Ben Thompson: 'Apple is making a promise it can't necessarily keep'

From "Apple Versus Governments" ($) posted Tuesday to Stratechery subscribers:

Quoting from Apple's Expanded Protections for Children FAQ:

Could governments force Apple to add non-CSAM images to the hash list?

Apple will refuse any such demands. Apple’s CSAM detection capability is built solely to detect known CSAM images stored in iCloud Photos that have been identified by experts at NCMEC and other child safety groups. We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future. Let us be clear, this technology is limited to detecting CSAM stored in iCloud and we will not accede to any government’s request to expand it. Furthermore, Apple conducts human review before making a report to NCMEC. In a case where the system flags photos that do not match known CSAM images, the account would not be disabled and no report would be filed to NCMEC.

I absolutely believe Apple as far as the United States is concerned. First off, yes, Apple has absolutely demonstrated a willingness to stand up to government demands, and second, the 4th Amendment expressly forbids the government from mandating searches and seizures without a warrant. And, to be honest, I probably believe Apple as far as China is concerned as well: after all, the government already has access to Chinese iCloud accounts, so how much is to be gained by mandating Apple’s CSAM-scanning mechanism introduce new hashes of interest to the Chinese government? That noted, it’s worth pointing out that Apple is making a promise here it can’t necessarily keep: the rights of Apple users to not be searched is ultimately a function of the laws in the country in which they reside; to put it another way, the fact that Chinese iCloud data is accessible by the government is ultimately a function of their rights or lack thereof in China, not Apple’s decision-making.

What is far more interesting, and, as I noted yesterday, likely played a role in Apple’s decision to build this feature, is Europe. Both the UK and EU are well on their way to mandating scanning for CSAM, and while Apple previously changed the iCloud terms of service to give itself permission to scan for content on the server side, the low number of reports suggests that its scanning was quite limited (perhaps just to email?). Apple likely felt it had to expand its efforts, and it was better to act preemptively and in a way that it clearly believed was better.

My take: Thompson puts his finger on Apple's Achilles heel...

The rights of Apple users to not be searched is ultimately a function of the laws in the country in which they reside.

Apple has already shown a reluctant willingness -- at least in China -- to do what it takes to keep operating in a country if that country's market is large and its supply chain mission-critical.


  1. Jerry Doyle said:
    My take: Ben Thompson NAILED it! Below is precisely mine and others’ concerns.

    “…. In other words, what users care about is not just privacy but also control, at least in terms of their device …. some people don’t like the fact that websites track you when you visit, or scan all of your content, but that seems much less objectionable then your own device selling you out! — what actually bothered people all along was not 3rd-party sites and services tracking them — after all, who trusts them?— but paranoia that ‘… their own devices are spying on them (think about all of those people worried that their phones are listening to them)?’ — Both Apple and Google are headed in that direction — for privacy-preserving reasons!

    August 10, 2021
  2. Fred Stein said:
    I’d like Ben Thompson to list all the major US internet tech companies that don’t comply with NCMEC re CSAM. A site called thorn doc org has more info.

    Then we’d see a headline like, “Apple’s NCMEC compliance provides the most privacy protection of all leading internet tech companies”.

    Not very catchy, eh?

    August 10, 2021
    • David Emery said:
      Companies like TikTok’s statement “We won’t search your photos” should also be cast appropriately. “TikTok plans to disregard legal requirements in the countries where it operates.”

      August 10, 2021
  3. Alan Trerise said:
    Apple draws the line at the iPhone device. In the San Bernardino case Apple handed over all iCloud data but refused to engineer a special iOS version to get around on-device encryption.

    It is quite easy to author an app that uses Apple’s machine learning functionality to scan photos looking for whatever. But the app must ask for explicit permission to access the photos.

    What will Apple do when a government insists an app be available on the App Store which is mandatory for all citizens to install. And if the user refuses to let the app scan their photos, a notification is sent to the government.

    Apple has stated privacy is a human right. In some countries privacy is not a right at all.

    August 10, 2021
  4. John Konopka said:
    We applaud Apple for trying to do the right thing, but Apple is not all powerful. They are one player in a game of tug-of-war with multiple ropes pulling the center in different directions.

    August 10, 2021

Leave a Reply