Apple admits that it has been scanning your iCloud emails since 2019 looking for child sexual abuse content

In a message sent directly to 9TO5Mac, Apple confirmed that iCloud Mail deployments have been scanning for Child Sexual Abuse Material (CSAM) since at least 2019. Other platforms such as iCloud Photos or iCloud backups are exempt from this practice.

This confirmation comes after a request for information stemming from a series of very unclear statements by Apple’s anti-fraud management: “This is the largest distribution platform for child pornography,” director Eric Friedman said.

In addition to other statements, some curious users managed to identify some other clues about the work the company does to prevent the distribution of illegal content on its platforms. An example of this is a document published as part of the security measures for underage children.

In this document, the company notes, “Apple is committed to protecting children through a complete ecosystem across all of our products, and we will continue to innovate in this field. We have developed the best measures at all possible levels to prevent these crimes, including the use of technology for the detection of illegal material such as email filters.” Apple adds that any account that violates its terms is blocked and reported to the appropriate authorities.

In early 2020, Apple’s chief privacy officer Jave Horvath issued a similar message, noting that the company deactivates any account that spreads or stores illegal material, though there’s no mention of how Apple accomplishes this exactly.

It should be mentioned that messages sent through iCloud Mail are not encrypted, so it is possible for the company to scan attachments in real time when messages pass through Apple’s servers. In its letter, the company added that other unencrypted datasets are also being analyzed on a smaller scale; while Apple claims users’ backups are not analyzed, it was not revealed what other information the company is looking for.   

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.