On August 5, 2021, Apple announced that it would soon begin conducting pervasive surveillance of the devices that it sells in a stated intent to expand protections for children. The company announced three new features. The first will monitor for children sending or receiving sexually explicit images using the Messages application. The second will monitor for the presence of Child Sexual Abuse Material (CSAM) in iCloud Photos. The third will monitor for searches pertaining to CSAM. These features are planned to be activated in the United States in the next versions of Apple’s operating systems which will ship to end-users in the fall of 2021.
In this post I focus exclusively on the surveillance of iCloud Photos for CSAM content. I begin with a background of Apple’s efforts to monitor for CSAM content on their services before providing a description of the newly announced CSAM surveillance system. I then turn to outline some problems, complications, and concerns with this new child safety feature. In particular, I discuss the challenges facing Apple in finding reputable child safety organizations with whom to partner, the potential ability to region-shift to avoid the surveillance, the prospect of the surveillance system leading to ongoing harms towards CSAM survivors, the likelihood that Apple will expand the content which is subject to the company’s surveillance infrastructure, and the weaponization of the CSAM surveillance infrastructure against journalists, human rights defenders, lawyers, opposition politicians, and political dissidents. I conclude with a broader discussion of the problems associated with Apple’s new CSAM surveillance infrastructure.
On August 5, 2021, Apple announced that it would soon begin conducting pervasive surveillance of devices that they sell with a stated intent of expanding protections for children. The company announced three new features. The first will monitor for children sending or receiving sexually explicit images over the Messages application, the second will monitor for the reception or collection of Child Sexual Abuse Material (CSAM), and the third will monitor for searches pertaining to CSAM. These features are planned to be activated in the next versions of Apple’s mobile and desktop operating systems which will ship to end-users in the fall of 2021.
In this post I focus exclusively on the surveillance of children’s messages to detect whether they are receiving or sending sexually explicit images. I begin with a short discussion of how Apple has described this system and spell out the rationales for it, and then proceed to outline some early concerns with how this feature might negatively affect children and adults alike. Future posts will address the second and third child safety features that Apple has announced, as well as broader problems associated with Apple’s unilateral decision to expand surveillance on its devices.
Sexually Explicit Image Surveillance in Messages
Apple currently lets families share access to Apple services and cloud storage using Family Sharing. The organizer of the Family Sharing plan can utilize a number of parental controls to restrict the activities that children who are included in a Family Sharing plan can perform. Children, for Apple, include individuals who are under 18 years of age.
Upon the installation of Apple’s forthcoming mobile and desktop operating systems, children’s communications over Apple’s Messages application can be analyzed to assess if the content of the communications include sexually explicit images, if this analysis feature is enabled in Family Sharing. Apple’s analysis of images will occur on-device and Apple will not be notified of whether an image is sexually explicit. Should an image be detected it will initially be blurred out, and if a child wants to see the image they must proceed through either one or two prompts, depending on their age and how their parents have configured the parental management settings.
Canadian students of national security have historically suffered in ways that their British and American colleagues have not. Whereas our Anglo-cousins enjoy a robust literature that, amongst other things, maps out what parts of their governments are involved in what elements of national security, Canadians have not had similar comprehensive maps. The result has been that scholars have been left to depend on personal connections, engagements with government insiders, leaked and redacted government documents, and a raft of supposition and logical inferences. Top Secret Canada: Understanding the Canadian Intelligence and National Security Community aspires to correct some of this asymmetry and is largely successful.
The book is divided into chapters about central agencies, core collection and advisory agencies, operations and enforcement and community engagement agencies, government departments with national security functions, and the evolving national security review landscape. Chapters generally adhere to a structure that describes an agency’s mandate, inter-agency cooperation, the resources possessed and needed by the organization, the challenges facing the agency, and its controversies. This framing gives both the book, and most chapters, a sense of continuity throughout.
The editors of the volume were successful in getting current, as well as former, government bureaucrats and policymakers, as well as academics, to contribute chapters. Part One, which discusses the central agencies, were amongst the most revealing. Fyffe’s discussion of the evolution of the National Security Intelligence Advisor’s role and the roles of the various intelligence secretariats, combined with Lilly’s explanation of the fast-paced and issue-driven focus of political staffers in the Prime Minister’s Office, pulls back the curtain of how Canada’s central agencies intersect with national security and intelligence issues. As useful as these chapters are, they also lay bare the difficulty in structuring the book: whereas Fyffe’s chapter faithfully outlines the Privy Council Office per the structure outlined in the volume’s introduction, Lilly’s adopts a structure that, significantly, outlines what government bureaucrats must do to be more effective in engaging with political staff as well as how political staffers’ skills and knowledge could be used by intelligence and security agencies. This bifurcation in the authors’ respective intents creates a tension in answering ‘who is this book for?’, which carries on in some subsequent chapters. Nonetheless, I found these chapters perhaps the most insightful for the national security-related challenges faced by those closest to the Prime Minister.
