A lot of people not in government are also fiercely opposed to raping children and are willing to compromise, and understand that Apple can already do whatever they want to your phone, so this specific thing isn't the straw that breaks the camel's back.
All the "what if Apple turns evil one day" applies equally well to iOS without this feature.
I believe a lot of the outrage brewing now against Apple’s CSAM scanning is misdirected, and might actually be hurting the larger cause.
Most ordinary people, especially those who have kids, won’t have a problem with a well-implemented, E2E encryption compatible scheme that is legally limited to only apply to this type of material. If explained the hash collision issue, they’d reasonably point out that Apple does manual review before notifying law enforcement, so this rare eventuality is something they can live with. Meanwhile, in the other camp, many of the vocally outraged fail to understand that no E2E encryption breakage has to be taking place for this feature to work.
What’s actually a problem is that earlier, back in 2019, Apple changed their ToS to allow pre-screening of generally any “potentially illegal” content[0]. This should trigger much wider audience, and for legitimate reasons (the phrasing is clearly unnecessarily broad, and opposing this does not undermine kids’ safety in any way), yet no one is talking about it to my knowledge.
Did you learn the same thing—that E2E encryption doesn’t need to be broken for this to work?
The only event in which Apple can gain access to your content is if you happen to have multiple CSAM matches; then they can access only the matching content, and only then if it’s manually confirmed by a human to be CSAM an action is taken.
The issue is if this type of matching is done for other purposes than CSAM; and unfortunately they gave themselves legal permission to do it back in 2019. That’s what we should object to, not CSAM reporting.
I didn't say anything about breaking E2E encryption. Anything a human in the middle can review in any event isn't E2E encrypted. Call it something else.
The issue is the hash algorithm is secret. The decryption threshold is secret. The database of forbidden content can't be audited. People claim it includes entirely legal images. And it's a small step from scanning local only files.
> as long as it's strictly for CSAM check purposes
And that's precisely the leaky part of this setup. Nothing about this system's design prevents that from changing on a mere whim or government request.
Next year they could be adding new back-end checks against political dissident activity, Uyghur Muslims, ... and we'd be none the wiser.
All the "what if Apple turns evil one day" applies equally well to iOS without this feature.