German parliament pens letter to Apple with concerns over CSAM detection system

PikachuEXE 2021-08-18 09:25:11 +0000 UTC [ - ]

Related: https://news.ycombinator.com/item?id=28215621

ribit 2021-08-18 09:25:32 +0000 UTC [ - ]

I think it's a bit funny that German government is complaining to Apple about a feature that is not even going to be active in Europe while simultaneously considering a law that requires communication providers to scan all emails and messages for inappropriate content...

skrause 2021-08-18 10:34:02 +0000 UTC [ - ]

> I think it's a bit funny that German government is complaining to Apple

The German government isn't complaining. Looking at the original German article it was a single parliament member from an opposition party that wrote a letter to Apple.

prox 2021-08-18 17:28:32 +0000 UTC [ - ]

So the title is misleading in that case. “German Parliament Member” would be better.

cyanydeez 2021-08-18 22:38:15 +0000 UTC [ - ]

welcome to the internet

Archelaos 2021-08-18 18:18:31 +0000 UTC [ - ]

A new parliament will be elected in Germany on 26 September. Current polls do not see a majority for the ruling coalition of CDU/CSU (Conservatives) and SPD (Labour). It is expected that either the FDP (Liberals) or the Grünen (Greens) or both will be part of the next government. Both the FDP (the party of the MP who wrote the letter) and the Grünen have been very supportive of data protection and privacy in opposition. We will see if they stick to it in government.

cheschire 2021-08-18 09:36:52 +0000 UTC [ - ]

This is hardly surprising. Governments are not unified bodies, they are inherently built of groups of at worst directly opposing or at best mildly aligned individuals claiming membership to some political ideal and/or club.

HMH 2021-08-18 09:38:19 +0000 UTC [ - ]

You are right, I'd be pretty surprised if such a statement came from the government itself. But this complaint is actually only from some members of the parliament belonging to the Digital Agenda committee with the chairman being a member of the opposition.

type0 2021-08-18 09:55:39 +0000 UTC [ - ]

Yeah, in this case the difference between parliament and the government is substantial and OP doesn't seem to know there is one.

0x0 2021-08-18 09:54:19 +0000 UTC [ - ]

How is "in Europe" determined? Will it trigger for an american appleid while present in Germany? Will it trigger for a German appleid while present in the US?

tpush 2021-08-18 10:28:09 +0000 UTC [ - ]

Since it concerns iCloud, it probably depends on your Apple ID region. But I don't think Apple has stated anything conclusive.

kwhitefoot 2021-08-18 10:56:54 +0000 UTC [ - ]

The GDPR would be the model to follow I suppose. In that case the rules would apply to anyone physically present in the EU whether a citizen or not.

0x0 2021-08-18 11:01:27 +0000 UTC [ - ]

So how would that be determined, especially if you disable location services and/or use a VPN?

bildung 2021-08-18 09:33:20 +0000 UTC [ - ]

It doesn't matter whether the feature is active right now - its presence means it is only a matter of time until agencies will want to have access.

ribit 2021-08-18 09:46:54 +0000 UTC [ - ]

And that's why we need to push our respective representatives to adopt laws that prohibit any kind of personal content scanning without a warrant. Personally, I would be ok if this scanning were applied to cloud-stored data that is shared to the public (e.g. social media platforms), but that's about it.

From the technical standpoint, Apple's implementation seems sound, although it does raise strong concerns about the future applications of the technology. Strong privacy laws can prevent abuse.

tomcooks 2021-08-18 11:21:23 +0000 UTC [ - ]

https://www.patrick-breyer.de/en/chatcontrol-european-parlia...