Canadian parliamentarians in the era of the pandemic have adopted distanced methods of conducting their business. This has seen many Members of Parliament (MPs) use video conferencing platforms so that they can broadcast from their kitchens, living rooms, home offices, and bedrooms. On April 14, 2021 there was an unfortunate situation where a conventionally attractive male MP inadvertently had his conferencing camera on while changing his clothing. Another MP or parliamentary staff member captured an image of his state of undress and subsequently shared it with media organizations.
This situation raises a question of law and, separately and more broadly, provides an opportunity to highlight the pervasive problems facing Canadian society in terms of addressing sexual violence, the non-consensual sharing of their intimate images (meant in a non-legal sense), and intimate partner abuse.
Facts at Hand
Due to how the parliamentary video system is configured, the only people who could have witnessed this incident were either other MPs or parliamentary staff members on the video conference. This meant that while the meeting was open to the public the actual video stream capturing the MP’s state of undress was (at the time) only visible to a relatively small group of people. At least one member of that small group took a photo of the MP and subsequently shared it. The image has, subsequently, been shared by the press and by individuals on social media, though admittedly with some censorship applied to the image. Unsurprisingly, this led to a number of jokes about the MP, their state of undress, the MP being too transparent, and more.
Unlike many others, I did not find the non-consensual sharing of the image to be particularly funny. Instead, I quickly and publicly raised the question of whether either the MP or staff member who shared the image, or an offending MP’s party, would be willing to come before the Canadian public and explain why their actions did not contravene Section 162.1 of the Criminal Code of Canada. This part of the Criminal Code makes it a criminal offence for someone to publish an intimate image without consent. I also firmly stated that I was disgusted by the image having been shared and that I thought whomever shared it should be disciplined.
The first question is: did an MP or staffer potentially violate 162.1 in sharing the image, setting aside potential parliamentary privileges that may shield parliamentarians from investigation or charges?
Intimate Images and the Criminal Code of Canada
To potentially be guilty of violating the Criminal Code in sharing this image, the MP’s or parliamentary staffer’s actions must satisfy a set of criteria.
Whomever shared the image certainly knowingly published, distributed, transmitted, or made available “an intimate image of a person knowing that the person depicted in the image did not give their consent to that conduct” (162.2(1)). If the rest of section 162.1 of the Criminal Code is satisfied then that individual is guilty of an offence, which is “liable to imprisonment for a term of not more than five years” (162.1(1)(a)).
Moving on, per the Code, an intimate image “means a visual recording of a person made by any means including a photographic, film or video recording” (162.1(2)) where the following conditions are met:
(a) in which the person is nude, is exposing his or her genital organs or anal region or her breasts or is engaged in explicit sexual activity;
(b) in respect of which, at the time of the recording, there were circumstances that gave rise to a reasonable expectation of privacy; and
(c) in respect of which the person depicted retains a reasonable expectation of privacy at the time the offence is committed.
The MP was certainly nude, satisfying 162.1(2)(a). They were in their own home, which would normally move towards satisfying 162.1(2)(b) but, in this case, the MP was also (unintentionally) broadcasting their image. So, in a sense this may suggest that the MP lacks a reasonable expectation of privacy. However, there are extenuating facts. Members of Parliament are not permitted to take images of screens and, as such, there may be some kind of a reasonable expectation of privacy insofar as MPs can expect that their image will not be captured or shared based on what is broadcast to other MPs but not the public. Attenuating this potential reasonable expectation of privacy is that the MP who’s image was captured was exclusively visible to other MPs and parliamentary staff members, further indicating that this was potentially a kind of a semi-public situation. Canadian courts have tended to take a sympathetic view of what constitutes a reasonable expectation of privacy, though whether they would recognize this situation as meeting the standard would need more substantial assessment than I will provide here.
However, for the sake of the analysis, let’s imagine that 162.1(2) is satisfied. Does the party who shared the image have a defense if that’s the case? I doubt it.
The Criminal Code states at 162.1(3) that “[n]o person shall be convicted of an offence under this section if the conduct that forms the subject-matter of the charge serves the public good and does not extend beyond what serves the public good.” I cannot imagine a situation where capturing and sharing the image serves the public good. In clarifying 162.1(3), section 162.1(4) lays out that:
(a) it is a question of law whether the conduct serves the public good and whether there is evidence that the conduct alleged goes beyond what serves the public good, but it is a question of fact whether the conduct does or does not extend beyond what serves the public good; and
(b) the motives of an accused are irrelevant.
I would suspect that if a court was convinced that the elements of 162.1(2) were satisfied then 162.1(4) would not save the offending MP’s or staffer’s behaviour.
Broader Non-Criminal Code Analysis
Even if the person who initially shared the image did not violate the Criminal Code either because of the arcane nature of parliamentary rules, because the image doesn’t meet the definition of 162.1(2), or simply because no criminal charge is brought against them, the act of sharing this image has real-world implications. In essence, while there is an understandable attraction to asking whether someone violated the law we need to broaden our mode of analysis to appreciate the harms of sharing these kinds of images.
