[aeronaute]

Can you elaborate on why you think this gives us way more privacy than we had before? I don't see how adding on-device scanning does that.

I think that people generally understand what's going on and where this might lead us in the future.

[skoskie]

It's less about scanning (they were already doing that on their side) and more about keys. Before, there were two keys. The one on your device, and one for accessing the data on their servers. Apple could be compelled to decrypt that data and hand it over to the government, and the government could ask for literally anything. So all the fear about "what if they decide to scan for images of XYZ" is a fear that already exists. Apple has made it clear that they do not want to aid the government in any way, and stated so directly to congress in 2019. Congress, in turn, made it clear that if they (big tech) didn't come up with a solution, they would legislate some kind of "backdoor" requirement, which would be terrible for everyone.

So they had to come up with some kind of solution that:

1. Keeps the government happy enough that they don't pass terrible legislation.

2. Keeps Apple's servers from storing illegal content.

3. Keeps Apple from being involved in the subpoena process.

4. Maintains user privacy – because that's the whole point of this exercise.

I genuinely think if people understood how they accomplished this they would see that Apple accomplished two of the objectives (1, 4) and will eventually accomplish #3 as well.

But back to keys. Your device has a master key for decrypting the photos, and that's always been the case. What I'm about to talk about Apple's servers only, and not your device:

Imagine the two-key system required to launch a nuke, or the big Hollywood bank vault that requires two people to simultaneously get retina scans. "Shared Key Encryption" is the same idea – no one person with a key can decrypt the target. What's cool about this is you can have as many keys as you want, and all of them must be present in order to decrypt the contents. How many keys is Apple using? Well in this particular encryption layer, they are using ~31 keys, and Apple only has ONE.

If we stop right there, you can already see how this is way more secure. A government cannot compel Apple to hand over your unencrypted data. Apple has been able to do this in a much simpler way for a long time, but not without causing the government to pass counter-legislation in response. They haven't implemented better security before this for that very reason.

So where do the other keys come from? They are generated anytime a match is found in the CSAM database on your phone. Even that database is hashed, so your CSAM database and its hashes are unique from every other iPhone user. If there is no match with the CSAM database for a particular image, the keys for its decryption are never generated. Meanwhile each time CSAM match is made, another of the 31 keys gets generated. So in a (super over-simplified) way, the "bad" images are keys for each other. This is why Apple has set a "threshold" for how many CSAM images must be detected before Apple is notified. They have to meet that threshold in order to have all the keys to be able to decrypt all the offending images. Even then, all other images in your account still remain encrypted and inaccessible.

All of this keeps the government happy enough to keep the bad legislation at bay. It's not a perfect solution, but it's better than the alternative, and it results in greater privacy than we have today.

Unless/until I see technical documents showing why there is a privacy issue for people who don't have CSAM, I am 100% in favor of this solution.

[aeronaute]

Thanks. I can agree that the process sounds very secure, but I still can't agree that it's more private. Apple had and will have the capability to decrypt iCloud data, so why add the additional scanning on the phone, of all places?

> Unless/until I see technical documents showing why there is a privacy issue for people who don't have CSAM

For me, it's about trust. Why not just do the scanning on their servers? With moving the scanning to the client, they've crossed the Rubicon. Apple has built a generic, automatic reporting tool for content on phones, which to my knowledge hasn't existed to date. On top of that, they've set the example that it's acceptable to perform client-side scanning.

Today it's against CSAM, but what about tomorrow? What will happen in authoritarian countries? Prior to this, I believe Apple had the high ground and could say, "we don't have the capability to scan devices and exfiltrate data". But now, it's there.

Perhaps you may say that this is the "slippery slope" argument, and maybe it is. I hope it never expands to include other things. Though I have a hard time imagining that this doesn't get expanded in the future.

[istingray]

I like your point about ~31 keys. Hadn't realized it worked like that with all images now being encrypted.

One caveat is that according to this article out today, Apple was not scanning iCloud Photo Libraries for CSAM previously: https://9to5mac.com/2021/08/23/apple-scans-icloud-mail-for-c...

"Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups."