EU pending CSAM regulations

Cmaier

Site Master
Staff Member
Site Donor
Posts
5,216
Reaction score
8,264
Was that there from the beginning? I thought I remembered they published something a little later after the backlash started that was much more technical.

Pretty early on. This was from august of 2021. I think word of CSAM first started spreading a couple months earlier. Apple had an outline of this stuff pretty early. Notably, though, nobody stopped lying about it when this document came out. It changed nobody’s opinion. The theories were along the lines of “well, with this hook, apple could secretly change it so that the reference hash is different, or so that it reports to governments instead of apple.” Nobody ever had a good theory for why the system, as described by apple, was a problem in the form apple claimed it operated - they all assume apple is either lying or will secretly change it at the demand of governments and somehow nobody would notice.

Of course, if you believe apple will bow to government demands or that apple will do sneaky stuff, then they could do that without ever telling us about CSAM detection in the first place.

And nobody has explained how apple could change the reference database, or change it to scan text instead of photos (typical of the conspiracy theories) without anybody noticing. If they change the reference database, and the database is on the device, every security researcher will catch that in two seconds. And if they change it to use off-device reference databases, that is a completely different system than they have described, and nothing they planned to do would be of any use in implementing such a system, so what’s the problem?

The only righteous complaint is that there *will* be a very small number of people flagged incorrectly. And in *those* cases, apple *will* look at a low resolution version of the allegedly offending images to see if they are correctly flagged. Those innocent people will have had their privacy bent, if not broken, by Apple. But they won’t go to jail. The alternative, though, is *everyone* gets their privacy invaded. Because there is no universe in which some government won’t force apple to do something.
 

Runs For Fun

Masochist
Site Donor
Posts
2,057
Reaction score
3,034
Location
Ohio
Pretty early on. This was from august of 2021. I think word of CSAM first started spreading a couple months earlier. Apple had an outline of this stuff pretty early. Notably, though, nobody stopped lying about it when this document came out. It changed nobody’s opinion. The theories were along the lines of “well, with this hook, apple could secretly change it so that the reference hash is different, or so that it reports to governments instead of apple.” Nobody ever had a good theory for why the system, as described by apple, was a problem in the form apple claimed it operated - they all assume apple is either lying or will secretly change it at the demand of governments and somehow nobody would notice.

Of course, if you believe apple will bow to government demands or that apple will do sneaky stuff, then they could do that without ever telling us about CSAM detection in the first place.

And nobody has explained how apple could change the reference database, or change it to scan text instead of photos (typical of the conspiracy theories) without anybody noticing. If they change the reference database, and the database is on the device, every security researcher will catch that in two seconds. And if they change it to use off-device reference databases, that is a completely different system than they have described, and nothing they planned to do would be of any use in implementing such a system, so what’s the problem?

The only righteous complaint is that there *will* be a very small number of people flagged incorrectly. And in *those* cases, apple *will* look at a low resolution version of the allegedly offending images to see if they are correctly flagged. Those innocent people will have had their privacy bent, if not broken, by Apple. But they won’t go to jail. The alternative, though, is *everyone* gets their privacy invaded. Because there is no universe in which some government won’t force apple to do something.
100% agree. I never thought the people arguing against Apple's implementation had very strong arguments. You hit pretty much every one.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
My objection has always been about on-device scanning, but never the implementation. Even if it is relatively easy to disable in macOS, I probably won't bother doing so, because that's potentially introducing a new bug that could interfere with unrelated processes. I'm not even a "pictures person" and don't use iCloud Photos. I'm simply not a fan of surveillance by governments, whether directly or by proxy. If it's going to happen, which it most likely will, I'd rather have the privacy experts at Apple working on it, rather than some luddite in D.C. or Brussels.

Of course, if you believe apple will bow to government demands or that apple will do sneaky stuff, then they could do that without ever telling us about CSAM detection in the first place.