First, it’s useful to remind ourselves that the man who’s image was captured and shared almost immediately apologized for his lack of decorum. As someone who inadvertently engaged in a behaviour that (clearly) ran counter to professional standards he owned up to the mistake and committed to being more studiously careful in the future.
Second, the man is conventionally attractive and because of this status he, as a man, is generally expected by members of society to roll with the comments: it’s embarrassing but there is an expectation that this is ‘funny’. However, imagine that it had been a woman, or someone who is transgender, or someone undergoing a gender transition who’s image had been captured. Were this the case I am certain that, first, there would be much crueler commentary (revealing structural sexism) and, second, that people would broadly leap up and (rightly) insist that the commentary was wrong and inappropriate. Simply because it was a man who was captured on camera does not make it ‘funny’; the very perception that this incident should be treated as funny reifies some of the challenges facing men who are victims or survivors of sexual harassment, assault, and intimate partner violence.
When members of society make fun of men who have been the subject of sexual violence, the non-consensual sharing of their intimate images (meant in a non-legal sense), and intimate partner abuse then men more broadly learn that they shouldn’t come forward to report or discuss these kinds of harms on the basis that they aren’t ‘harmed’ in the eyes of society. While less discussed, men are indeed victims and survivors of assault, abuse, sexual blackmail, and harassment. As a society we need to get a lot better at appreciating these forms of violence towards men and in creating a culture where they can come forward without an expectation of them being ‘weak’ or ‘not getting the joke’. I say this while recognizing that, proportionally, women, and members of the lesbian, gay, bisexual, transgender, queer or questioning, and two-spirit (LBGTQ2+) communities suffer from these harms more regularly and disproportionately than straight men. Nonetheless, if we are to develop societies that are more inclusive, that encourage men to develop emotional intelligence and sensitivity, and that broadly combat sexism and the pervasive and pernicious ills of sexual violence then it’s important that we take harms towards men as seriously as we do for other members of society who also suffer from sexual violence, non-consensual sharing of intimate images, and intimate partner abuse..
So, was a crime committed? That’s a good question, and I’ll ultimately leave it to lawyers to argue about the nuances of how Canadian case law and the depths of our privacy law intersects with Section 162.1 of the Criminal Code. But while the law is an important point of discussion, the discussion cannot stop and end at the law’s edge. More significantly, the idea that someone thought it was appropriate (and, likely, just funny) to share the image of an unclothed male member of parliament underscores the amount of work that Canadian society–inclusive of Canadian elites–has ahead of it in the ongoing efforts to address sexual violence, non-consensual sharing of intimate images, and intimate partner violence.
I suspect that the MP or parliamentary staffer who shared the image did so without a deep sense of malice in their heart. I half suspect it was a near-thoughtless action. But the very fact that they thought it was appropriate or funny to share this image reveals how sexual harassment and violence structurally pervades Canadian society. Such activities are often legitimized by way of humour and, in doing so, showcase the depths at which these behaviours are normalized. In short, the very sharing of the image serves to remind us of the circumstances of structural sexual violence that we operate in, each and every day.
How can things ‘move forward’? On the one hand, I hope that the offending MP or staffer comes forward. I would rush to state that I don’t think that this means that the Criminal Code should necessarily be thrown at them! Instead, I think that it’s important for the person to make themselves publicly accountable for censure and take responsibly for their action, as the male MP did for his inappropriate state of dress. I don’t believe that every, or even most, social ills are best solved by turning to the law.
But more substantively, I think that the best thing that can come from this situation is to hopefully provoke introspection about the biases that we all carry with us concerning sexual violence. Why did we, or our friends or family or colleagues, think that this incident was funny? What does our sense of this being funny reveal about the structural conditions of sexual violence that we operate within? What can we learn from our reactions, and how might we have behaved if we’d applied a bit more introspection? How can we have conversations with other people about sexual violence to better appreciate and understand how pervasive it is in our society, and what roles can and should we assume to combat these kinds of ills?
To be clear, I think that it is the work of each individual to think through these issues either on their own or in conversation with others who express an interest in the conversation. I don’t think that it’s the role of those who have been affected by sexual violence, the non-consensual sharing of their intimate images, and intimate partner abuse to do the labour to educate the rest of the population; they’re obviously free to do so, but cannot and should not be expected to do so.
I truly believe that, on the whole, Canadians really do want to have an inclusive and equitable society. To get closer to this ideal we all have to play a role in opposing, and working to overcome, historical structural and social harms. In part, this means reflecting more seriously on structural sexual harms, inclusive of those directed towards men, and the norms surrounding and often justifying or setting aside these harms. Hopefully this unfortunate parliamentary incident fosters at least some of those conversations and reflections so that something positive can come out of this affair.
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).