There you go, next

petre 2021-08-18 14:38:56 +0000 UTC [ - ]

So basically only the greens and the lefties voted against this. I'm not going to vote in the next EPP elections as nobody represents my interests.

turbinerneiter 2021-08-18 16:08:31 +0000 UTC [ - ]

I mean the greens and the lefties do, are they not?

petre 2021-08-18 20:32:30 +0000 UTC [ - ]

We have no parties in the greens/efa group and the lefties are just the true believers that miss the times before '90, commonly held means of production, the Stasi, so no. Representative democracy fail.

ranguna 2021-08-19 07:11:45 +0000 UTC [ - ]

Just vote blank

riedel 2021-08-18 16:37:28 +0000 UTC [ - ]

The guy who chairs the committee and send the letter is from the opposition (free democrats).

Ps: sorry if I double posted. I got an error the first time around and found not see the post.

2021-08-18 10:24:53 +0000 UTC [ - ]

oytis 2021-08-18 09:54:54 +0000 UTC [ - ]

That's the tradeoff every government has. Everyone wants to be able to track their people, but not let their people being tracked by someone else.

webmobdev 2021-08-18 10:49:46 +0000 UTC [ - ]

While it does sound hypocritical, it is good to see the democratic process working as intending, and some politicians trying to find the right balance between the "needs vs wants" of those elected to power.

Yes, there is a need to thwart the production and distibution of child sexual abuse material. Yes, there is a need to monitor communication (following due process) to protect a democratic nation against those who want to harm it. A government in power however, will often seek to go beyond its "needs". In this particular context, they want, and demand, the right to unleash surveillance on everyone, without any due diligence or monitoring. This obviously has more to do with their desire for more power and control, than the actual needs of the nation.

While "cloud scanning" has some how been grudgingly accepted by many of us, Apple's CSAM tools go beyond that and lays the foundation for a future surveillance network that the BigTech and power-hungry governments have long been desiring. With this kind of technology (with legal backing) the BigTech get unrestrained access to our personal data that they can monetise. The governments gets the power to scan all our devices for content the government deems inappropriate (anything they deem illegal and / or that threatens their hold on power).

Apple's CSAM tools are thus a direct assualt on our rights - with it, we are no longer considered "innocent, until proven guilty". We also lose our right against self-incrimination. In a democratic setup, if a government accuses anyone, the burden of proving the accusation is on them. But if Apple's CSAM tools is extended into a surveillance network that is always monitoring for "illegal" content, the whole process will be turned around where we citizens will now have to bear the burden of always proving our innocence. Our rights, and democracy, go for a toss with this.

We should laud the politicians who bought up this issue in Germany and are defending the democratic rights and values that we all want to see prevail.

nonbirithm 2021-08-18 20:10:16 +0000 UTC [ - ]

> While "cloud scanning" has some how been grudgingly accepted by many of us

Reading through these discussions, this is the one question I haven't seen a good answer to. Would any of us be speaking out like we are right now if Apple had chosen to do server-side scanning instead of on-device scanning, just like every other company?

There are many options for personal server hosting where the hardware and software are open for reverse engineering and inspection, so you could, at least in theory, host a server you control without needing to use Apple's offering. On the other hand, smartphones are proliferated by a duopoly and there are no viable options for using one where both stacks are made completely open. No company has the capability to openly push a scanning feature like this into the Linux kernel in the same way that Apple can openly announce they're going to add their own version of such a feature to their own operating system, because the power dynamic is completely different.

It sounds like the magnitude of the backlash people are expressing can be partially explained by the fact that Apple has such a large foothold on the personal device market in a world where smartphones are increasingly becoming necessary to live one's life, and due to the inability to choose a privacy-respecting device that is also competent enough to satisfy society's new expectations for smartphone usage, there is no good place to hide.

nix23 2021-08-18 11:00:35 +0000 UTC [ - ]

>Yes, there is a need to monitor communication (following due process) to protect a democratic nation against those who want to harm it.

How can one harm a stable democratic nation truth "communication"? Normally it is harmed truth news-outlets and not one to one communication.

webmobdev 2021-08-18 17:46:57 +0000 UTC [ - ]

A government often does need to monitor the communication of foreign agents / spies or suspected terrorists to protect the nation. Monitoring one-to-one connection between these kind of agents working against the nation, is a legitimate exercise in the interest of national security. However, who the government can accuse or suspect as a foreign agent or terrorist, to spy on them, should be preferably after following due process through the judiciary.

nix23 2021-08-18 19:51:11 +0000 UTC [ - ]

>A government often does need to monitor the communication of foreign agents / spies or suspected terrorists to protect the nation.

