Professor Wrongly Blames Apple For CSAM
from the well-what-if-I-just-say-more-stuff dept
His heart is probably in the right place. That’s the best thing I can say about Berkeley professor Dr. Hany Farid, who has spent the last couple of years being wrong about CSAM (child sexual abuse material) detection.
That he’s been wrong has done little to shut him up. But he appears to deeply feel he’s right. And that’s why I’m convinced his heart is in the right place: right up there in the chest cavity where most hearts are located.
Physical heart location aside, he’s pretty much always wrong. He’s always happy to offer his (non-expert) opinion and deploy presentations that preach to the converted. He’s sure the CSAM problem is the fault of service providers, rather than those who create and upload CSAM.
So, he’s spent a considerable amount of time going after Apple. Apple, at one point, considered client-side scanning to be an acceptable solution to this problem, even if it meant making Apple less secure than its competitors. Shortly thereafter — following plenty of unified criticism — Apple decided it was better off protecting millions of innocent customers and users, rather than sacrificing them on the altar of “for the children” just because it might make it easier for the government to locate and identify the extremely small percentage of users engaged in illicit activity.
This walkback appears to have upset Hanry Farid. And he’s been given space at San Francisco’s largest paper to make everyone stupider. His record for being wrong continues uninterrupted with his op-ed for the San Francisco Chronicle. Here’s the headline:
Why are there so many images of child abuse stored on iCloud? Because Apple allows it
There’s a difference between “allows” and “this kind of thing happens.” That’s the difference Farid hopes to obscure. No matter what platform is involved, a certain number of users will attempt to use it to share illicit content. That Apple’s cloud service is host to (a minimal amount) of CSAM says nothing about Apple’s internal attitude towards CSAM, much less about it’s so-called “allowing” of this content to be hosted and shared via its services.
But Farid insists Apple is complicit in the sharing of CSAM, something he attempts to prove by highlighting recent convictions aided by (wait for it) evidence obtained from Apple itself.
Earlier this year, a man in Washington state was sentenced to 22 years in federal prison for sexually abusing his girlfriend’s 7-year-old stepdaughter. As part of their investigation, authorities also discovered the man had been storing known images and videos of child sexual abuse on his Apple iCloud account for four years.
Why was this man able to maintain a collection of illegal and sexually exploitative content of children for so long? Because Apple wasn’t looking for it.
The first paragraph contains facts. The second paragraph contains conjecture. The third paragraph of this op-ed again mixes both, presenting both conjecture and and a secured conviction as evidence of Apple’s unwillingness to police iCloud for CSAM.
What goes ignored is the fact that the evidence used to secure these convictions was derived from iCloud accounts. If Apple indeed has no desire to rid the world of CSAM, it seems it might have put up more of a fight when asked to hand over this content.
What this does show is something that runs contrary to Farid’s narrative: Apple is essential in securing convictions of CSAM producers and distributors. The content stored in these iCloud accounts was essential to the success of these prosecutions. If Apple was truly more interested in aiding and abetting in the spread of CSAM, it would have done more to prevent prosecutors from accessing this evidence.
And that’s the problem with disingenuous arguments like the ones Farid is making. Farid claims Apple isn’t doing enough to stymie CSAM distribution. But then he tries to back his claims by detailing all the times Apple has been instrumental in securing convictions of child abusers.
Not content with ignoring this fatal flaw in his argument, Farid moves on to make arguably worse arguments using his version of known facts.
Back in the summer of 2021, Apple announced a plan to use innovative methods to specifically identify and report known images and videos of the rape and molestation of a child — without compromising the privacy that its billions of users expect.
This is a huge misrepresentation of Apple’s client-side scanning plan. It definitely would “compromise the privacy that its billions of users expect.” Apple’s proposed scanning of all content on user devices that might be hosted (however temporarily) by its iCloud service very definitely compromised their privacy. Worse, it compromised their security by introducing a new attack vector for malicious governments and malicious hackers that could have allowed anyone to access content phone users (incorrectly, in this case) assumed was only accessible to them.
That misrepresentation is followed by another false assertion by Farid:
But by the end of 2022, Apple quietly abandoned the plan.
Apple did not “quietly” abandon this plan. It publicly announced this reversal, something that led almost immediately to a number of government figures, talking heads, and special interest groups publicly expressing their displeasure with this move by Apple. It was anything but “quiet.”
Adding to this wealth of misinformation is Farid’s unsupported claims about hash-matching, which has been repeatedly shown to be easily circumvented and, even worse, easily manipulated to create false positives capable of causing irreparable damage to innocent people.
