Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Fed expansion of Apple's CSAM system barred by 4th Amendment, Corellium exec says

Government abuses of Apple's CSAM iCloud detection system in the U.S., like expansion to terrorist subjects and similar matters, is prevented by the Fourth Amendment, according to security firm Corellium's chief operating officer.

In a Twitter thread Monday, Corellium COO and security specialist Matt Tait detailed why the government couldn't just modify the database maintained by the National Center of Missing and Exploited Children (NCMEC) to find non-CSAM images in Apple's cloud storage. For one, Tait pointed out that NCMEC is not part of the government. Instead, it's a private nonprofit entity with special legal privileges to receive CSAM tips.

Because of that, authorities like the Justice Department can't just directly order NCMEC to do something outside of its scope. It might be able to force them in the courts, but NCMEC is not within its chain of command. Even if the Justice Department "asks nicely," NCMEC has several reasons to say no.

However, Tait uses a specific scenario of the DOJ getting NCMEC to add a hash for a classified document to its database.

Tait also points out that a single image of non-CSAM wouldn't be enough to ping the system. Even if those barriers are somehow surmounted, it's likely that Apple would drop the NCMEC database if it knew the organization wasn't operating honestly. Technology companies have a legal obligation to report CSAM, but not to scan for it.

Whether or not the government could compel NCMEC to add a hash for non-CSAM images is also a tricky question. According to Tait, the Fourth Amendment probably prohibits it.

NCMEC is not actually an investigative body, and there are blocks between it and governmental agencies. When it receives a tip, it passes the information along to law enforcement. To actually prosecute a known CSAM offender, law enforcement must gather their own evidence, typically by warrant.

Although courts have wrestled with the question, the original CSAM scanning by a tech company is likely compliant with the Fourth Amendment because companies are doing so voluntarily. If it's a non-voluntary search, then it's a "deputized search" and in violation of the Fourth Amendment if a warrant is not provided.

Apple's CSAM detection mechanism has caused a stir since its announcement, drawing criticism from security and privacy experts. The Cupertino tech giant maintains that it won't allow the system to be used to scan for anything other than CSAM, however.



30 Comments

lordjohnwhorfin 18 Years · 871 comments

Yeah… No. It’s happened many times in the past that companies were compelled to do something and were placed under gag orders so it would be a serious crime for them to leak that order. Not saying I have a strong opinion on this new feature one way or the other, but I’m not buying this argument.

wwinter86 12 Years · 53 comments

Shocking how many people do not want this feature and seem keen to protect the rights of pedophiles  :#

bluefire1 10 Years · 1311 comments

For a company like Apple which is so fervent about privacy rights, it’s both disconcerting and alarming that they’d carve out any exception regardless of how righteous or noble the cause.

hammeroftruth 16 Years · 1356 comments

Didn’t the NSA violate the 4th amendment when it was caught spying on American citizens who were not suspects of committing terrorism? 

jungmark 13 Years · 6927 comments

Just because the govt could force an update to the NCMEC database doesn’t mean Apple updates their data to push out in an iOS update.