MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
apple
Recherche

Experts detail flaws in Apple’s backdoor surveillance scheme, call it ‘dangerous technology’

vendredi 15 octobre 2021, 22:10 , par Mac Daily News
A group of prominent cryptographers and other security experts wrote in a report published Friday that a scheme proposed by Apple to scan user’s digital storage repositories, conducting backdoor surveillance, ostensibly for evidence of child pornography and other illegal content, is a “dangerous technology” that cannot be implemented in a way that accomplishes the dual feat of preserving users’ privacy while also conducting mass surveillance.

Jordan Robertson for Bloomberg News:

The 46-page report counts among its 14 authors pioneers in encryption software. It outlines, in detail, what the authors deem the numerous risks of a technique called “client-side scanning,” which was at the heart of a controversy that erupted when Cupertino, California-based Apple announced a plan in August to scan users’ iCloud Photos accounts for sexually explicit images of children and then report instances to relevant authorities. Apple later postponed those plans amid the backlash.
The authors of the new report wrote that the method “by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic,” citing the “multiple ways in which client-side scanning can fail, can be evaded and can be abused.”
“Plainly put, it is a dangerous technology,” the report stated.

Bugs in our Pockets: The Risks of Client-Side Scanning:

Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS)…
CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.
Its proponents want CSS to be installed on all devices, rather than installed covertly on the devices of suspects, or by court order on those of ex-offenders. But universal deployment threatens the security of law-abiding citizens as well as lawbreakers…
In reality, CSS is bulk in- tercept, albeit automated and distributed. As CSS gives government agencies access to private content, it must be treated like wiretapping. In jurisdictions where bulk intercept is prohibited, bulk CSS must be prohibited as well…
The fact that CSS is at least partly done on the client device is not, as its proponents claim, a security feature. Rather, it is a source of weakness. As most user devices have vulnerabilities, the surveillance and control capabilities provided by CSS can potentially be abused by many adversaries, from hostile state actors through criminals to users’ intimate partners. Moreover, the opacity of mobile operating systems makes it difficult to verify that CSS policies target only material whose illegality is uncontested…
The ability of citizens to freely use digital devices, to create and store content, and to communicate with others depends strongly on our ability to feel safe in doing so. The introduction of scanning on our personal devices—devices that keep information from to-do notes to texts and photos from loved ones—tears at the heart of privacy of individual citizens. Such bulk surveillance can result in a significant chilling effect on freedom of speech and, indeed, on democracy itself…
The proposal to preemptively scan all user devices for targeted content is far more insidious than earlier proposals for key escrow and exceptional access. Instead of having targeted capabilities such as to wiretap communications with a warrant and to perform forensics on seized devices, the agen- cies’ direction of travel is the bulk scanning of everyone’s private data, all the time, without warrant or suspicion. That crosses a red line.

MacDailyNews Take: As does this report, we’ve also been rather clear in our condemnation of Apple’s flawed scheme – really a bald-faced, hypocritical betrayal of the company’s espoused values and its loyal users – since the day this travesty was unveiled.
We do not believe that Apple’s management is stupid. Therefore, barring an unbelievably colossal lapse of judgment, the only logical answer as to why Tim Cook and his immediate underlings would destroy years and millions of dollars worth of privacy protections and marketing in one fell swoop is that, sadly, they’ve been compromised in some way.
Hopefully, if Apple has any sense whatsoever, is not hopelessly compromised, and can resist whatever pressure forced them into this ill-considered abject disloyalty to customers who value their privacy and security, the company will end – not just “postpone” – this disastrous scheme immediately and double-down on privacy by finally and immediately enabling end-to-end encryption of iCloud backups as a company which claims to be a champion of privacy would have done many years ago.
(Note to Apple’s misguided and/or compromised management: No, we’re not stopping. Do the right thing.)
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
The post Experts detail flaws in Apple’s backdoor surveillance scheme, call it ‘dangerous technology’ appeared first on MacDailyNews.
https://macdailynews.com/2021/10/15/experts-detail-flaws-in-apples-backdoor-surveillance-scheme-call...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 28 mars - 23:09 CET