Detecting known images is a tried and true way many companies, including Apple’s competitors, have detected this content for years. Apple could deploy this same technique to find child sexual abuse images and videos on its platforms.
Translation: A parent innocently taking pictures of their infant in the bathtub will not be reported to law enforcement because those images have not previously been determined to be illicit. This critical distinction ensures that innocent users’ privacy remains intact while empowering Apple to identify and report the presence of known child sexual abuse images and videos on iCloud.
While it’s true hash-matching works to a certain extent, pretending innocent people won’t be flagged and/or the system can’t be easily defeated is ridiculous. But Farid has an ax to grind, and he’s obviously not going to be deterred by the reams of evidence that contradict what he obviously considers to be foregone conclusions.
The ultimate question is this: is it better to be wrong but loud about stuff? Or is it better to be right, even if it means some of the worst people in the world will escape immediate detection by governments or service providers?
Or, if those aren’t the questions you like, consider this: is it more likely Apple desires to be host of illicit images or is it more likely Apple isn’t willing to intrude on the privacy of users because it wishes to earn the trust of non-criminal users — users who make up the largest percentage of Apple customers?
People like Professor Farid aren’t willing to consider the most likely explanation. Instead, they insist — without evidence — big tech companies are willfully ignoring illegal activity so they can increase their profits. That’s just stupid. Companies that ignore illegal activity may enjoy brief bumps in profit margin but the long-term profitability of relying (as Farid insists they are) on illegal activity is something no tech company, no matter how large, would consider to be a solid business model.
Filed Under: client side scanning, csam, hany farid, hash matching, protect the children
Companies: apple
Comments on “Professor Wrongly Blames Apple For CSAM”
When will people like that realize that compromising everybodies security and privacy to protect the children puts all children at risk and will increase other crimes that hurt children while forcing the targeted criminals further underground, rather than reducing their criminal activities. (One harm this crusade against CSAM is likely having is preventing parents sending photographs of their children to relatives or friends in the medical profession to seek advice, especially where a doctor visit will cost them real money that they ill afford to spend.
Re:
Even better.
People get ahold of a kids photo, share it.
The evil parent gets arrested for having that photo on their private device…
Can we
Go back to the OLD days, about 15 years ago.
And hack his accounts and insert Specific data to SHOW how hard it is to install Porn on peoples hardware?
I know – make cameras illegal!
Re:
To really solve the problem, ban computers too. Although, that won’t really stop the pedophiles violating children in their homes so I also propose that all houses must be made of glass.
Re: Re:
… I also propose that all houses must be made of glass.
I think the UK already tried that in an anti-CSAM advert. It still won’t stop the perverts.
The easy answer to this is he should make all the content on every one of his devices public.
I’m sure someone like him has nothing to hide…
Next up, envelopes, boxes must be see through because shipping companies and the mail system are pedophile supporters.
No, no… I’m quite sure that Apple has been colluding with Democrats in pizza basements all over the country.
Why do I get the feeling that the loudest are always the ones projecting? I expect to see this professor in the news again some day.
Re:
Me thinks he doth protest too much.
If he has an ends justify the means attitude towards his twisting of data and using obviously wrong words like Apple is “allowing” CSAM I don’t think his heart is in the right place no matter how fervently he believes it is.
Compare it to a physical location
Whenever people say that Apple or Google is “allowing” abuse material on their servers, we should call them out by comparing it to a physical location:
If abuse material is found in a train station locker, does that mean the train station is allowing it or they should be liable for it? Should the train station staff be searching every locker “just in case”? How would people react knowing the staff was going through their stuff?
Then how is storing digital files on a server any different from storing photos in a physical locker? Why is the provider responsible for how people use the storage?
This comment has been flagged by the community. Click here to show it.
Especially that of the child pornographers and sex traffickers, who TC and TD seem so keen to protect!!
Makes one wonder…
Re:
hi jhon
Re:
Oh for Christ’s sake, not you again. Fuck me. Just fuck me to tears already.
Haven’t you ever wondered why you get flagged in less than a minute after you scribble such inane crap? I mean, I’ve seen raw carrots with a higher IQ than you’ve ever displayed here on TD.
Either that, or register and sign-in as your real name because you just outed yourself quite thoroughly… Hanry Farid. I never thought I’d say this, but you’re starting to make me wish for Jhon Boi to come back. At least he didn’t have a one-track stream of unconsciousness.
