eXtensions - Sunday 22 August 2021


Sunday Comment: Apple CSAM - Bound to Succeed, Destined to Fail

By Graham K. Rogers


I had a look at a small app that allows drawing input using the trackpad on a Mac. Big Data is in the crosshairs. Facebook is under attack from the FCT which wants to see it broken up, particularly with regard to Instagram and WhatsApp. Legislation introduced in the Senate will force major phone makers to build in a back door. Apple's CSAM image plans are being widely criticised for the weaknesses that will exist and the threats to user privacy.

Teaching online has meant that a lot of materials have needed to be adapted or rewritten. I have also I found, along with some of my colleagues that the same approaches we have used for years in a classroom are ineffective when using a computer at home. I miss the whiteboard, for example. Many of the exercises I ran for certain classes meant groups of students writing answers on the board, preferably in large groups which made for interesting interactions.

When explaining ideas, I could quickly make a sketch to illustrate the idea. If I know I might need to sketch something, I can attach the iPad and share the screen; but (no matter what bureaucratic experts claim) it is impossible to plan for the unknown in classes and I sometimes need spontaneous input.

Magic icon I was alerted to a Mac app called Magic, by Filipe Espósito (9to5Mac) that uses finger input from the trackpad to draw on a white panel. The free app is available on the Mac App Store.

The panel is not full screen, but matches the size of the trackpad. It takes some adjustment from the user, but a line drawn on the panel begins where the finger is placed. I had to learn to remove my finger quickly otherwise the line would continue. There are style options and a number of brush options, including several colors.

The app is fairly rough and ready, but at a pinch it may allow that connection to be made between my ideas and the students' understanding.

Magic screenshot

I was once in the police in the UK and had to enforce laws, some of which were impractical or unfair. Even in the late 20th Century we were still using laws from the early 19th, such as the Town Police Clauses Act 1847 and the Vagrancy Act, 1824. Although the former had some weird offenses (hanging washing too low) these Acts had been well-written and were still practical in some situations. Despite much updating of laws in recent years in the UK, both are still in force because they are so useful and were well-written.

Politicians write the laws and sometimes they are wrong (politicians and laws). In some countries and at some historical moments, legislation is created for vindictive reasons. Some laws are knee jerk reactions to a situation, like the Australian reaction to refugees arriving from Afghanistan in leaky boats some 20 years ago. Most laws, however, are written to deal with what politicians see as a need to control a particular situation, group or problem.

One of the concepts that US politicians (and others) react to strongly is that of monopoly. They have had much experience of this for example with Carnegie and J.P. Morgan and the control of steel, while the control of media throughout the world, particularly by the Murdoch Corporation could be improved. More modern influences are often referred to as Big Data although the more well known of these like Amazon, Apple, Facebook, Google (and to a lesser extent Twitter), operate in different ways. Politicians find it easier to group them, while conveniently ignoring the ways in which mass media (newspapers, television) sway public opinion.

Google and Apple have their own problems with politicians in Europe, UK, USA and now Australia partly because they are just big. To some that automatically equals a monopoly situation, although there are differences. Facebook has grown into a major influencer, partly helped by the tools that Cambridge Analytica introduced that created an awareness of how social networking could influence voters and buyers. And how this sells advertising. It's growth has been rapid and the CEO, Mark Zuckerberg has appeared in front of US politicians and their committees a number of times. This may not have helped at all as he comes across as bland, emotionless and evasive. Even Tim Cook, who had a reputation as a grey man, is more enthusiastic and at least answers any questions posed (up to a point).

Glass On the way to creating itself, Facebook has absorbed several companies, some of which may have been erstwhile competitors. Instagram and WhatsApp are two of the most well-known. With both, users have been disappointed with the way changes have been introduced. With Instagram this has been most upsetting for photographers who had been using the app to build recognition.

It has changed some more recently (although I am enjoying the Reels) and I am switching to Glass, a new app that is aimed at photographers who just want to display their output. It is a bit slow at the moment and slightly limited, but with all these things, it may benefit from user input and suggestions.

Last week Juli Clover (MacRumors) wrote about the antitrust case that the Federal Trade Commission (FTC) has been building against Facebook, and notes that this has now been reinforced with "more detail on how the company either crushed or bought out its rivals in an attempt to get rid of competition". This strengthens its case against the company and it has asked the judge "to force Facebook to sell Instagram and WhatsApp." The details in the article taken from the FTC complaint suggest that while Facebook originally based its approach on the desktop, mobile computing left it wanting and its buy and bury approach helped it overcome this, along with hindering integration 3rd-party developers on its platform.

