Mass surveillance warning from Apple over new proposed eSafety guidelines

Posted by
Check your BMI

Australia's eSafety Commissioner is at loggerheads with one of the world's biggest tech companies, Apple

It's over proposed new legislation that aims to protect our most vulnerable by weeding out the most disgraceful of content from online storage and communications platforms "to protect Australians from illegal and restricted online content."

The Online Safety Industry Standard is now open for public consultation ahead of a possible introduction into legislation within months, to be active within a year.

READ MORE: Nvidia profits jumped 580 per cent last year on back of AI boom

Istanbul, Turkey - July 11, 2016: Apple iPhone 6s screen with social media applications icons Facebook, Instagram, Twitter, Spotify, Youtube, Messenger, Apple Music, Safari, Maps, Whatsapp etc.

toonsbymoonlight

At their core, these proposed standards are a way of ensuring mandatory compliance by service providers such as messaging services, online gaming, dating and many more rather broad categories of providers.

One company with a keen eye on this proposal is Apple, which holds a large market share in Australia in terms of devices used for messaging, photography and image storage. Of course, most users also have those images saved or backed up to the cloud, which is another area of concern for the relevant service providers.

Under the proposal, service providers will need to "take proactive steps to create and maintain a safe online environment".

In its submission to the federal government's public consultation on the matter, Apple its view very clear: these regulations seek to require providers to "serve as agents of the state, surveilling user data in a way that even law enforcement today cannot legally require".

"Tools of mass surveillance have widespread negative implications for freedom of opinion and expression and, by extension, democracy as a whole," the submission states

"For example, awareness that the government may compel a provider to watch what people are doing raises the serious risk of chilling legitimate associational, expressive, political freedoms, and economic activity."

READ MORE: Young people are turning to ChatGPT for dating advice. We put it to the test

eSafety was set up to help protect children online.

Apple had already begun working on the idea of a technology that could scan photos stored in the iCloud to search for images of child exploitation or other harmful material.

"We worked hard to conceptualise a hybrid device-server technology to detect known CSAM (Child Sexual Abuse Material) in iCloud Photos without compromising privacy and security," the company said.

However, the company made it clear that was not an appropriate way forward.

"Ultimately, after having consulted extensively with child safety advocates, human rights organisations, privacy and security technologists, and academics, and having considered scanning technology from virtually every angle, we concluded that it was not practically possible to implement without ultimately imperilling the security and privacy of our users," Apple said.

READ MORE: Finance worker pays out $39m after video call with deepfake CFO

Critically, Apple warned any content scanning system could have serious ramifications, stating "scanning systems are not foolproof".

"There is evidence from other platforms that innocent parties have been swept into dystopian dragnets that have made them victims when they have done nothing more than share perfectly normal and appropriate pictures of their babies," it said.

Most Australians would baulk at the idea of their photo libraries being scanned for any type of material, akin to having someone come into your home and flick through your private photo albums.

To that end, user-based encryption appears to be the battleground going forward. Apple has an opt-in feature called Advanced Data Protection, which allows users to choose to add a layer of encryption to areas iCloud storage, which can include the photo library.

Apple's submission appears to raise concerns about how vague or broad the proposed legislation's encryption-breaking tactics are.

While the eSafety Commissioner's proposal stated providers such as Apple were not expected to "design systematic vulnerabilities or weaknesses into end-to-end encrypted services", Apple argued that was not "explicitly stated anywhere in the actual draft standards".

The company makes its own recommendation that "eSafety adopt a clear and consistent approach expressly supporting end-to-end encryption so that there is no uncertainty and confusion or potential inconsistency across codes and standards".

For what it's worth, Apple has its own tools for the protection of young children. These measures, under a feature called Communication Safety, use on-device technology (that is – it's not in the cloud, so Apple isn't aware of what is scanned or detected) to help by "intervening and giving a child a moment to pause when they receive or attempt to send images that contain nudity".

"The feature provides guidance and age-18 appropriate resources to help them make a safe choice, including the choice to contact someone they trust," Apple said.

"The goal is to disrupt the grooming of children by making it harder for predators to normalise this behaviour and to create a moment for a child to think when facing a critical choice."