Re:
Are you prepared to give up your privacy, and abilities to take photos of your own children unless they are fully dressed? Are you prepared that in the future such scanning will be used by your government for other purposes, such as the police rummaging around your personal devices for evidence of a crime. Such a scanner renders any encryption of files on your devices irrelevant, and means you will have no privacy when keeping in touch with your partner when away from home etc.
Techdirt is not trying to protect criminals, it is trying to protect law abiding citizens from an intrusive and expanding invasion of their privacy.
Re: Re:
Not true. As proposed, only communications in or out of the device will be scanned, where the government thinks that there might be some chance of success. Remember, we’re talking about breaking end-to-end encryption here – there is no “end” for files stored on your device. Encryption methods for communications are fairly standard, if for no other reason than there must be a common denominator in order to communicate in the first place. The only differentiator between systems is the passkey, that’s all.
Not to mention, your files can be encrypted by any means you may desire, you are not restricted to using whatever came with your operating system.
And….
Fixed that slightly, but necessarily.
Re: Re: Re:
Client side scanning breaks encryption by scanning the files before they are encrypted, and that means it has access to the file system, and not just the communications streams.
Re: Re: Re:
“As proposed, only communications in or out of the device will be scanned…”
Thus breaking the end-to-end encryption. One end is the sender, the other is the recipient. Therefore, any breaking of the encryption between these two points is breaking end-to-end encryption. Think about it.
Re:
Especially that of the child pornographers and sex traffickers, who TC and TD seem so keen to protect!!
Says the ‘Anonymous Coward’ who’s too ignorant to see the irony. Man, the cognitive dissonance of you people has been impressive – if being an ignorant dumbass was a contest, you’d get my vote.
I suspect that Farid is angling for a political position, and is using the K. Harris playbook to get there.
You wouldn't take advice from a doctor who still believed in the four humors...
Back in the summer of 2021, Apple announced a plan to use innovative methods to specifically identify and report known images and videos of the rape and molestation of a child — without compromising the privacy that its billions of users expect.
Much like a ‘car mechanic’ claiming that if people just removed their tires they wouldn’t have to worry about flat tires someone who wants to argue that scanning all the contents of your device is not compromising privacy is only making clear that they have no gorram clue what they’re talking about.
He worked, as a software developer, on PhotoDNA[1], right? If so, he’s not just “wrong”. He’s lying. He damn well knows what a hash collision is. I can’t think this is well meaning, but wrong behavior. He has (or should have) too much expertise in the exact field he is wrong about to simple be miss informed, misunderstanding or otherwise well meaningly mistaken.
[1] And/or is a CS professor.
There is a word for it ..
Dr. Hany Farid is really itching for the government to destroy privacy and suppress speech.
We need to stop beating around the bush, and start accurately describing Farid … as a Fascist.
The other thing about matching hashes of known CSAM is that you are highly unlikely to catch an abuser that is generating new material. Certainly, remove all of it that you can, but finding old stuff is going to find consumers (which is good too), but is not really so much protecting children.
Law enforcement should have gotten off their asses years ago (why did they sit down in the first place?) to catch actual predators when they get reports and leads. Given the number of cases NCMEC collects, you’d think there would have been a hell of a lot more arrests over the years.
The begged question
To paraphrase Arthur C. Clarke, any “solution” sufficiently removed from the “problem” is indistinguishable from stupidity.
I’m going to unwind the stack to show what the REAL problem is, and it has nothing to do with e2ee, Apple, Internet, CSAM specifically. Bear with me.
—unwinding the stack of begged questions—
Problem: e2ee prevents stopping CSAM
Solution: End encrypt and do e2e checking for CSAM. ****BZZZT***
Try again:
Problem: CSAM causes child sexual abuse
Solution: Stop all CSAM. ****BZZZZT***
Try again:
Problem: Child sexual abuse must be stopped
Solution: THIS IS FINALLY ADDRESSING THE REAL PROBLEM, instead of begging the questions two layers deep so we all sit around arguing about e2ee and privacy and rights. Enough with that.
The real problem being attempted to be tackled here is the ending of child sexual abuse. Long before e2ee, Internet, Apple, the commercial internet (1993 and Cix, not 1991 and NSF), and more history… there was the unlawful possession of child pornography.
Short aside: What is unlawful by US law isn’t what’s unlawful elsewhere (e.g. Thailand.) Also the ideation of the laws we have in the US is that if nobody is allowed to [legally] possess it, then nobody will purchase it, which removes the incentive for anyone to produce it, so there won’t be child sexual abuse.
