By Pádraig Belton

Apple has caused a stir with its new child safety measures, which other tech firms and privacy advocates say could unwittingly open the door to let governments spy on their citizens.

Later this year for US users, updates to iOS and iPadOS will scan users’ images for matches with known child sexual abuse material (CSAM) before storing them on its iCloud Photos platform.

The system works by using algorithms on a user’s device to turn an image into a lengthy numeric hash, and the iPhone will first upload this hash and compare it with a database of known images of child sexual abuse.

“This is a really bad idea,” says cryptography professor Matthew Green in a Twitter thread. Essentially it adds scanning systems to end-to-end encrypted messaging systems, so “imagine what it could do in the hands of an authoritarian government”, he asks.

Others argue hashing algorithms are not foolproof and may turn up false positives, worrying perhaps for parents with photographs of their children in the bathtub or at the beach. Furthermore, say other critics, child sexual abusers will simply buy a device without the feature.

“I think this is the wrong approach and a setback for people’s privacy all over the world,” says Will Cathcart, head of WhatsApp, which since 2014 has been part of Facebook. Countries where iPhones are sold will have “different definitions on what is acceptable,” and the system could very easily be used to scan private content for anything “a government decides it wants to control,” argues Cathcart.

Fuelling the dispute is a longstanding rivalry between Facebook and Apple, which offer competing messaging platforms. Apple CEO Tim Cook has accused the social media platform of selling users’ data to advertisers. Facebook’s Mark Zuckerberg, for his part, has warned investors that new privacy settings on Apple’s iOS 14.5 (called “App Tracking Transparency”), which make apps ask users’ permission to track their internet activity, could imperil the company’s revenues in the future. So for Zuckerberg, this is a highly welcome chance to argue maybe Apple isn’t quite as keen on privacy as it lets on.