[snowwrestler]

What is the functional difference between the government demanding Apple add code to break device encryption, and the government demanding Apple add signatures that extend their on-device scanning beyond its intended scope of CSAM?

Apple seems to get a lot of credit for opposing the former, but gets mocked when they say they would oppose the latter. But as far as I can tell, the legal argument is exactly the same for both situations: can the government compel Apple to add functionality that they do not want to add?

Apple’s plans seem creepy to me, but I have been less than impressed with the specificity of arguments against it. Most seem to stop at “what if the government forces them to expand it” without addressing exactly how, under current federal law, the government would do that.

For example, see this Twitter thread arguing that it would be very difficult for the feds to do that:

https://twitter.com/pwnallthethings/status/14248736290037022...

[idunnoman]

I mean this genuinely. Didn't we learn with Snowden why this argument isn't valid?

The government does break these laws to get what they want AND they silence the people that they force to break the laws.

Why are we pretending that anything has changed?

[snowwrestler]

If our starting belief is “the government will secretly force Apple to do things no matter what the law says,” then why do we care what Apple says or announces, at all?

Why get mad at Apple if we have already conceded that they are powerless before the government in general?

[idunnoman]

This is a good point.

I do believe we should be skeptical of these companies stated positions unless we can see a profit motive. The previous stance that Apple said they had was "we value your privacy and you should pay us for that".

They also demonstrated in the case in 2016 with terrorists and the FBI that they meant it.

In this case, they have flipped entirely, and are now adding features without being compelled that subvert that stated goal.

Apple will scan your phone/data without a warrant AND report to the government now. This is their public opinion now. Forget their compelled and forced actions. Now they are proud to be the bad guys.

[shuckles]

So what’s the profit motive?

[idunnoman]

I don't see it. Clearly our motivations are misaligned. I'm not confident you can sell me on the idea that this will get people to trust them more, and therefore buy more apple stuff.

[mfer]

> Apple’s plans seem creepy to me, but I have been less than impressed with the specificity of arguments against it. Most seem to stop at “what if the government forces them to expand it” without addressing exactly how, under current federal law, the government would do that.

It's not "the government". There are many governments around the world. What happens when China, Russia, or another country legislates using this technology for some other purpose. Those are big markets. Will Apple back out of them or give in?

[mikenew]

> Will Apple back out of them or give in?

They will give in, at least in China. They currently host all of their iCloud content in China on Chinese servers (and turn over encryption keys), they have banned all VPN apps from the Chinese app store, and they removed the Hong Kong protest app at the behest of the CCP. They will do whatever China tells them to, because, at least from their perspective, they have to. All their manufacturing is in China.

I can't even imagine an outcome where Apple doesn't start looking for pictures of tank man or anti-government images on Chinese citizen's phones. The Chinese government will hand them a list of hashes and say "these photos are illegal here, tell us whenever you find one". Maybe Apple will hold the line of "only photos uploaded to iCloud", but even then they just built the capability to scan everything on someone's phone, and the iCloud part is simply a switch that we have to hope they don't flip.

I'm trying not to be too hopelessly negative here but I can't believe Apple decided that encrypting iCloud backups is worth trading for a file scanner on your phone. What the fuck.

[slg]

>What is the functional difference between the government demanding Apple add code to break device encryption, and the government demanding Apple add signatures that extend their on-device scanning beyond its intended scope of CSAM?

Is this meant as a rhetorical question? Because they are pretty different from both a technical and policy perspective.

Breaking encryption means the government can have access to everything without restriction. It also means there is a backdoor for others to discover.

This approach of matching signatures means that the government needs to have specific content it is looking to match. The government asks "does the device have this specific file" and Apple returns a yes or no. They can't do broad searches for unknown content. Apple also remains as the gatekeeper between its users and the government when it comes to extending the scanning.

We can still be against the latter while acknowledging that this isn't as scary a scenario as the former and therefore it isn't purely a legal question of which approach Apple would be more likely to accept.

[snowwrestler]

The case this 2016 letter is about was not a request to break phone encryption in general. The government asked Apple to assist only in getting into a few specific phones for a specific reason, under the authority of a valid warrant. And many folks thought Apple had a strong legal case to say no.

Apple can’t search phones under the technology they announced, so the government can’t ask Apple for information about what is on people’s phones.

The government could only ask Apple to add hashes to an operating system that Apple runs. Structurally, this is the same as asking them to add functionality, which is what they objected to in 2016.

There is also a scope issue; if every iPhone has the same hash list, then the government is essentially fishing in everyone’s phone for a file. This is typically illegal. The government has to be specific about why they think a certain person/people have a piece of data before they can get a warrant to go get it.

Remember that (as the Twitter thread reminds us) the entire CSAM scanning effort is voluntary. The government is not forcing Apple to scan for CSAM, so how would they force Apple to scan for anything else?

[slg]

>Remember that (as the Twitter thread reminds us) the entire CSAM scanning effort is voluntary. The government is not forcing Apple to scan for CSAM, so how would they force Apple to scan for anything else?

Which is the point that you seem to largely be ignoring. Apple has its own motivations here and it isn't purely a question of what the government is forcing them to do. Apple knows that once encryption is broken, it is broken for everything. This new proposal is much more targeted and gives Apple control while also preserving their ability to say no on technical grounds for further privacy invasions. That is why they would prefer it over the previous government proposal.

[zionic]

The list Apple uses is the property of the secret police, which is owned by the government. The government can change the database at a whim and push new targeting data to your phone.

[grammarnazzzi]

> What is the functional difference between the government demanding Apple add code to break device encryption, and the government demanding Apple add signatures that extend their on-device scanning beyond its intended scope of CSAM?

search without reasonable cause is a violation of the 4th amendment and due process