BZZT
Child abuse (including sexual) happens for a lot of reasons, and some of the messed-up heads of those doing it don’t produce magazines or videos and don’t care if other share their unlawful desires. (Note: just to be pedantic, the desire itself is not unlawful. It is the production of the unlawful-to-possess material and then its possession that is unlawful.)
So here we go to the root of the problem. We started with e2ee and unwound the stack to get to it:
PROBLEM: Some people abuse children, and this must stop.
SOLUTION: Solve this the same way we solve all heinous crimes. Since we’ve cornered and removed terrorism, rape, murder/death/kill (thanks, Lenina Huxley) then we should just apply those same concepts and methods to stop child sexual abuse, and let’s take off another set of blinders and stop ALL child abuse, and all spousal abuse, and all domestic abuse, and then just let’s work that B&T magic and “be excellent to each other.”
Now let’s wind that stack back up.
If we stop these abuses from happening then CSAM and other crimes cease to be.
If CSAM and other crimes cease to be LEOs don’t need to intercept our communication.
If all that then Apple can go on about its way.
If all that then e2ee is safe (for now).
Reductio ad absurdem: societal values and mores are fluid. As they change so do laws, and what was once “unthinkable” becomes common. For CSAM the other side of that coin is “sexting” where kids send nude pics/vids to each other and SR officers want them to have criminal records. For other things like insurrection against a sitting congress what was unthinkable becomes the current. A President should not be a liar, and Richard Nixon took the honorable way out. That was 1974. Here in almost 2024 we have people PROUD of supporting the liars, thieves, con-artists, swindlers, refusing to hold them accountable, and laughing in the face of the electorate they supposedly represent.
Sorry this is already too long to touch on “checks and balances are gone when SCOTUS is corrupt, congress is corrupt, and POTUS is corrupt” and the 4th Estate (the big guys with the cash, not TD) bow down to their corporate masters and spew whatever they’re told to spew.
I’ll take the blue pill please, and like Reagan, go back to my nice juicy steak. I know it’s not real, but it sure tastes great.
Bless his heart.
Well the biggest problem is people keep having children.
If we stopped people from having children there would be no children to be abused in the making of CSAM.
The next largest problem is claiming that people outside of the childs family are those producing CSAM and abusing children, when it has been clear for a very long time that stranger abductions of children are pretty rare.
The next problem is everyone having easy access to cameras, if we just limited who could have a camera we could protect children from the production of CSAM.
Of course the really truly insane thing that could be done, is they could stop giving air time to idiots like this who make claims that lack truth or evidence.
The media has constant churn carrying idiots & regular folks screaming how Drag Story Times are all about abusing children, yet there isn’t a single case of it happening. Meanwhile since Nov last year we’re coming on up 300ish priest/pastor/religious related folk arrested for diddling kids.
Not seen anyone asking why parents keep taking their children to these places where hundreds of children are molested yearly.
No exposé on how some congregations blame the victim, circle the wagons, & drive the victim out of the church rather than accept that their pastor is a kiddy diddler.
No exposé on how many victims do not come forward for decades because they were told they were at fault & the bad person.
No exposé on how dioceses are often aware they have wolfs leading their flocks, who keep claiming lambs over & over, do nothing to protect the flock, & then when they face being held accountable for their inaction & actions that kept enabling the wolf get to declare bankruptcy to protect a majority of the assets from being available for victims to try and rebuild their shattered lives & beliefs. The bishop knew of and moved 100 wolves but somehow can’t face charges?!
There are horrible things in the world, but until people are willing to accept facts rather than insane conspiracy theories with no basis in reality we can’t actually deal with the problem.
Now if you’ll excuse me I need to go make sure my x-ray scanner is prepared to scan the kids candy to find all the things in them to kill them & my mini chemistry set to check for fentynyl.
Re: Saving some reading time there...
No need to worry about the chemistry set. Snapchat will do it all for you since they’re responsible. https://www.theguardian.com/technology/2023/oct/18/snapchat-sued-overdose-deaths
You can really add to “the danger to children is from their own home or parents” and not worry about the X-ray candy because poison doesn’t show up in X-Rays, and … the kid’s own father did it. https://www.nydailynews.com/2016/10/29/candy-man-killer-dad-serves-his-own-son-a-poisoned-treat-on-halloween-in-1974/
I still think the biggest problem isn’t having kids (which of course causes CSAM) but rather all crime. Our society has become immune to the immense amount of crime, and crime victims, so now we look for the truly outrageous things, and now we have to stop having children.