Apple has, at times, shown negative traits that could be described in many ways: obstinate, greedy, arrogant, tone deaf, aloof, obdurate, stubborn. Not just under Tim Cook, but during the Jobs era, as well. However, one thing that Apple has never been is devious. Most of Apple's faults are unforced errors in which the company miscalculated. If Apple started spying on their users on the behalf of some nefarious bureaucratic entity, then they'd quickly be found out, not only by independent researchers, but by multiple whistleblowers within the company itself.

Apple has built up a cachet in regards to privacy and security, which Apple executives clearly value. That's something you don't see with their shameless peers like Microsoft and Google. I don't foresee them throwing away that reputation while attempting to please some invasive governmental agency, even if it's demanded by President Xi because somebody compared him to Pooh Bear.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
Looks like the Eurocrats are at it again, this time regulating the entire software and hardware stack. This goes way beyond scanning for CSAM.
The latest provisional agreement sets out plans to establish a “High-Level Group” of central European digital regulators to coordinate national regulators across EU member states and requires “gatekeepers” to create an independent “compliance function.” The new group must include compliance officers to monitor their company’s compliance with EU legislation using sufficient authority, resources, and access to management, and be headed by an “independent senior manager with distinct responsibility for the compliance function.” The rule would effectively require companies like Apple to set up a department internal dedicated to meeting pro-competition regulations.
Assuming this can be parsed into normal English, there's essentially going to be a compliance committee in charge of implementing these regulations. Non-compliance results in a fine of 10% of global revenue, 20% for repeated offenses. This could be an easy way to tax big tech companies (that happen to be mostly American) by claiming that they are not in compliance. We've already seen Apple repeatedly submit changes to Dutch authorities over dating apps, but they keep getting rejected.

In regards to specifics:
In addition, new rules specifically targeted to address companies like Apple that have “a dual role” with control over both hardware and software look to allow any developer to gain access to any existing hardware feature, such as “near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.”
What I find most remarkable is that the EU plans to give full, unfettered access to the Secure Enclave to all developers. It seems like the EU wants to have a completely open, completely secure, completely micromanaged product from technology companies. Some tech users in Europe are very happy about this development, but I'm not sure everyone in Europe is going to be pleased with the end result.

Regardless, I wonder if this is going to result in two versions of Apple products, a special edition just for the European market, and a different one for the rest of the world. Apple isn't going to abandon the EU, it's one of its biggest markets, but I'm sure they also would like to have the same products and features for the entire global market.
 

Cmaier

Site Master
Staff Member
Site Donor
Posts
5,216
Reaction score
8,264
Looks like the Eurocrats are at it again, this time regulating the entire software and hardware stack. This goes way beyond scanning for CSAM.

Assuming this can be parsed into normal English, there's essentially going to be a compliance committee in charge of implementing these regulations. Non-compliance results in a fine of 10% of global revenue, 20% for repeated offenses. This could be an easy way to tax big tech companies (that happen to be mostly American) by claiming that they are not in compliance. We've already seen Apple repeatedly submit changes to Dutch authorities over dating apps, but they keep getting rejected.

In regards to specifics:

What I find most remarkable is that the EU plans to give full, unfettered access to the Secure Enclave to all developers. It seems like the EU wants to have a completely open, completely secure, completely micromanaged product from technology companies. Some tech users in Europe are very happy about this development, but I'm not sure everyone in Europe is going to be pleased with the end result.

Regardless, I wonder if this is going to result in two versions of Apple products, a special edition just for the European market, and a different one for the rest of the world. Apple isn't going to abandon the EU, it's one of its biggest markets, but I'm sure they also would like to have the same products and features for the entire global market.

I think they would definitely make a special EU version of products (not clear to me it can just be a software version, since arguably they would need to gimp the Secure Enclave for europe).

Also not clear that the EU can fine based on global revenue and get away with it under international trade treaties - I would expect US retaliation.
 

Similar threads

Top Bottom
1 2