How a rotten Apple (and bad legislation) could spoil our private communications
In August 2021, Apple announced significant changes to their privacy settings for messaging and cloud services, only to “pause” it in early September. Earlier this summer, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages, and other online communications.In August 2021, Apple announced significant changes to their privacy settings for messaging and cloud services, only to “pause” it in early September. Earlier this summer, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages, and other online communications.
In August 2021, Apple announced significant changes to their privacy settings for messaging and cloud services, only to “pause” it in early September. Earlier this summer, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages, and other online communications. What does this mean for our private conversations and online interactions? Read below and also check our previous blogposts on the Apple announcement here, and on the EU legislation to scan our communications here and here.
Winter is coming
And with the winter, a new potential threat to our private communications. In December 2020, Over The Top (OTT) services such as WhatsApp, Instagram messaging, Facebook messenger, etc. needed to follow stricter privacy legislation. Because of this, the European Commission and EU governments were rushing to adopt new “urgent” and temporary legislation to allow private companies to continue scanning private communications (little we knew this was being done already). The atmosphere was charged: the European Parliament Child Rights Intergroup said that without this legislation the EU would become a “safe haven for pedophiles”, and similar claims in The Guardian, the New York Times, and Fortune, mixing encryption and scanning of private communications were put together with riots and child abuse. The idea was clear: too much privacy equals very nasty crimes.
A dangerous rushed “urgent” proposal
Despite this rushed and polarised environment, a fact about which our elected representatives in the European Parliament complained, a number of relatively positive aspects were added to a very bad proposal. In the end, however, the temporary legislation will allow the continuation of voluntary scanning of all communications all the time by certain service providers, meaning that the content of your messages could be scanned by a plethora of online services, applications, and platforms which is very broad and unspecific. From what we know, some of the applications that would be under the scope would be applications such as social media private chats (e.g. Instagram and Facebook), dating apps, and videoconferencing tools. The scanning of private messages will open the door for even more intrusive requests such as mass surveillance and censorship, threatening our privacy, security, and ability to express freely without fear.
Whether this temporary legislation will last the courts’ scrutiny remains to be seen. But, while cases may start being launched to invalidate against that law, on 1 December 2021 the European Commission will present a proposal for the permanent legislation that will substitute in due time the recently adopted “emergency” one. At the time of writing nothing has been shared about the plans for the long-term legislation, but the fact that the date of the publication has been delayed for a few months may mean that there are internal disagreements within the European Commission.
iSpy: Apple adding fuel to the fire
In August 2021, Apple announced they would start scanning conversations and uploads to iCloud to detect child sexual abuse material (CSAM). The news alarmed privacy experts such as hackers, academics, researchers, photographers, whistle-blower Edward Snowden, civil society and its own employees, and Apple smartly backtracked and decided to “pause” the implementation of these measures.
As EDRi member Electronic Frontier Foundation (EFF) put it, “Apple has a fully built system just waiting for external pressure to make the necessary changes. (…) The abuse cases are easy to imagine: governments that outlaw homosexuality might require a classifier to be trained to restrict apparent LGBTQ+ content, or an authoritarian regime might demand a classifier able to spot popular satirical images or protest flyers.” Another EDRi member, Access Now, had shared similar comments, saying that Apple’s plans “represent a crucial diversion from Apple’s prioritization so far of end-to-end encryption, privacy, and security”.
Even though Apple delayed the launch of their plans to scan your devices, they can always revert their decision and roll the plans out. However, the extent to which Apple, as well as other companies and governments, develop and deploy technologies to spy on people depends on the resistance they find from people. If the pressure put by governments on companies like Apple is higher than people’s opposition, companies will crack. And the same applies to your elected representatives. If all that your elected representatives hear is that without doing X, Y, Z they will be allowing child abuse or terrorism (two of the Four Horsemen of Infocalypse), they will feel forced to do X, Y, Z. Ahead of EU-wide plans to scan your phone, chats and dating apps, contact your local human rights NGO and ask to get involved in their work. Also, you can always support EDRi so we can support you when fighting to keep your private communications private. If you are based in Europe, stay tuned for the next development on the long-term “CSAM” legislation.
- Access Now: Apple taking pause after civil society calls to shelve on-device image hash scanning
- Access Now: Access Now urges Apple to restore trust by rolling back plans to circumvent end-to-end encryption on its devices
- EDRi: iSpy with my little eye: Apple’s u-turn on privacy sets a precedent and threatens everyone’s security’
- EDRi: It’s official. Your private communications can (and will) be spied on
- EDRi: Companies are now allowed to scan your private communications
- EFF: If You Build It, They Will Come: Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World