For years, law enforcement (and some politicians) have been trying to force Apple to create some form of back door to allow easy access, only when needed of course, so that it is easier to deal with,

  1. Terrorism
  2. Organised Crime
  3. Child Pornography

although Apple may have shot itself in the foot on that last one (see below). Apple has always complied with any legal warrants that have been issued, as do all of the Big Data companies, but if there is end to end encryption, not even Apple (or WhatsApp) can provide the unencrypted data. Last week it was reported (Oliver Haslam, Redmond Pie) that a Bill introduced into the US Senate is aimed at any phone maker, although how that will be applied to phones using Android made in Asia has me scratching my head.

An immediate oddity is the Section describing the scope, that begins "A device manufacturer that sold more than 1,000,000 consumer electronic devices in the United States in 2016 or any calendar year thereafter", which immediately offers a get out to those criminals who would depend on encryption. This was used by Anom (although the FBI were secretly running that) and particularly, EncroChat which served criminals for a while until it was broken into. Both of these had a small number of subscribers: well below 100,000 so the phones would not have been included, should this legislation succeed. Apple (and others) do hand over information when a lawful warrant is executed, which users agree to with the licensing. That encryption is the key to privacy.

Current iPhone 12 - image courtesy of Apple

We are now 3 weeks into Apple's CSAM detection problems, and the interference from critics is widening. Last Thursday, Corellium, with which Apple has already had litigation problems announced that it was launching an initiative to "support independent public research into the security and privacy of mobile applications" (Sami Fathi, MacRumors). Commenting on the criticism about the way Apple intends to identify CSAM images this initiative could test Craig Federighi's claims about verifiability.

Of course, as Apple and Correllium already have conflicts, one questions the sincerity here. Stephen Warwick (iMore) also comments on the offer, which on the face of it sounds useful: independent verification of continued privacy. He notes that the case between the two was settled just a week ago "over the very iOS virtualization software it says can now aid security researchers." Curious. Apple has now announced an appeal to the court decision in its case.

Correllium may be a distraction, but there are other comments that are not so easily dismissed, despite Craig Federighi's defense of the CSAM plan. While it is known that all online photo distribution systems check for such images, usually these are by human means. It is Apple's desire to remove the human intervention (until a user steps over the threshold - potentially 30 such images) and use machine learning that has caused the outcry. Apple was forced to introduce some method of detecting such images as it is reported that by last year it dawned on the company that it was the world's largest porn distribution company, with child grooming a growing problem "on the App Store and within iMessage" (Stephen Warwick, iMore). Eric Friedman, Apple's anti-fraud chief mentions that Facebook privacy is poor but the emphasis is on trust and safety, while Apple has priorities which are opposite to this. The discovery that your platform allows sharing of massive numbers of such images means that inevitably Apple was bound to act.

While some of the criticism of Apple's approach to this has tended to be knee-jerk, for example the comments from Bill Maher (Stephen Warwick, iMore) who adds on other derogatory comments about iPhone owners, because he can: a man who likes the sound of his own opinions. Most criticism, however, is well-intentioned. The idea of Apple reneging on its famed privacy protection is beyond belief to many.

There has been a lot of expert input, including from some computer scientists from Princeton who had already developed a CSAM system, Stephen Warwick reports in iMore. They warn against Apple doing the same, writing in The Washington Post that this is not because they do not understand how it works, "The problem is, we understand exactly how it works." As Warwick writes, this protection that Apple claims exists to prevent the use of the system in identifying other types of images, is not technological. It is a policy decision; and policy can be changed.

Note, for example, while we are already aware how China controls what internet users in the country can access, and Russia insists that certain apps are installed when the iPhone is delivered to customers in the country, Apple (along with Google) is now being forced to remove an app developed by opposition leader, Alexei Navalny (Stephen Warwick, iMore), because "it is used to promote the activities of organizations recognized as extremist". Navalny who opposes Russian President, Vladimir Putin, was famously poisoned in August 2020.

Pandora's Box'

According to a report from Oliver Haslam (iMore) there are in excess of 90 groups that have signaled opposition to the CSAM detection method that Apple intends to us and together they sent a letter to Apple CEO, Tim Cook denouncing the plan. There are several metaphors that might be used here: genie out of the bottle, can of worms, Pandora's box et al; but if (or when) this is introduced with the release of iOS 15, millions of users who have relied on Apple for its guarantees and support concerning privacy, will have reduced confidence in Cupertino and its products.

Several commentators have already expressed an intention to use alternative products, although this cure may be just as bad with the current options available. Having spent years building a reputation based on its regard for privacy - which it still has - in one fell swoop that is to be lost. With CSAM detection Apple is destined to fail.

Damned if you do. Damned if you don't.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2021