned \u201cthe government may seek to compel providers to install or test software or equipment, facilitate access to customer equipment, turn over source code, remove forms of electronic protection, modify characteristics of a service, or substitute a service, among other things.\u201d If only Apple would remember that these very techniques could also be used in an attempt to mandate or change the scope of Apple\u2019s scanning program.<\/p>\n

While Canada has yet to adopt<\/a> an explicit requirement for plain text access, the Canadian government is actively pursuing filtering obligations for various online platforms<\/a>, which raise the spectre of a more aggressive set of obligations targeting private messaging applications.<\/p>\n

Censorship Regimes Are In Place And Ready to Go<\/b><\/h3>\n

For the Five Eyes, the ask is mostly for surveillance capabilities, but India and Indonesia are already down the slippery slope to content censorship. The Indian government\u2019s new Intermediary Guidelines and Digital Media Ethics Code (\u201c2021 Rules<\/a>\u201d), in effect earlier this year, directly imposes dangerous requirements<\/a> for platforms to pre-screen content. Rule 4(4) compels content filtering, requiring that providers \u201cendeavor to deploy technology-based measures,\u201d including automated tools or other mechanisms, to \u201cproactively identify information\u201d that has been forbidden under the Rules.<\/p>\n

India\u2019s defense of the 2021 rules<\/a>, written in response to the criticism from three UN Special Rapporteurs<\/a>, was to highlight the very real dangers to children, and skips over the much broader mandate of the scanning and censorship rules. The 2021 Rules impose proactive and automatic enforcement of its content takedown provisions, requiring the proactive blocking of material previously held to be forbidden under Indian law. These laws broadly include those protecting \u201cthe sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality.\u201d This is no hypothetical slippery slope\u2014it\u2019s not hard to see how this language could be dangerous to freedom of expression and political dissent. Indeed, India\u2019s track record on its Unlawful Activities Prevention Act<\/a>, which has reportedly been used<\/a> to arrest academics, writers and poets for leading rallies and posting political messages on social media, highlight this danger.<\/p>\n

It would be no surprise if India claimed that Apple\u2019s scanning program was a great start towards compliance, with a few more tweaks needed to address the 2021 Rules\u2019 wider mandate. Apple has promised to protest any expansion, and could argue in court, as WhatsApp<\/a> and others have, that the 2021 Rules should be struck down, or that Apple does not fit the definition of a social media intermediary regulated under these 2021 Rules. But the Indian rules illustrate both the governmental desire and the legal backing for pre-screening encrypted content, and Apple\u2019s changes makes it all the easier to slip into this dystopia.<\/p>\n

This is, unfortunately, an ever-growing trend. Indonesia, too, has adopted Ministerial Regulation MR5<\/a> to require service providers (including \u201cinstant messaging\u201d providers) to \u201censure\u201d that their system<\/a> \u201cdoes not contain any prohibited [information]; and […] does not facilitate the dissemination of prohibited [information]\u201d. MR5 defines prohibited information as anything that violates any provision of Indonesia\u2019s laws and regulations, or creates \u201ccommunity anxiety\u201d or \u201cdisturbance in public order.\u201d MR5 also imposes disproportionate sanctions, including a general blocking of systems for those who fail to ensure there is no prohibited content and information in their systems. Indonesia may also see the iMessage scanning functionality as a tool for compliance with Regulation MR5, and pressure Apple to adopt a broader and more invasive version in their country.<\/p>\n

Pressure Will Grow<\/b><\/h3>\n

The pressure to expand Apple\u2019s program to more countries and more types of content will only continue. In fall of 2020, in the European Union, a series of leaked documents from the European Commission foreshadowed<\/a> an anti-encryption law to the European Parliament, perhaps this year. Fortunately, there is a backstop in the EU. Under the e-commerce directive, EU Member States are not allowed to impose a general obligation to monitor the information that users transmit or store, as stated in the Article 15 of the e-Commerce Directive (2000\/31\/EC). Indeed, the Court of Justice of the European Union (CJEU) has stated<\/a> explicitly<\/a> that intermediaries may not be obliged to monitor their services in a general manner in order to detect and prevent illegal activity of their users. Such an obligation will be incompatible with fairness and proportionality. Despite this, in a leaked internal document<\/a> published by Politico, the European Commission committed itself to an action plan for mandatory detection of CSAM by relevant online service providers (expected in December 2021) that pointed to client-side scanning as the solution, which can potentially apply to secure private messaging apps, and seizing upon the notion that it preserves the protection of end-to-end encryption.<\/p>\n

For governmental policymakers who have been urging companies to nerd harder, wordsmithing harder is just as good. The end result of access to unencrypted communication is the goal, and if that can be achieved in a way that arguably leaves a more narrowly defined end-to-end encryption in place, all the better for them.<\/p>\n

All it would take to widen the narrow backdoor that Apple is building is an expansion of the machine learning parameters to look for additional types of content, the adoption of the iPhoto hash matching to iMessage, or a tweak of the configuration flags to scan, not just children\u2019s, but anyone\u2019s accounts. Apple has a fully built system just waiting for external pressure to make the necessary changes. China and doubtless other countries already have hashes and content classifiers to identify messages impermissible under their laws, even if they are protected by international human rights law. The abuse cases are easy to imagine: governments that outlaw homosexuality might require a classifier to be trained to restrict apparent LGBTQ+ content, or an authoritarian regime might demand a classifier able to spot popular satirical images or protest flyers.<\/p>\n

Now that Apple has built it, they will come. With good intentions, Apple has \u200b\u200bpaved the road to mandated security weakness around the world, enabling and reinforcing the arguments that, should the intentions be good enough, scanning through your personal life and private communications is acceptable. We urge Apple to reconsider and return to the mantra Apple so memorably emblazoned on a billboard<\/a> at 2019\u2019s CES conference in Las Vegas: What happens on your iPhone, stays on your iPhone.<\/p>\n

_________________________________________<\/p>\n

Espa\u00f1ol<\/a><\/p>\n

\n
\n
\n

\"\"<\/a>Kurt Opsahl is the Deputy Executive Director and General Counsel of the <\/em>Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, he counsels on <\/em>EFF projects and initiatives.\u00a0 For his work responding to government subpoenas, Opsahl is proud to have been called a “rabid dog” by the Department of Justice. He co-authored <\/em>Electronic Media and Privacy Law Handbook<\/a> in 2007 and was named as one of the “Attorneys of the Year<\/a>” by <\/em>California Lawyer<\/a> magazine for his work on the O’Grady v. Superior Court<\/a> appeal. Email: kurt@eff.org<\/a><\/em><\/p>\n

Go to Original – eff.org<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

11 Aug 2021 – Apple\u2019s new program for scanning images sent on iMessage steps back from the company\u2019s prior support for the privacy and security of encrypted messages. It has created an infrastructure that is all too easy to redirect to greater surveillance and censorship. Apple has paved the road to mandated security weakness around the world, enabling and reinforcing the arguments that, should the intentions be good enough, scanning through your personal life and private communications is acceptable.<\/p>\n","protected":false},"author":4,"featured_media":191885,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[216],"tags":[2632,910,1009,1772,2383,1277,1109,911],"class_list":["post-191882","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-apple","tag-big-brother","tag-big-tech","tag-computer-science","tag-encryption","tag-privacy-rights","tag-spying","tag-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/191882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=191882"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/191882\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media\/191885"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=191882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=191882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=191882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}