Sorry but it's not really working like that anymore...the metadata here is much more important then the call itself. And humint is getting more and more important too...again

riedel 2021-08-18 16:31:08 +0000 UTC [ - ]

This was not the German executive but it's legislative. There is a huge difference here.

2021-08-18 13:34:40 +0000 UTC [ - ]

mschuster91 2021-08-18 09:47:49 +0000 UTC [ - ]

> a feature that is not even going to be active in Europe

Just wait until some bought-off cronies in the EU Parliament pushes for this feature. Never forget the Article 13 events!

watt 2021-08-18 09:05:20 +0000 UTC [ - ]

I don't feel like carrying a little police man in my pocket. Unless CSAM is dead and buried, Apple is dead to me.

ByteWelder 2021-08-18 11:07:22 +0000 UTC [ - ]

Even if they end up canning the idea, they have been gaslighting their user base in the past week or so. Their CSAM implementation betrays their earlier statements on privacy, so they are dead to me already.

Since a few days, I have finished switching over from a Mac Mini (M1), iPhone and Watch to a desktop (with a proper graphics card, unlike the M1), a phone with LineageOS (and microG, so no/little Google) and an Amazfit GTR 2e watch. Apple is missing out on 3-4k in purchases from me in this year alone.

n8cpdx 2021-08-18 16:08:04 +0000 UTC [ - ]

Glad I’m not the only one. By the end of this week I’ll have:

- synology nas to replace iCloud

- XPS 13 (hopefully running Linux, or at worst a heavily locked down Windows 10)

- Pixel 4 with grapheneOS

I’ll be selling my 12 Mini, M1 Mac Mini, Watch 6, and iPad; Apple services subscriptions have already been canceled. Signal seems to be a capable replacement for iMessage so far.

I was really looking forward to the fall hardware announcements, but I’m glad I found out Apple is an untrustworthy actor before I gave them any more $$$

justinclift 2021-08-18 18:41:41 +0000 UTC [ - ]

> synology nas to replace iCloud

As a data point, make sure you have some kind of backup for that NAS too. Preferably not stored in the same location as the NAS itself (just in case). :)

bodge5000 2021-08-18 12:32:00 +0000 UTC [ - ]

New customers too, I was thinking about going to pretty extreme lengths just to use an iphone (I'm not willing to give up on usb-c + headphone jack, but loved the privacy aspect, so was considering a usb-c charging case with a small DAC strapped to the back of it), but with the privacy aspect gone, that seems a bit pointless.

I'm not gonna sell my iPad or anything, but I have no plans on vaulting into the walled garden now

2021-08-18 13:51:01 +0000 UTC [ - ]

Gareth321 2021-08-18 12:37:04 +0000 UTC [ - ]

That looks like a great watch! Thanks for the suggestion. I'm in the process of leaving the Apple ecosystem as well and have been looking for a Watch replacement. It's this or the Galaxy Watch 4.

ByteWelder 2021-08-18 13:30:05 +0000 UTC [ - ]

You're welcome! If you want more features, the GTR 2 (regular, not "e") is only ~20 EUR more and gives you WiFi and some storage for music and some other extra features. The GTR 2e supposedly last much longer on a charge though. I've got the "always on display" feature activated and I project to have 7-10 days of battery life.

laurent92 2021-08-18 15:46:36 +0000 UTC [ - ]

I guess Apple makes too much revenue and tries to get rid of customers. They have to have counter incentives for customers, or they won’t be able to provide everyone.

intricatedetail 2021-08-18 11:41:56 +0000 UTC [ - ]

Same here I was going to buy an iPhone and waiting for Mac update, but now I am going buy Xperia and still researching a laptop.

