Apple has taken a long needed step forward for human rights by introducing new security features, and rolling back the previously proposed client-side scanning feature that would undermine end-to-end encryption, expanding the scope for surveillance and unauthorized access. This is a welcome brick in people’s online privacy and security wall.
Access Now supports Apple’s commitment to strengthening its Communication Safety features and urges the company to continue engaging with stakeholders to build robust online safety mechanisms.
“Encryption bolsters privacy and security for all, and undermining it to achieve online safety is an oxymoron. Collective efforts must focus on building long-term solutions that don’t sacrifice the right to privacy, and consequently free expression, for the mere possibility of any increase in safety — one cannot exist without the other,” said Namrata Maheshwari, Policy Counsel at Access Now. “Apple’s decision to roll back the client-side scanning feature puts the company’s privacy commitments into practice, and strengthening Communication Safety features helps protect its most vulnerable stakeholders.”
Apple’s decision to drop its plan of scanning images stored in iCloud Photos in response to widespread criticism is a positive move towards online safety for all. Its stated goal — to prevent the spread of child sexual abuse material (CSAM) — needs urgent and continuing attention. However, endangering people’s privacy is not the path. As Access Now and civil society from across regions have alerted the world, the surveillance-enhancing proposal would have created more rights-invading problems than it would solve, as undermining end-to-end encryption imperils everyone’s privacy and safety online, including that of children.
The new features strengthen people’s ability to secure personal data, particularly empowering those who face increased risks, such as journalists, human rights defenders, and activists. They include: (1) iMessage Contact Key Verification, an additional layer of security allows people to ensure that they are only communicating with those they intend, and alerts users if an attacker is eavesdropping on encrypted communications; (2) Security Keys for Apple ID strengthen protection of online accounts by requiring a hardware security key for authentication; and (3) advanced data protection for iCloud gives people the choice to protect most iCloud data with end-to-end encryption.
“Tech companies have a responsibility to do everything in their power to ensure that human rights are respected,” said Mohammed Al-Maskati, Digital Security Helpline Director at Access Now. “Our privacy is not a bargaining chip, and it should not be easily discarded to achieve other goals.”
As a climate of growing surveillance, rising digital threats, and rampant use of invasive spyware spreads across the globe, technology companies have the responsibility to actively develop security tools that empower people and protect human rights. Expansion of end-to-end encryption, and development of digital security measures through technological innovation and continuing engagement between diverse stakeholder groups including security experts, digital rights advocates, and child rights groups is the way forward. Access Now urges all companies — especially those in the sectors of cloud storage, communications, and messaging — to follow Apple’s example and take this route, and help put human rights first.