An article published by Wired on December 7, 2022 reports the news that the cloud-side scanning project for the automated and warrant-less search of a court of child sexual abuse material stored in iCloud has been abandoned in favor of other approaches. On the same day, Apple announced the adoption of new security features for the protection of treaty data through its devices, making them increasingly difficult to use against the will of the user (be it an ordinary citizen, a political activist, a journalist or a criminal).
Acknowledgments
App Store Award: BeReal is the best iPhone app of 2022
by Antonio Dini
It is not known whether the two initiatives are connected, or if the fact that they were made public at the same time is just a coincidence. The fact is that the announcement of the preventive search system of disk space rented to users had ignited white-hot controversies that risked tarnishing the image carefully built by Apple as a company that puts the protection of fundamental rights at the center of its actions.
Three novelties
From 2023, almost all data on Apple iCloud will be hack-proof
by Andrea Nepori
The news of the increased impermeability of products to “infiltration” by governments (and) criminals removes the shadow that had formed over Apple’s image, and which could have compromised an essential component of product positioning. However, once one hotbed of potential controversy is extinguished, another one could (re)ignite: that, which has never died down, of the limit to the obligation to cooperate with the state apparatuses.
So long, Apple, welcome Linux
by Andrea Monti
The theme is significantly absent in the communication of the new services and, in particular, in the document of over 200 pages which explains in a more or less understandable way for non-experts – certainly not for the typical user of Apple products – in which way the integration between hardware, operating system, applications makes (would) these products the most secure on the market, the safest on the market. Although it represents an excellent example of the use of security to support product positioning and provides a large amount of information, the document is, in fact, more interesting for what it non He says. Nowhere, in fact, are there references to the very thorny issue of support for the judiciary and the (at least) US security apparatuses to access data of investigative interest or pertinent to “national security”.
Apple’s position on the point has been known for some time, ever since in 2016 the company refused to fully cooperate with the FBI in the investigation into the S. Bernardino massacre, denying, “in the name of privacy”, the availability to include in the products the way to make them accessible to the police. It is clear that the new data protection features are the result of the same strategic line directed towards the creation of “locks” which are by default non-breakable (net of errors which sometimes allow the result to be achieved) and which can still make more difficult for the institutions to carry out investigative activities. However, this cannot be said because otherwise we would run the risk of ending up associated with cases such as Encrochat or Sky ECC in which the authorities have hypothesized a co-responsibility between the provider of secure messaging services and abuse by customers (largely, involved in illegal actions).
So Apple solves the problem with an admirable example of reframing. Its communication experts change the frame that surrounds the picture. The image – “locked” data – is always the same, but the context changes: the point is not to prevent governments from carrying out investigations, but to protect citizens and activists from the violation of their rights. This change of context makes more acceptable, or less immediately unacceptable, the hardly debatable fact that using Apple products undermines judicial investigations and state security activities. However, another, not irrelevant detail remains equally firm: the technological obstruction of investigations and information gathering by the secret services blocks the work of all States, and not just the “rogue” ones that repress “fundamental rights”.
It would be simplistic to deny this conclusion, as, on the other hand, it would be equally simplistic to deny the existence of widespread concern about the way information technologies are used by even Western states. Proof of this is the controversy in Italy over the extensive use of “computer sniffers”, telephone interceptions and activities (unknown to most but no less invasive, as reported in December 2021 in a hearing in the Chamber by the Italian Internet Association DNS traffic “filtering” provider to block access to foreign websites. In Italy this is allowed not only to the judiciary but also to independent authorities (such as the Antitrust and the one for communications), and simple agencies (such as that of the monopolies). If only a magistrate should be able to decide whether, how and when to interfere in the rights of people not involved in illegal activities, it becomes legitimate to ask why this is also allowed for entities that do not belong to the judiciary.
Regardless of these aspects, perhaps excessively technical-juridical, the highest level issue remains of the existence and of the possibility of imposing a limit on the work of Big Tech which increasingly, in addition to being a structural element of the control system of citizens, represents an autonomous power that negotiates on an equal footing with the states in a new multipolar system.
In principle, the power/right to decide what is “right” to do and what are the limits to State action does not and cannot belong to a private company. In concrete terms, however, the substantial confession of failure and impotence of the States and, as far as we are concerned, of the European Union, has cleared the concept of voluntary cooperation, i.e. the need for private operators to “spontaneously” adopt procedures to guarantee what the institutions are not, cannot or do not want to do. Managing the innumerable reports of “unlawfulness” risks paralyzing the police activity, and therefore they are delegated to the so-called private “Trusted Flaggers” – informers, in other words); removing content that is not clearly illegal but “controversial” would require a process, but “there is more to do” and therefore it is better to impose – and therefore give the power – to the platforms to autonomously evaluate what to do; investigations are based on the acquisition and storage of data, but there is no way to create a public infrastructure capable of doing this: better to transform access operators into extensions of investigative offices by ordering them to retain traffic data indiscriminately telematics, and pushing towards the creation of a European DNS that will allow the centralization of blocking and filtering actions.
This substantial and unacceptable delegation of state functions to private structures is justified in the name of do the right thing, the ethical shortcut to avoiding political responsibility for making unpopular decisions. But give it voluntary cooperation al do-it-yourself the step is short and, from this point of view, Apple certainly cannot be blamed for having once again been ahead of the times especially because, given the spirit of the times, it is by no means certain that the “bad guys” are only those who are ” on the other side”.