ByteWelder 2021-08-18 13:26:35 +0000 UTC [ - ]

If you're still in doubt about the phone, I recommend OnePlus devices, because they seem to generally work well with the microG variant of LineageOS (https://lineage.microg.org/), which allows you to break free from Google too. Alternatively, Pixel devices also support a wide range of ROMs, including LineageOS. With microG to replace Google Services, you still get push notifications, but without having to log in with a Google account. I've got a OnePlus 8T for 3 days now. The OnePlus 9 sadly isn't yet supported by LineageOS, and the 9 Pro has some downsides that I don't like.

intricatedetail 2021-08-18 16:43:00 +0000 UTC [ - ]

I have a strict rule to not buy anything made in China if I can get an alternative from a different country so my choices are quite limited.

foepys 2021-08-18 16:59:25 +0000 UTC [ - ]

Are there any smartphones definitely made outside of China? I know that Apple has a new factory in India (or similar) but still does some production in China.

windowsrookie 2021-08-18 18:02:52 +0000 UTC [ - ]

Samsung makes most of their premium phones outside of China.

dredmorbius 2021-08-18 10:04:48 +0000 UTC [ - ]

I don't either.

But my personal boycotts of mainstream social media, advertising, and weaponised viral clickbait have had absolutely no effect on the general adoption of such practices.

Collective action and regulation are what is required here. Parliaments are the effective mechanism. Possibly class-action suits.

pjmlp 2021-08-18 10:18:32 +0000 UTC [ - ]

I usually argue for Apple, but in this case I fully agree with CSAM hate.

This isn't Minority Report.

majewsky 2021-08-18 10:58:44 +0000 UTC [ - ]

Without arguing the merit of your personal position, "this isn't Minority Report" is a terrible argument. Minority Report is about pre-crime. If someone has CSAM on their phone (and it's not a false positive), they are already actively committing a crime.

Santosh83 2021-08-18 12:57:42 +0000 UTC [ - ]

Ridiculous. So if I use malware to insert CSAM on your iPhone, you're "actively" committing a crime? CSA is a crime, but a person suspected of that must be properly tried through the judicial process. Private entities can also monitor what passes through their premises, but they have no business planting continuous surveillance functionality on your premises without a court warrant.

Everyone knows that the worst CSA happen in lawless countries and regions. This is mere pretext to build generalised surveillance infrastructure, or more importantly, normalise the concept of being continuously surveilled by faceless entities. That is the big push society is heading generally towards. It started with CCTV and will end with brain implants, unless society decided enough is enough at some point instead of endless hair-splitting.

nonbirithm 2021-08-18 19:24:36 +0000 UTC [ - ]

The law still views willful possession as a crime, otherwise we wouldn't be here. I agree that does open up the possibility that you could frame somebody by planting CSAM on their device. Building mass surveillance features into the device only makes that easier to accomplish than before.

But everybody agrees that outlawing the possession of CSAM in general is the right thing to do. This was the case even in a time when the Internet was still in its infancy.

hannasanarion 2021-08-18 19:50:41 +0000 UTC [ - ]

In what scenario would somebody target you for CSAM framing, and not tip off the police that there was CP on your phone themselves?

The apple technology only adds passive detection. In the event of a framing, passive detection is not necessary.

This technology doesn't enable any new attacks.

Zababa 2021-08-19 12:21:08 +0000 UTC [ - ]

On the contrary, with passive detection you don't have to risk tipping the person off to the police yourself, so it becomes even easier to frame people.

hannasanarion 2021-08-19 15:44:58 +0000 UTC [ - ]

By crossing your fingers and hoping that the Apple reviewers mistake the grey blobs for porn, the NCMEC reviewers mistake the grey blobs for porn, and the police, DA, and judges all mistake the grey blobs for porn, and that the person being targeted doesn't notice the mysteriously appearing grey blobs on their phone in time for that entire process to happen?

