Apple’s scanning iCloud photos for child abuse images – Naked Security

Apple has confirmed that it’s automatically scanning images backed up to iCloud to ferret out child abuse images.

As the Telegraph reports, Apple chief privacy officer Jane Horvath, speaking at the Consumer Electronics Show in Las Vegas this week, said that this is the way that it’s helping to fight child exploitation, as opposed to breaking encryption.

[Compromising encryption is] not the way we’re solving these issues… We are utilizing some technologies to help screen for child sexual abuse material.

Horvath’s comments make sense in the context of the back-and-forth over breaking end-to-end encryption. Last month, during a Senate Judiciary Committee hearing that was attended by Apple and Facebook representatives who testified about the worth of encryption that hasn’t been weakened, Sen. Lindsey Graham asserted his belief that unbroken encryption provides a “safe haven” for child abusers:

You’re going to find a way to do this or we’re going to do this for you.

We’re not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion.

Though some say that Apple’s strenuous Privacy-R-Us marketing campaign is hypocritical, it’s certainly earned a lot of punches on its frequent-court-appearance card when it comes to fighting off demands to break its encryption.

How, then, does its allegiance to privacy jibe with the automatic scanning of users’ iCloud content?

Horvath didn’t elaborate on the specific technology Apple is using, but whether the company is using its own tools or one such as Microsoft’s PhotoDNA, it’s certainly not alone in using automatic scanning to find illegal images. Here are the essentials of how these technologies work and why they only threaten the privacy of people who traffic in illegal images:

A primer on image hashing

A hash is created by feeding a photo into a hashing function. What comes out the other end is a digital fingerprint that looks like a short jumble of letters and numbers. You can’t turn the hash back into the photo, but the same photo, or identical copies of it, will always create the same hash.

So, a hash of a picture turns out no more revealing than this:


Since 2008, the National Center for Missing & Exploited Children (NCMEC) has made available a list of hash values for known child sexual abuse images, provided by ISPs, that enables companies to check large volumes of files for matches without those companies themselves having to keep copies of offending images.

Hashing is efficient, though it only identifies exact matches. If an image is changed in any way at all, it will generate a different hash, which is why Microsoft donated its PhotoDNA technology to the effort. Some companies, including Facebook, are likely using their own sophisticated image-recognition technology, but it’s instructive to look at how PhotoDNA identifies images that are similar rather than identical: namely, PhotoDNA creates a unique signature for an image by converting it to black and white, resizing it, and breaking it into a grid. In each grid cell, the technology finds a histogram of intensity gradients or edges from which it derives its so-called DNA. Images with similar DNA can then be matched.

Given that the amount of data in the DNA is small, large data sets can be scanned quickly, enabling companies including Microsoft, Google, Verizon, Twitter, Facebook and Yahoo to find needles in haystacks and sniff out illegal child abuse imagery.