Apple probably automatically checks the e-mails of its iCloud users for suspicious content, and an iPhone user from the USA has now been charged with child pornography. The defendant had previously wanted to send pictures and videos in several emails.
Apple can read and block unencrypted emails sent via Apple's Mail app in iCloud. This is stated in reports published by Forbes. According to US magazine, which uncovered a search warrant, Apple has an algorithm that scans mail attachments and iCloud data of its users for so-called "hashes". Hashes can be understood as cryptic image descriptions that are read by algorithms. Hashes are attached to previously identified child abuse photos and videos. This enables Apple to identify suspicious images automatically.
In the current case, a man had wanted to send a total of eight emails with images via Apple's iCloud server. Apple's system failed, however, and the sending of emails, including attachments, was stopped. Although Apple has a reputation for not collaborating with law enforcement agencies on a large scale, the company is likely to report cases of child abuse and child pornography to authorities without request or existing law enforcement.
Before an Apple employee sifts through the suspicious material, information about the Apple user, including their IP address and contact details stored in the user's account, is then passed on to the appropriate authorities, Forbes reports.
No access to encrypted content
Apple had also handed over further data of the Apple user to investigators upon request. It is not clear what information is involved. Requested by the government were "all files and other records stored in iCloud," according to court documents available to the magazine.
It is a challenge for many tech companies to protect the privacy of their users and at the same time capture criminal networks and crimes. According to Apple, user data would only be checked by human eyes if the system reported suspicious content. However, encrypted messages and emails are not detectable by Apple's algorithm. In general, Apple is reluctant to accept encrypted content or devices. The FBI regularly tries to force Apple to help unlock the iPhones of criminals and terrorists.
As things stand, no charges against the user in question have been filed and Forbes chose not to publish the user's name nor the warrant itself.
The story is likely to raise more concerns about data security and privacy though. What's important to realize here is that Apple is only the emails of its users when its systems have identified abusive images. Professor Alan Woodward, a cybersecurity expert at the University of Surrey, did offer some words for thought though: "I think the balance that Apple has drawn is a good one," he said. "No matter how much automation there is in initially flagging illegal imagery, a human has to do the final check."