Apple plans to scan some photos on iPhones, iPads and Mac computers for images depicting child abuse. The move has upset privacy advocates and security researchers, who worry that the company's newest technology could be twisted into a tool for surveillance and political censorship. Apple says those concerns are misplaced and based on a misunderstanding of the technology it's developed.
In an interview published Friday by The Wall Street Journal, Apple's software head, Craig Federighi, attributed much of people's concerns to the company's poorly handled announcements of its plans. Apple won't be scanning all photos on a phone, for example, only those connected to its iCloud Photo Library syncing system. And it won't really be scanning the photos either, but rather checking a version of their code against a database of existing child abuse imagery.
"It's really clear a lot of messages got jumbled pretty badly in terms of how things were understood," Federighi said in his interview. "We wish that this would've come out a little more clearly for everyone because we feel very positive and strongly about what we're doing."
Read more: Apple, iPhones, photos and child safety: What's happening and should you be concerned?
For years, Apple has sold itself as a bastion of privacy and security. The company says that because it makes most of its money selling us devices, and not by selling advertisements, it's able to erect privacy protections that competitors like Google won't. Apple's even made a point of indirectly calling out competitors in its presentations and ads.
But that all came into question last week when Apple revealed a new system it designed to fight child abuse imagery. The system is built to perform scans of photos while they're stored on Apple devices, testing them against a database of known child abuse images that's maintained by the National Center for Missing and Exploited Children. Other companies, such as Facebook, Twitter, Microsoft and Google's YouTube, for years have scanned images and videos after they're uploaded to the internet.
Apple argued its system protects users by performing the scans on their devices, and in a privacy-protecting way. Apple argued that because the scans happen on the devices, and not in a server Apple owns, security researchers and other tech experts will be able to track how it's used and whether it's manipulated to do anything more than what it already does.
"If you look at any other cloud service, they currently are scanning photos by looking at every single photo in the cloud and analyzing it; we wanted to be able to spot such photos in the cloud without looking at people's photos," he said. "This isn't doing some analysis for, 'Did you have a picture of your child in the bathtub?' Or, for that matter, 'Did you have a picture of some pornography of any other sort?' This is literally only matching on the exact fingerprints of specific known child pornographic images."
Federighi said that Apple's system is protected from being misused through "multiple levels of auditability" and that he believes the tool advances privacy protections rather than diminishes them. One way Apple says its system will be able to be audited by outside experts is that it will publish a hash, or a unique code identifiable, for its database online. Apple said the hash can only be generated with the help of at least two separate child safety organizations, and security experts will be able to identify any changes if they happen. Child safety organizations will also be able to audit Apple's systems, the company said.
He also argued that the scanning feature is separate from Apple's other plans to alert children about when they're sending or receiving explicit images in its Messages app for SMS or iMessage. In that case, Apple said, it's focused on educating parents and children, and isn't scanning those images against its database of child abuse images.
Apple has reportedly warned its retail and online sales workers to be prepared for questions about the new features. In a memo sent this week, Apple told employees to review an FAQ about the expanded protections and reiterated that an independent auditor would review the system, according to Bloomberg.