iCloud: So far, Apple has only scanned emails for abuse photos


Apple is already scanning the server for content that shows child sexual abuse. The system is only used to check e-mails that run via iCloud, as the company has now confirmed to media representatives. Photo libraries synchronized via the iCloud Photos service, however, have never been checked for such material.

Since 2019, Apple has changed its privacy policy to scan “uploaded content for potentially illegal content”, “including material related to the sexual exploitation of children”. So far, the group had not specifically explained which iCloud services are checked – and in what form. The company previously only announced that the system is based on “electronic signatures” and functions “similar to spam filters for e-mails”.

Only a search warrant made public at the beginning of 2020 stated that Apple uses hashes and an automated comparison with databases of known abuse material – similar to other IT companies with cloud services. An Apple employee sifted through marked emails and reported the case directly to the responsible US authorities if child abuse was suspected, according to the search warrant. Law enforcement officers can then request additional iCloud data from Apple.

More from Mac & i

More from Mac & i

More from Mac & i

More from Mac & i

For iCloud photos, Apple decided against purely server-side scanning for abuse material: the server-side check is invasive, opaque and could target individual accounts. Instead, the group wants to use iOS 15 to detect known abuse material in iCloud photos directly on iPhones and iPads – through a local comparison with a hash database contributed by child protection organizations. Apple did not yet want to say which organizations – apart from the National Center for Missing & Exploited Children (NCMEC) – provide hashes for this. A list of partners will follow at a later date.

Apple’s plans are met with considerable resistance: civil rights activists, security researchers and data protection activists warn against constant, uninterrupted monitoring of the user by their own device – and the misuse of the system for censorship and state surveillance.


To home page