Periodic reminder that Apple has not officially abandoned its photo scanning plans, and could still flip the switch on a billion users at any moment. 
Apple has been collecting feedback from the community. (I know this because I talked to them.) I don’t know that they appreciated my feedback that much but I sure felt better afterwards.
My biggest question for the company was: why do you think this is ok? They didn’t really say much. But without characterizing this as a specific response by Apple or anyone at Apple, I think I can try to get at the argument.
For a long time, Apple has been trying to push traditional cloud-based functionalities down to the device level so the cloud “sees nothing”. They do this for photo classification, FindMy, and device analytics.
In that view, client-side CSAM scanning *feels* like another instance of this problem. Except that, of course, it’s not the same.
It feels like Apple forgot something important: users don’t care *where* the task happens…
It feels like Apple forgot something important: users don’t care *where* the task happens…
… what Apple has actually been solving is a question of *user consent*. The real question is not “where does this task get computed” but rather “do I consent to share this data.” Client-local processing simply removes the need to consent to sharing.
When it comes to Apple’s client-side CSAM processing, they’ve tried to elide this issue of consent in two ways. First, they throw a lot of smoke at the problem. Take this confusing FAQ answer, for example.
(Someone asks why this is confusing. My response is: ok, where is my “private photo library” on device, and how is that library different from the photo library that Apple will scan — other than a settings switch?)
The second thing that Apple has done is bind the “user consent” question into a question of whether the user activates Apple’s cloud services at all.
If you don’t consent, your phone becomes less useful.
If you don’t consent, your phone becomes less useful.
Notice that this is not the same kind of consent that Apple requires for its other services, like photo classification. You can opt out of sharing data with Apple without hobbling your device. That is a very big deal.
So now I want to get to the main point: why does Apple think this is ok? And here’s the “insight”: I think Apple has convinced itself that as long as users *could potentially* opt out, this is the same thing as actually obtaining meaningful consent.
It obviously is not. For many people cloud backup services are not optional. Some don’t have a computer to back up to. They’re an integral part of a modern device, like Wi-Fi support or a camera. If you punish people who opt out, that isn’t consent: you’re just coercing them.
I don’t expect Apple to respond to a moral argument like this. What I do expect is that Apple agrees with me. Why do I believe this? Because I think Apple knows exactly how important these cloud services are, since they track how many of their users activate them.
Not only do they almost certainly keep careful track of these numbers, it’s extremely likely that they optimize their products to maximize them. They can do this because they control the default settings on new devices and OS upgrades.
And when you speak to Apple, it’s very clear that they know this. It’s very clear that they understand their users aren’t meaningfully consenting to scanning. And it’s also very clear that they don’t have much of an answer.
Which brings me to my last point (I swear.) What will happen in a world where it is no longer feasible to opt out of cloud services? Because that world is coming very quickly. Apple also doesn’t have a very convincing answer to that question, and that worries me. ///
• • •
Missing some Tweet in this thread? You can try to
force a refresh
