XPost: comp.mobile.android, alt.comp.os.windows-10

On Fri, 6 Aug 2021 12:57:36 -0000 (UTC), badgolferman wrote:

It makes me wonder how much of these images and videos were actually
watched by the people who developed these so-called "accurate hashes".
Also it seems these could easily be fooled by putting on a few articles
of clothing.

It's a warrantless search, 24/7, on your own phone, without your permission! https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf

Without you ever having committed a crime, and without your consent, and without you ever logging into any Apple servers, Apple will forcefully constantly perform warrantless surveillance 24/7 on your own phone of your
own personal private data without you ever needing to upload any of your private data to any of Apple's servers.

Prior to that unacceptable warrantless 24/7 surveillance by Apple of your private and personal data, Apple will gladly accept from any government (in
the future) any listing whatsoever of data that those foreign governments
deem they are interested in looking for without any checks whatsoever on
that data (Apple will accept anything with no limits defined) and Apple
will, always without your permission, put that limitless list on your phone.

Completely outside your consent, Apple is allowing multiple governments (of Apple's choosing!) to create a listing of those governments' choosing, which Apple will exercise absolutely no control over (Apple can't even see inside
the lists!), so that Apple will, without your consent, scan your private and personal data, 24/7, on your own phone, even when you do not log into the iCloud, and, then Apple will automatically report you to those foreign governments even if you have committed no crime (with absolutely no
oversight whatsoever!).

I agree with you this is a disproportionate use of power. Trawling billions
of iPhones just in case they find data any government wants to see without
your consent, even when you have never committed any crime whatsoever, with absolutely zero oversight, is criminal in and of itself.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 08/08/2021 19:04, Alan Baker wrote:

If you'd read up on the system Apple is planning to use, you'd learn
that false positives really aren't a problem...

<https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Technology_Summary.pdf>

...and that's the opinion of people far more knowledgeable than you or I
on the subject:

False positives will be a big problem for those that fall foul of them.

Suppose, hypothetically, that the photos in the Julia Somerville case
had been taken on an iPhone with this new scanning system in place.

<https://en.wikipedia.org/wiki/Julia_Somerville>

From the diagram on page 5 of the technology summary PDF linked above,
her photos would be hashed and matched against the CSAM hashes. The hash mechanism is described as recognising scenes but makes no mention of recognising faces. So the pictures of her child in the bath could
potentially match CSAM pictures of different children in baths.

This would flag up and an Apple reviewer would look at the photos. Now,
please note carefully: the Apple reviewer **cannot see the original CSAM image** that the photo matched. Therefore the Apple reviewer cannot
*compare* the photos. All the Apple reviewer can do is *evaluate* each
flagged photo against written guidelines, based on their training. And
since it's a picture of a child in a bath they can pretty much do only
one thing, which is to agree and report it as a child abuse picture.

At which point the phone's owner has their iCloud account suspended and
is launched into an expensive and time consuming legal process to prove
their innocence.

In one of the other posts someone said: Well, what's your solution?

Well, I'd like to hear NCMEC's view on the system; understand from them
how many referrals per year they expect to receive; what resources they
are committing to reviewing cases; what the process for reviewing cases
is and have them give a median timeline for resolving a case one way or another.

A compromise might be that iCloud accounts aren't suspended until NCMEC
staff have visually compared the flagged photos with the original CSAM
image to confirm the match, and a criminal prosecution has been started.

Suspending the iCloud account and thereby tipping-off genuine
paedophiles, giving them time to destroy evidence, is probably not what law-enforcement would want anyway.

--
Bruce Horrocks
Surrey, England

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

In article <dc2ebce0-b636-ea8d-7f97-25d14feb6264@scorecrow.com>, Bruce
Horrocks <07.013@scorecrow.com> wrote:

If you'd read up on the system Apple is planning to use, you'd learn
that false positives really aren't a problem...

<https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Te
chnology_Summary.pdf>

...and that's the opinion of people far more knowledgeable than you or I
on the subject:

False positives will be a big problem for those that fall foul of them.

1 out of 1 trillion, so not very many, and it must also get through a
manual review before it's referred to law enforcement.

Suppose, hypothetically, that the photos in the Julia Somerville case
had been taken on an iPhone with this new scanning system in place.

<https://en.wikipedia.org/wiki/Julia_Somerville>

From the diagram on page 5 of the technology summary PDF linked above,
her photos would be hashed and matched against the CSAM hashes. The hash mechanism is described as recognising scenes but makes no mention of recognising faces. So the pictures of her child in the bath could
potentially match CSAM pictures of different children in baths.

it's not recognizing scenes with kids in them.

if she's just taking pics of her kid in the tub, then they won't be in
the database and will not be matched.

if pictures of her child are in the csam database, then she has much
bigger problems than having photos flagged.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2021-08-09 5:51 p.m., John wrote:

On Mon, 9 Aug 2021 00:57:07 +0100, Bruce Horrocks wrote:

False positives will be a big problem for those that fall foul of them.

You can ask them nicely to retract their mistakes after they ruin your life.

For there to be a false positive that actually gets reported to LE, the following must all occur:

1. A number of photos on your device must match by hash with known
images of CSAM.

2. That number must be large enough to allow the images to be decrypted
at the server end.

3. (And most importantly), when that threshold number of images matches,
they images must then actually be seen by a human being who agrees that
they are, in fact, images of CSAM.

Then and only then would LE be informed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)