Oh baby clutch those pearls tight with your wringed hand. So sick of this “it’s not us, it’s them” ignorant, blind, stupid fear mongering. STFU and do something about it. Talk to people on the other team for starters.
That's like telling the Titanic and the iceberg to just talk it out, but nobody is at the helm. This is a problem far bigger than "Just talk to somebody with a slightly different viewpoint!". This is a problem at the root of our society. It's an existential crisis that has been getting worse for decades.
> If the system interprets a picture of a pineapple as CSAM, you only need to produce the picture of a pineapple to defend yourself against any accusations.
If the system interprets a picture of a pineapple on your phone as CSAM,
after Apple notifies the authorities they have identified child porn on your phone,
after the police detain you with the courtesies afforded to all alleged pedophiles,
after you cough up your phone’s password,
you only need to produce the picture of a pineapple to defend yourself against any accusations,
and then point out to the folks with the guns that no, you didn’t delete the child porn from your phone, look, it’s just a pineapple,
I mean, that's one imaginary scenario. On the other hand, it's quite likely that upon a match the offending picture in full res is stored in an enclave on your device, and/or encrypted in the cloud, in such a way that it cannot be deleted by the user.
If they know this attack is possible, Apple, not being idiots, will cover their asses in court by saying that a match is merely strong evidence that the user may have had CSAM on their account, but that it cannot be said for certain unless the full image is obtained by the authorities, and that the full image should be where they say it is, with the voucher made by the device.
Because of that, prosecutors are unlikely to want to move forward without better evidence: Apple may very well testify for the defence if they do, and judges will ultimately chew them out. So yeah, I suppose rashness and incompetence in some parties may lead to a very uncomfortable situation, but ultimately it is likely that the police would be reprimanded for it and that it would be a lot more cautious afterwards.
> after Apple notifies the authorities they have identified child porn on your phone,
Apple has a team that will manually vet the matches, so no pineapple picture or a fuzzy forced hash collision picture will cause the authorities to be notified.
So if you're worried someone will secretly send fake CSAM hash collision images to your phone to trigger the process, the worst that will happen is that some poor sod at Apple will get mildly inconvenienced.
They have access to a "visual derivative" (which I suppose is their way of saying "thumbnail") but it probably wouldn't help if the adversarial example is normal porn. This being said, once the authorities are contacted, they will have to work to obtain the full image, because if all they have is a thumbnail and a voucher, the evidence would probably be thrown out in court.
As for using it for other things than CSAM, well, for one, Apple would know, because the thumbnails would show political memes, so they'd have to be in on the conspiracy. They probably don't want that liability. Furthermore, the hashes are supposed to be auditable: a third party could check that they are what they are, a court order could order such an audit, and it would be suspicious for Apple to refuse. They wouldn't want to include anything that could piss off any sufficiently powerful government or, say, the EU, because they are likely to figure it out. And if they give different hashes to different citizens, that will also be obvious.
“Every to-do list is a midlife crisis of unfulfilled promise.”
While reading, “Wow, a thoughtful piece on to do list software,” after finishing and noticing the byline, “Oh! Clive Thompson! That dude always makes sense.”