Zababa 2021-08-19 15:48:43 +0000 UTC [ - ]

Or you could find pornographic pictures with a person that looks quite young in them, and slighly modify the picture until you get a collision.

hannasanarion 2021-08-19 16:01:05 +0000 UTC [ - ]

And why would anybody be more interested in framing somebody with an image that looks so similar to child porn that it convinces dozens of professional child-porn investigators and yet technically isn't, instead of just sending the actual child porn?

They neeed to already have the original image to make the hash collision. In your scenario, what does the attacker gain from sending a visually-indistinguishable collider instead of the original?

Zababa 2021-08-19 16:51:27 +0000 UTC [ - ]

They gain that the image won't be detected by CSAM detecting systems on their devices.

birdyrooster 2021-08-18 14:09:00 +0000 UTC [ - ]

We will have to try brain implants at least once to know it’s a bad choice

pjmlp 2021-08-18 13:34:03 +0000 UTC [ - ]

The merit of my personal opinion is reflected on the Apple hardware that I will be willing to still spend money on.

If enough people do the same, Apple will realise how much merit our opinions collectively achieve.

Bellamy 2021-08-18 09:12:49 +0000 UTC [ - ]

I already sold my apple stocks and try to leave the lock-in they have on me and my devices.

moooo99 2021-08-18 09:28:34 +0000 UTC [ - ]

The tragic but most likely outcome of this debate will be: most people just won't care, they will continue to buy and use Apple hardware as if nothing happened. The average consumer does only hear about the idea of protecting kids and approves this noble goal. Most consumers just do not care about the consequences this can have on their privacy.

If people would really care about their privacy, Facebook and Instagram wouldn't be as big as they are, nobody would use facebook messenger for communication and a lot fewer people would use Windows and Android. Despite the warning of privacy advocates, experienced users, etc, people don't seem to care and I doubt this will change with the CSAM debate.

mnsc 2021-08-18 09:51:16 +0000 UTC [ - ]

I could argue that this actually might be different since Facebook and Instagram is opt-in. I think regular users understand that if they willingly upload a picture to a social media site, even if it is in a DM, it _might_ be "hacked", so you can choose not to upload that how-the-fuck-do-i-look-naked-from-behind mirror selfie and be completely confident that no-one will see this (cloud sync off). But now, if the general public will find out that every photo you take, period, is "analyzed", maybe people will start choosing otherwise. I think we will have to see.

moooo99 2021-08-18 13:29:45 +0000 UTC [ - ]

On could argue that this is scanning is also opt in, it requires you to purchase an iPhone. Also, at least according to Apple's provided material, the scanning only affects images which are uploaded to the iCloud, so not every image on the device. However, how long that restriction actually holds once the system is in place is questionable. Also, the risk of abuse by authorities as well the fact that there is no way to monitor the system as a user is a huge part of the problem.

idunnoman 2021-08-18 14:10:02 +0000 UTC [ - ]

Agreed.

I bought a pine phone when they announced it. Looking forward to leaning into it when it arrives.

I know there will be some pain, but I'm getting off the ride here.

max_ 2021-08-18 17:35:02 +0000 UTC [ - ]

The real problem is that their are no real alternatives

webmobdev 2021-08-18 11:01:38 +0000 UTC [ - ]

I agree with this sentiment fully. Apple's CSAM is laying the foundation for a surveillance network to spy on its users - (Apple is Preparing to Comply with Indian Govt's New IT Rules - iPhones (and other Apple devices) will soon start deploying built-in surveillance to spy on its users. https://old.reddit.com/r/unitedstatesofindia/comments/oyqjq0... ).

ilogik 2021-08-18 10:52:26 +0000 UTC [ - ]

holy fucking shit, so many idiots in this thread that have no idea what they're talking about.

there are plenty of reasons to hate apple. this isn't one of them

dang 2021-08-18 20:06:34 +0000 UTC [ - ]

Please make your substantive points without fulminating or calling names, no matter how wrong other people are or you feel they are.

