GioCities

blogs by Gio

Tagged: security

🖱 Client CSAM scanning: a disaster already

  • Posted in cyber

Update 2023: I won.

On August 5, 2021, Apple presented their grand new Child Safety plan. They promised “expanded protections for children” by way of a new system of global phone surveillance, where every iPhone would constantly scan all your photos and sometimes forward them to local law enforcement if it identifies one as containing contraband. Yes, really.

August 5 was a Thursday. This wasn’t dumped on a Friday night in order to avoid scrutiny, this was published with fanfare. Apple really thought they had a great idea here and expected to be applauded for it. They really, really didn’t. There are almost too many reasons this is a terrible idea to count. But people still try things like this, so as much as I wish it were, my work is not done. God has cursed me for my hubris, et cetera. Let’s go all the way through this, yet again.

The architectural problem this is trying to solve§

Believe it or not, Apple actually does address a real architectural issue here. Half-heartedly addressing one architectural problem of many doesn’t mean your product is good, or even remotely okay, but they do at least do it. Apple published a 14 page summary of the problem model (starting on page 5). It’s a good read if you’re interested in that kind of thing, but I’ll summarize it here.

⚖ 5G's standard patents wound it

I remember seeing a whole kerfuffle about 5G around this time last year. Not the mind-control vaccine, the actual wireless technology. People (senators, mostly) were worried about national security, because Huawei (the state-controlled Chinese tech company, who is a threat, actually) was getting its 5G patents through and making its claim on the next-gen tech IP landscape. Maybe Trump even needed to seize the technology and nationalize 5G? Everybody sure had a lot to say about it, but I didn’t see a single person address the core conflict.

Format Wars§

Before we get to 5G, let’s go way back to VHS for a minute.

The basic idea of the “format war” is this: one company invents a format (VHS, SD cards, etc) and make a push to make their format the standard way of doing things. Everybody gets a VHS player instead of BetaMax, so there’s a market for the former but not for the latter. Now everyone uses VHS. If you’re selling video, you sell VHS tapes, and if you’re buying video, you’re buying VHS. If you invented VHS, this is great for you, because you own the concept of VHS and get to charge everyone whatever you want at every step in the process. And, since everyone uses VHS now, you’ve achieved lock-in.

Now, this creates an obvious perverse incentive. Companies like Sony are famous for writing and patenting enormous quantities of formats that never needed to exist in the first place because owning the de factor standard means you can collect rent from the entire market. That’s a powerful lure.

And that’s just talking about de facto standards. This gets even worse when you mix in formal standards setting bodies, which get together and formally declare which formats should be considered “standard” for professional and international use. If you could get your IP written into those standards, it turns your temporary development time into a reliable cash stream.

Enter SEPs§

“5G” is one of these standards set by standard setting bodies, and it’s a standard packed with proprietary technology. The most important slice of those is called SEPs, or “Standard Essential Patents.” These are the Patents that are Essential to (implementing) the Standard. In other words, these technologies are core and inextricable to 5G itself. This figure represents only the SEPs: