Why Apple's iCloud+ Provides a Future Unlocking for Authoritarian Government Data Surveillance

Written by

Earlier this year, Apple announced a new feature to roll out on certain devices in the US that will automatically scan personal devices in a bid to tackle child abuse. NeuralHash technology is a perceptual hashing function creating fingerprints in a different way to traditional cryptographic hashing. Essentially, it can identify imagery without decrypting it unless a threshold is met and a sequence of checks done. It then reports this to the country’s National Center for Missing & Exploited Children. 
 
But a backlash has circulated online with notable tech leaders raising concerns about what this means for individuals’ privacy and consumer rights, led by Whatsapp CEO Will Cathcart. He described it as a "step back for people’s privacy all over the world." Yet, Apple has said it’s designed with user privacy in mind and in line with their public commitment to privacy for all users. 
 
The EU and UK Governments are taking steps to regulate how the powerful US tech giants store and use consumer data. The EU has an antitrust investigation following complaints in 2019 from Spotify. In the UK, the Digital Markets Unit, part of the Competition and Markets Authority, may suspend, block and reverse decisions by tech giants and issue fines of up to 10% of turnover. Yet, at the same time, Apple has been under government pressure in the US for increased surveillance of encrypted data. Governments and agencies are pressuring all large organizations with end-to-end or even partial encryption enabled, stating CSAM and possible terrorist activities as a rationale to argue for measures. It’s a confusing message. 

Who is leading the charge here? Whether it is tech giants or governments, it is concerning. Matthew Green, a cryptography researcher at John Hopkins, said it could be used to frame innocent people or weaponize and said it would lead to "bulk surveillance of phones and laptops." Not all governments and organizations in the world have the benevolent well-being of their citizens at heart. In 2020, there were reports of organizations using phone location data to track and spy on Black Lives Matter protesters. In Jordan, the World Food Program was collecting migrants’ biometric data, requiring refugees to submit it to have access to food in camps.

"Not all governments and organizations in the world have the benevolent well-being of their citizens at heart"

Privacy campaigners have said there are dangerous ramifications and question whether this is a backward step in digital security.  WhatsApp had come under fire for having less robust privacy policies, which came to the fore when they relaunched it back in May, and now Apple is being criticized for infringing privacy. 
 
But where does responsibility for privacy lie?
 
Smart devices and technology are embedded in our everyday lives, and most consumers trust them — because it’s easier to do so. Few of us read the privacy notices. We accept that Alexa, and thus Amazon, knows when we’re home, when we leave the house and when we go to bed because it makes life convenient. Each of these devices or companies in silo might be ok, but what if Amazon starts telling authorities when you’re home based on your Alexa? 

We can’t just blame the tech behemoths — we all need to take responsibility to shift towards a less invasive approach. Consumers have to be confident that they are using a platform that genuinely has privacy at core. Whether through reading the policies, only selecting the data you wish to share or choosing platforms that allow you to store encrypted data in select locations, it is essential to take responsibility. In addition, as more lawsuits and regulations come to the fore, we may have to take a more cautious approach.
 
Governments must not only conduct public consultations into antitrust or bring in measures seemingly about privacy at times of crisis or when they are worried about competition and market share — which may be the real issue here. There should be more uniform regulation, with collaboration between different countries, essential with population migration and multi-residencies growth. There is a discrepancy in what data sovereignty means for each country to reign in tech sovereignty. A consistent approach and regulated data flow need to be prioritized.
 
Technology is constantly evolving, and those companies must ensure that the excitement over new abilities balances the fundamental human right of privacy — and not just the desire to avoid fines and escape damages to reputation. Transparency over what data is being collected — and why it’s collected — must be part of any consumer company relationship. 

Companies that take strides in ensuring compliance and being at the helm of reassurance and regulation will be the ones who thrive. The future belongs to those who don’t see a dichotomy between regulation and advancement. It belongs to those who put power back in the hands of those who matter — their users. 

If you liked this article, be sure to check out these upcoming Online Summit sessions:

What’s hot on Infosecurity Magazine?