Apple’s announcement of the iPhone 17 was upstaged by a coordinated protest of child safety advocates charging the company with not doing enough to prevent child sexual abuse material from being spread through its services. Protesters draped a banner outside Apple’s Cupertino campus and circulated an open letter demanding that the company immediately change the way it deals with harmful content on iCloud and throughout its product universe.
In a campaign organized by the Heat Initiative in collaboration with parents, youth organizers and online safety researchers, the organizations argued that Apple’s product spectacle can’t be divorced from the harms they say persist on its platforms. Their signal: the shiny new hardware updates ring hollow if the company isn’t making stronger, verifiable commitments to protect children.
Supporters call for stronger CSAM detection
Protest organizers say that Apple needs to only implement industry standard detection and reporting architecture to identify previously-identified child sexual abuse material (CSAM) in cloud accounts. They want the company to hash-match uploads against known-databases maintained by organizations like the National Center for Missing & Exploited Children and the Internet Watch Foundation, delete the content and report to the appropriate authorities.
The groups argue that the status quo leaves survivors at risk of having images of their abuse continue to be circulated. Their case is made by the size of the problem: NCMEC’s CyberTipline receives well over 30 million reports each year, the overwhelming majority coming from services that engage in proactive scanning. Advocates cast Apple’s relatively small portion of those reports not as a sign of less incidents, but as the result of product choices that circumvent full detection.
Child safety organizations like Thorn, too, have called on large platforms to include defaults for “safety by design,” given that even a minor dent in exposure can have huge effects when it comes to grooming or coercion. Protesters claim device makers occupy a crucial leverage point: Changes to what happens at the operating system and cloud layers can alter the overall risk environment for young users everywhere across apps.
Apple defends privacy-first approach
Apple has argued for years that scanning people’s private cloud libraries poses dangerous security and surveillance risks. Company privacy chiefs have also previously told reporters that blanket scanning would grow attack surfaces and pose a risk to being misused by bad actors, or governments, particularly if done on a device level.
Instead, Apple points to protections it already provides: Communication Safety in Messages alerts children and caring adults to nude images using on-device signals; Sensitive Content Warnings try to limit unwelcome exposure; parental controls restrict unsolicited communication; and Safety Check helps users in abusive situations prevent access. The company’s Advanced Data Protection extends end-to-end encryption to additional iCloud categories, which has been lauded by security experts but criticized by some child safety groups for curbing server-side scrutiny.
That trade-off is at the center of the standoff. Groups that advocate for digital rights, such as the Electronic Frontier Foundation, say client-side and server-side scanning can be misused to violate privacy for all users. Safety advocates argue that narrowly scoped matching against source hashes of known CSAM can be done with audits, legal limits and transparency. Academic proposals have been developed that harness privacy-preserving computation, but no method has seen widespread, trusted deployment in consumer space.
Legal and regulatory pressure grows
Apple is also under courtroom scrutiny. A recent class action suit charges the company with disregarding required reporting duties and promoting devices as safe for young people with insufficient back-end enforcement. Apple disputes those allegations, claiming that it aggressively fights CSAM while also defending user safety, and that this approach is built to disrupt grooming cycles before abuse is done.
Lawmakers and regulators are considering new rules that could change this landscape. There are proposed laws in the US—and critics fearful of the collateral damage the encryption clampdown does for the crackdown on CSAM itself. In Europe, a law that would mandate the detection and reporting of emissions continues to be a subject of dispute. In the context of the United Kingdom, the online safety laws grant the communications regulator the authority to form codes of practice, and there’s still a discussion going on in terms of how — or whether — they should apply to end-to-end encrypted services.
What protesters want Apple to do, now
Advocates presented a clear playbook: first, deploy server-side matching of known child sexual abuse material in iCloud Photos, which will provide much needed capacity for COB’s already-overburdened team; second, explain how Apple will confirm known CSAM in iCloud Photos when it’s found, so there can be accountability and oversight; third, commit that Apple will only use CSAM detection systems to meet CSAM statutory obligations at present and in the future; fourth, provide a commitment that Apple will not change its practices in the future without consulting with CSAM experts outside of the company, along with the results of that testing; and fifth, that Apple would be transparent about the underlying math of the CSAM detection system, including details about and data on the hashing process used on iCloud content.; default to the proven and more privacy-protective PhotoDNA; provide a level playing field for all; list of who the “trusted partners” are and how they qualify as “trusted”; publish the algorithm that reduces frequencies of otherwise legal but the government decides is bad speech based on private industry reporting; provide outside oversight of government requests; and make public how investment was made in survivor account support in the ecosystem.
They also want Apple to emphasize youth safety metrics as much as battery life or camera specs in product keynotes. The goal, they say, isn’t to create back doors, but to raise the bar for a company with unparalleled engineering capabilities to both prevent and to respond to horrific crimes.
As the iPhone 17-headline slots go, however, the protest highlights a bigger, strategic issue for Apple: can it keep privacy as a cornerstone of its brand while fulfilling ever-increasing demands for it to track and delete illegal material at scale? The response will not just chart its course with regulators and advocacy groups, but also the expectations millions of families have when it comes to the devices they rely on every day.
