Apple has been scanning iCloud emails for Child Sexual Abuse Material (CSAM) for roughly two years, according to a report this week in 9to5 Mac.
“Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019,” writes Ben Lovejoy. "It has not, however, been scanning iCloud Photos or iCloud backups."
The revelation follows an announcement by Apple that it will start scanning all photos as they are being uploaded into iCloud Photos and match them instantly against the National Center for Missing & Exploited Children’s database of child sexual abuse material. It also said it would start alerting parents who opt in if their under-13 child is sending or receiving sexually explicit messages.
The Electronic Frontier Foundation charged that Apple is building a back door into its data storage and messaging systems.
“All it would take to widen the narrow backdoor that Apple is building is an expansion of the machine learning parameters to look for additional types of content, or a tweak of the configuration flags to scan, not just children’s, but anyone’s accounts,” the EFF continues. “That’s not a slippery slope; that’s a fully built system just waiting for external pressure to make the slightest change.”
Lovejoy says Apple confirmed to him "that it has been scanning outgoing and incoming iCloud Mail for CSAM attachments since 2019.”
“Email is not encrypted, so so scanning attachments as mail passes through Apple servers would be a trivial task,” Lovejoy observes.
Lovejoy says the “controversy over Apple’s CSAM plans continues, with two Princeton academics stating that they prototyped a scanning system based on exactly the same approach as Apple, but abandoned the work due to the risk of governmental misuse.”