Believe me, I know how frustrating it is when nearly everyone on the internet is wrong (or you feel like they are), but comments like this don't help, they just make things worse. If you want to patiently provide correct information, in a form people can actually learn from, that's great. If you don't want to do that, not posting is also an option.

https://news.ycombinator.com/newsguidelines.html

ilogik 2021-08-18 22:28:25 +0000 UTC [ - ]

I user to come to HN for interesting discussions.

Now it's pretty much all BS.

"Apple is looking at my pictures, I'm switching to Android."

Nobody stops to think before saying something stupid.

it's 1am, and this has been discussed to death. Good night

dang 2021-08-19 05:59:03 +0000 UTC [ - ]

Other people posting BS is a poor reason to post more BS. That only makes things worse.

Better options are (1) post something thoughtful and substantive, or (2) don't post.

ilogik 2021-08-19 07:53:05 +0000 UTC [ - ]

The main concern seems to be that people are afraid that other governments can use this technology to have iPhones scan for other types of images. (The "Tank Man" photo is often given as an example)

Apple say they won't do that, but it's perfectly healthy to not trust Apple on that aspect.

But the fact that they're scanning for CSAM images doesn't change the above in any way. If they back down and stop scanning for CSAM images, that won't have any effect on the above. The governments can still pressure them to add this to their phones. Or even worse. Maybe they have.

It's like people disabling exposure notifications because they don't trust Apple. If that's the case, why do you trust the toggle to actually do anything?

You either trust Apple that they won't bow down to pressure, or you don't, in which case, buy a phone from a company that you trust more.

As someone said on a podcast recently, this isn't a technological problem, it's a government problem. The solution is to vote, not to change your mobile phone.

dang 2021-08-19 08:47:47 +0000 UTC [ - ]

This is a much better comment. If you had posted it originally there would have been no need for a moderation scolding and if you post like this in the future, all will be well. Thanks!

ilogik 2021-08-19 09:11:25 +0000 UTC [ - ]

Don't really care about HN at this point, down-vote me to hell.

My arguments seemed obvious. Yet the all the top comments are "OMG, apple is looking at my photos".

I'm not an Apple fanboy. They are doing some horrible stuff, especially for developers. For example: https://arstechnica.com/tech-policy/2021/08/iphone-keyboard-...

But I think this is honestly a good thing Apple are doing with respect to CSAM. And before we get on the "slippery slope" band-wagon, read about what kind of pictures are on that database, and then get back to me.

superkuh 2021-08-18 14:06:04 +0000 UTC [ - ]

Can we stop calling it "CSAM detection system" and simply call it what it is, "the backdoor"?

gjsman-1000 2021-08-18 16:41:34 +0000 UTC [ - ]

For everyone wondering why Apple is doing this scanning, remember there was a certain "EARN IT Act" that nearly passed in the US last year. This is a preferable alternative to that potentially coming back.

anothernewdude 2021-08-18 12:09:26 +0000 UTC [ - ]

Can't wait for CSAM to cause or enable some repeat of the icloud issues a while back.

88840-8855 2021-08-18 09:24:29 +0000 UTC [ - ]

unfortunately it won't change anything

edit: i am being downvoted automatically. i think, some very special person, has a script running to downvote me. LOL, get a life.

TravelPiglet 2021-08-18 10:14:30 +0000 UTC [ - ]

Obviously good for Apple to have as an example for rejecting these surveillance pushes from authorities in the future.

ginko 2021-08-18 09:57:33 +0000 UTC [ - ]

I downvoted you because I disagree with your defeatism.

88840-8855 2021-08-18 13:01:57 +0000 UTC [ - ]

I disagree with you, too.

dang 2021-08-18 20:05:54 +0000 UTC [ - ]

Could you please stop posting unsubstantive comments? You've been doing it repeatedly, and it's not what this site is for.

https://news.ycombinator.com/newsguidelines.html

zeepzeep 2021-08-18 09:36:55 +0000 UTC [ - ]

We can hope...