Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple using hashes to flag & evaluate emails to hunt down child abuse images

Last updated

In a court filing, Apple has revealed how it is able to monitor emails passing through its systems for images of child abuse, with the iPhone maker keeping a look out for hashes pertaining to specific photographs and videos which are automatically flagged for inspection.

Like many other tech companies, Apple has systems in place to try and cut down on the amount of illegal traffic passing through its networks. Part of this is its monitoring of messages sent and received by its customers, which includes processes for the detection and reporting of images displaying child abuse.

Revealed in a search warrant filed in Seattle and found by Forbes, it is now known that Apple is using automated systems to check messages, specifically hashes. The system compares hashes of files with a database of existing hashes it knows belong to previously-reported abuse images.Emails that contain the questionable files are flagged for inspection.

For flagged emails, a staff member checks the content of the message and the files to check for illegal material. If a message is deemed to contain such content, Apple then passes the message along to the authorities.

Apple's process is seemingly more thorough than those of other firms, which typically pass the message over to organizations such as the National Center for Missing and Exploited Children when the automated system flags the message, with little to no manual checking of the content itself.

The details were brought up in the search warrant from comments made by an Apple employee, explaining how the system detected "several images of suspected child pornography" being uploaded by an iCloud user, which prompted an examination of their emails.

Emails containing suspect images are not delivered to their intended recipient, the employee wrote. In the warrant's case, one individual sent 8 emails, with 7 messages containing 12 images and the other holding another four, all to the same recipient.

As the seven emails were identical in terms of content and files, it was suspected by the employee either the person "was sending these images to himself and when they didn't deliver he sent them again repeatedly," or the intended recipient told them the messages weren't getting through.

As part of its disclosure to law enforcement, Apple also provided data on the iCloud user, including their name, address, and phone number, though it is unclear if this was included as part of the disclosure to law enforcement. The government later made requests for the user's emails, texts, instant messages, and "all files and other records stored on iCloud."

While there is the possibility some critics will object to the privacy implications of Apple staff inspecting flagged messages, the process of flagging the messages is performed using hashes and is automated, so the content of the images isn't taken into account. The use of humans for inspection helps limit the possibility of false positives in file verification, where a file may have the same hash value as another in an existing database, but have completely different properties.

The findings also cover communications that are not encrypted, namely those that don't go through the secure end-to-end encryption that has become one of the main elements of the ongoing encryption debate. Just as how law enforcement cannot access encrypted content on Apple's products or services, Apple also cannot look at the same material.



19 Comments

gatorguy 13 Years · 24627 comments

Well of course they are looking at emails. All the big providers utilize machine scanning even if some like to call it "reading our emails".

Some monetize the data in the emails themself (ie Earthlink, Edison and many others) while companies like Apple, Google and Microsoft do not monetize a user's emails but still do "read" them for protecting that user from spam/malware, organizing the person's inboxes, and for legally mandated reasons such as identifying child porn. 

seanismorris 8 Years · 1624 comments

Interesting...

I assume this is referring to  @icloud.com, @mac.com, or @me.com and probably files uploaded to iCloud.  If you have an Apple device you have an Apple email.  Apps send emails to the Apple email which is then forwarded to your real email address (for privacy).  If you use an email App you might be using Apple’s outgoing mail server and not realize it.

NinjaMan 4 Years · 64 comments

So Apple will flag the emails and pass along to authorities but will they unlock the savage's phone for authorities in an effort to uncover a broader distribution ring?

gatorguy 13 Years · 24627 comments

NinjaMan said:
So Apple will flag the emails and pass along to authorities but will they unlock the savage's phone for authorities in an effort to uncover a broader distribution ring?

With proper legal orders they'll turn over what they have access to. Bypassing your iPhone lock is not one of those things as of now. 

seanismorris 8 Years · 1624 comments

NinjaMan said:
So Apple will flag the emails and pass along to authorities but will they unlock the savage's phone for authorities in an effort to uncover a broader distribution ring?

Unlocking a phone requires a backdoor which Apple refuses to do.  Apple is assisting law enforcement, but not at the expense of product security.

Email isn’t a very secure method of communication by default.  Adding security (encryption) causes complications.  For example protonmail uses openPGP to encrypt emails in transit.  They also encrypt the data at rest.  The issues include the inability to encrypt the header (for the openPGP standard).  Also, having your emails encrypted makes indexing your mailbox difficult which means limited search functionality.  The fact that headers aren’t encrypted means law enforcement can still get a lot of information or at least leads.  

Bottom line, users have options if increased security is necessary.  But, law enforcement tries to suggest there’s easy answers to very complex problems to get what they want.

My stance is an unwillingness to sacrifice the security of everyone, to make it easier to put a few people behind bars.  In most cases, they’ll be caught and convicted anyways with a bit of old fashioned police work.