Eric Snowden, yes, the National Security Agency “IT guy” and whistleblower, is sounding an alarm over the launch of Apple's CSAM (child sexual abuse material)detection system. Apple plans to install it on iPhones, iPads, and Macs. Snowden expressed concern over how the system will match images you store on iCloud to what the company is referring to as "forbidden content."
It doesn’t take much in the way of decoding to understand Apple plans to look for child pornography. A clue comes from the company's plan, according to Snowden, to notify law enforcement when its scan of a user’s uploads matches "forbidden content."
The ends of the CSAM detection system are good: child pornography is bad. Still, the new Apple policy offers an opportunity to delveinto the Fourth Amendment and your “expectation of privacy” — specifically as to materials and information that you place in the hands of third parties.
For example, did you know you don’t have an expectation of privacy as to the records your bank has about your accounts and transactions? How about the phone numbers you dial to make a call? Or the location of where you are right now as you read this article on your smart device?
What is Apple planning to do?
Again, please don’t confuse the issue or my position: scanning user photo uploads to its iCloud storage to protect children from pedophiles and child exploitation is a laudable endeavor by Apple. But as Snowden points out, users in possession of "forbidden content" may easily avoid that contraband from being scanned and reported to police simply by disabling the automatic upload function on their devices. Consequently, he is also concerned that Apple may eventually remove a user's ability to disable the feature. And rightfully so.
Snowden supports his warning that Apple could be on a downward spiral towards becoming the equivalent of an informant for law enforcement by pointing to a disclosure made by the company. According to Snowden, Apple admitted to providing customer data to the federal government several thousand times last year.
Expectation of privacy
Of course, a common argument used anytime there is a potential infringement on the right to privacy sounds more or less like this: "If you're not doing anything illegal, you have nothing to worry about." But such a simplistic response to a complex issue fails to fully appreciate the importance of personal privacy and the right against government intrusion contemplated by the Founding Fathers and (increasingly less) protected by the United States Constitution.
After all, the Fourth Amendment to the U.S. Constitution begins with a promise that, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…." It goes on to permit law enforcement to conduct investigations and obtain evidence when there is a warrant supported by probable cause to justify intrusion and infringement on that right to privacy.
So the question follows: Does someone engaging in unlawful activity have a right to invoke the Fourth Amendment against law enforcement efforts to obtain evidence? The U.S. Supreme Court provided its answer in 1967 when Mr. Katz used a phone booth to call in his gambling bets. The FBI put a listening device outside the phone booth to hear what Katz said and arrested him based on what they heard.
Katz claimed that use of the listening device violated his Fourth Amendment right to privacy. The government, in response, argued that it did not. The High Court agreed with Katz and established the legal doctrine of an expectation of privacy in Fourth Amendment cases.
For an individual's expectation of privacy to be reasonable, according to the Supreme Court, it must be one that society is objectively willing to accept as reasonable under the facts and circumstances existing at the time. In the Katz case, the fact that he closed the door to the phone booth served to affirm his expectation that what was said would be private.
What happens to privacy when third parties get involved?
When you save a photo on your personal/private desktop, laptop, iPad, or iPhone, it’s hard to argue you did not have an expectation that it would remain private. However, it becomes a bit murky when you use cloud storage to save it though.
After its decision in the Katz case, the Supreme Court was asked to address the expectation of privacy in data turned over to third parties. It did so in 1976 in a case involving financial records maintained at a person's bank and again in 1979 when it was asked to rule on the constitutionality of police obtaining the telephone numbers that a person dialed to make calls.
In each of the two cases, the Court ruled that an expectation of privacy was not reasonable in information a person voluntarily surrenders to third parties. In the first instance, it was the records a bank maintains of its customer's transactions. In the second, it was the numbers that are willingly transmitted to a telephone company when a person dials to make a call.
Apple iCloud and expectation of privacy
In the face of criticism and backlash regarding their announcement, Apple has walked back their position, stating that it will delay the child safety updates. According to Yahoo Finance, the stated purpose of the delay is to “take additional time…to collect input and make improvements ”to the feature. It had planned to roll out the software updates later this year, but that timeline sounds as though it will be extended.
Regardless, whenever the feature is deployed, lawsuits will likely follow. Even if they don’t, the contraband will undoubtedly make its way into criminal investigations, and Courts will ultimately decide on the constitutionality of evidence obtained by law enforcement and used in the prosecution of someone for uploading "forbidden content." Whether courts apply the third-party rule to material uploaded to iCloud will determine the level of a person's expectation of privacy.