Apple’s new update sparks concerns among govt, experts
According to a senior government official who asked not to be named, this would be a total violation of right to privacy, something that had been upheld by the Supreme Court as a fundamental right
Apple’s announcement last month that it would scan iCloud and iMessage for images related to the sexual abuse and exploitation of children on iPhones, a plan that has since been deferred amidst an outcry that this could be the forerunner of mass surveillance, has created a stir in policy making circles in India as well.

According to a senior government official who asked not to be named, this would be a total violation of right to privacy, something that had been upheld by the Supreme Court as a fundamental right. “Apple has no right to do something like this,” the government official added. “The definition of right to privacy has restrictions which can (only) be invoked by the government not tech companies.”
The official added only the state has the “power to breach the fundamental right”. “Apple’s update is against what is enshrined in the constitution.”
Also Read | Apple lets some apps avoid 30% cut after facing scrutiny
Apple proposed to achieve its objective through an update which would have allowed it to scan images stored in the cloud as well transmitted over iMessage, its messaging platform which it has managed to keep outside the purview of India’s new guidelines for social media companies. Any child sexual abuse material (CSAM) on iCloud would automatically be flagged and reported, the company said. The notification when CSAM is shared over iMessage is triggered only when parental controls have been enabled. The update would have been the first of its kind to perform client-side scanning, that is going through the contents of people’s phones. Experts have warned of grave consequences regarding its impact on end-to-end encryption.
HT reached out to Apple but did not receive a response immediately. In a statement released globally on September 3, Apple said that it was delaying the update. “Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”
Former Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society Riana Pfefferkorn said the update would open a Pandora’s box. “Apple’s new CSAM scanning feature is predicated on complicated cryptography that attempts to preserve user privacy as best as possible,” she said. “Nevertheless, it fundamentally undermines users’ expectations of privacy on their phones. Likewise, notifying parents when children under 13 send or receive explicit images has a privacy impact as well and may result in harm to children of abusive parents. Apple has absolutely set an example that other tech companies, both in the handset space and the encrypted messaging apps space, are already being pressured to follow.”
Ranjana Kumari, who is a member of Facebook’s oversight board and Director of Centre for Social Research, said that the framework of end-to-end encryption is evolving. “The question is between privacy and safety. The choice is tough and both are equally important,” she said. “We need to devise other mechanisms for safety. Lot of international experts have proposed alternate mechanisms to promote safety while protecting privacy.”
Pfefferkorn added that the surveillance implications of the update were vast. “We can anticipate that the on-device scanning for CSAM will rapidly be repurposed by governments worldwide into a surveillance tool to scan for content they do not like,” she said. “Similarly, Apple’s messaging safety feature could be expanded to content besides explicit images, and notification expanded from “notify only parents of children under 13, if the parents opted in to this notification feature,” to “notify the government, and not just regarding children, and don’t give users the option to opt out.” Apple’s only response to this concern is that they simply would not agree to scan for other types of content outside of the child safety context. But given Apple’s track record of bowing to government pressure worldwide, for example in China, that representation rings hollow.”
She added that Apple’s update also showed a willingness to share data with government. “Apple follows the law in the jurisdictions where it does business. That includes both criminal investigatory laws as well as laws governing user privacy and data protection. This means it will comply with demands for user data by governments, whether in the US or elsewhere, but only if both (1) the demand is legal (i.e. there is proper legal process) and, also, (2) compliance with the demand is likewise legal under applicable laws, i.e., there isn’t a privacy law blocking the disclosure of the data. But yes, Apple has now created a way of detecting and sharing information about its users (specifically, those who upload a sufficient number of CSAM images to iCloud) that it did not previously have.”

E-Paper

