Apple should take heed of warnings from the UK’s security services and revive its controversial plans to scan iPhones for child abuse imaging, the inventor of the scanning technology has argued.
Prof Hany Farid, an expert in image analysis at University of California, Berkeley, is the inventor of PhotoDNA, an “image hashing” technique used by companies across the web to identify and remove illegal images. He said that, following an intervention from the technical leads of GCHQ and the National Cyber Security Center backing an extension of the technology on to individual phones, Apple should be emboldened to revive its shelved plans to do just that.
“The pushback was from a relatively small number of privacy groups,” Farid said, speaking to the Internet Watch Foundation (IWF) on the child safety group’s latest podcast. “I contend that the vast majority of people would have said ‘sure, this seems perfectly reasonable’, but yet a relatively small but vocal group put a huge amount of pressure on Apple and I think Apple, somewhat cowardly, succumbed to that pressure.
“I think they should have stuck their ground and said: ‘This is the right thing to do and we are going to do it.’ And I am a strong advocate of not just Apple doing this, but Snap doing this, and Google doing this – all the online services doing this.”
Apple first announced its plans to carry out “client-side scanning” in August 2021, alongside other child-safety proposals that have since arrived on iPhones. The company intended to update iPhones with software that would let them match child abuse images stored in a user’s photo library with identical copies already known to authorities from being shared on the web, and flag those users to child protection agencies.
After an outcry from privacy groups, the company shelved the proposal in September that year, and has not discussed it publicly since. But in July, the leads of the UK’s security services published a paper detailing their belief that such scanning could be deployed in a way that assuaged some fears, such as the concern that an oppressive nation could hijack the scanning to search for politically contentious imagery.
“Details matter when talking about this subject,” Ian Levy and Crispin Robinson wrote. “Discussing the subject in generalities, using ambiguous language or hyperbole, will almost certainly lead to the wrong outcome.”
Farid argued that the time is ripe for Apple and other technology companies to act and get ahead of legislation. “With the online safety bill making its way through the UK government, and with the DSA [Digital Services Act] and the DMA [Digital Markets Act] making its way through Brussels, I believe this is now the time for the companies to say: ‘We are going to do this, we’re going to do it on our terms.’ And, if they don’t, then I think we have to step in with a very heavy hand and insist they do.
“We routinely scan on our devices, on our email, on our cloud services for everything including spam and malware and viruses and ransomware, and we do that willingly because it protects us. I don’t think it is hyperbolic to say that, if we are willing to protect ourselves, then we should be willing to protect the most vulnerable among us.
“It is the same basic core technology, and I reject those that say this is somehow giving something up. I would argue this is, in fact, exactly the balance that we should have in order to protect children online and protect our privacy and our rights.”
Speaking about the Levy/Robinson paper, Mike Tunks, head of policy and public affairs at the IWF, said: “For the last few years, the government has been saying: ‘We want tech companies to do more about tackling child sexual abuse in end-to-end encrypted environments.’
“As we know, at the minute, there is no technology that can do that, but this paper sets out some ways in which that can be achieved.”