Premise [1]: Anything uploaded to the cloud will be scanned for kiddy porn.

Corollary: There are precisely two places that this data can be scanned

1) On the cloud servers. Anything and everything uploaded can be pushed through a scanner and anything that matches is flagged and sent off to a human to (ugh!) verify before being sent on to 3-letter agencies.

2) Within the privacy of your own device, only on things that are uploaded. Anything that "hits" is flagged and the same process (ugh!) as above is followed.

This is not a false dichotomy. Once you accept that the scanning will happen (and it does), then it either happens at the source or at the destination. Right now everyone offering a cloud service scans at the destination (the cloud servers themselves), and everything is scanned. It is not possible to have e2e if the server can read the data to scan it - this ought to be obvious.

Apple was offering to not do that scanning in their domain, but to trust that the device could do it in your own private domain, and that could have led to no further requirement for the server-side to be able to read the data (to do the scan). Which could have led to a fully end-to-end encrypted service for data, while still helping prevent ugly crimes.

Users chose option (1), that is: scan everything uploaded on the server all the time and deny the ability for end-to-end encryption to occur.

This is why we can't have nice things.

-------------

[1]: This isn't quite a legal requirement, but every cloud service does it because the lawyers won't issue advice to CYA (cover your arse as the service provider) if you don't do it. To mount a successful defence against being sued, you need to make an effort to detect, seems to be the legal opinion.

It's thoughtful, but clearly deputizing your own property against you is not a premise people are comfortable with.

Yup. That was my lament.

Nah, if it is end to end encrypted, it is rightfully opaque to the service owner. Who would sue them, and why?

I’m not a lawyer. My wife is, but she’s my lawyer. Get your own damn lawyer ;)

However, I could see:

- Bad person A is convicted of kiddy porn, as part of a plea deal, he gives up his sources etc - Turns out A has been sending stuff to B via iCloud - B does something nasty to C’s kid and gets caught - C sues Apple (who has money and certainly doesn’t want to be defending this in court) for making no attempt to stop this from happening to C’s kid, or worse assigns culpability due to being the medium of transport.

Would this have merit ? Probably not, but it’s not something Apple want splashed all over the interwebs. The court that matters is public opinion, in this instance, and mega-corp vs parents-of-abused-kid doesn’t play well whatever the merits of the case.

So Apple (and everyone else) scan, in part for self-interest, and also because I’m sure people at Apple/whoever have kids too, and have just as visceral a reaction as other people when confronted with hard evidence that this shit really happens. It’s easy to play the “think of the children is all bollocks” card - it’s harder when there’s a real abused kid that is front and center.

We send letters and parcels all the time within the USA and they are not inspected either. People also do horrible things in cars too, we don't systematically 'inspect' the content of every single car that drives on it past a bridge toll or similar. It feels rather flimsy IMO potential lawsuits without specific laws making this a liability that this would be the reason, like SESTA / FOSTA did.

Once precedent shows that apple or anyone else will just never have that info because they deliver things in the equivalent of opaque letters, legal precedent of previous court cases will make these happen less and less, if at all.

If I were apple, I would rather not have the responsibility of inspecting people's contents if I was a medium of transport, because it prevents an entire duty of care aspect that would pop up. You prevent more lawsuits by being E2EE IMO.

You see this avoidance behavior within medicine with malpractice lawsuits, where doctors would rather patients not speculatively test so they don't create duty of care issues, and where they outsource some kinds of testing to other firms, so the 'duty of care / malpractice' aspect that pops up in case they missed something goes to the firm instead of them. There is a big 'avoid seeing things if you don't have to' energy in a lot of medicine, and it comes from malpractice anxiety.

So there are things forcing apple to go this way IMO, I don't think they would do this by default.

My operating theory is that Apple is being coerced by federal regulators not to release e2e software without backdoors like this.

This is clearly unconstitutional and illustrates that the US and China are pretty similar when it comes to human rights policy.