Aug 13, 2021

Axios Login

I know I just got back and all, but Login is off next week for some previously scheduled downtime. We'll still have tech news on Axios.com and, if you need a dose of me, I'm sure I will be on Twitter.

Today's newsletter is 1,388 words, a 5-minute read.

1 big thing: Apple opens the encryption Pandora's box

Illustration: Sarah Grillo/Axios

Apple's plan to scan iPhones for child sexual abuse material (CSAM) provoked immediate criticism that it was opening a door to much broader efforts by governments seeking a way into citizens' devices.

Between the lines: That debate is important, but Apple is also laying out a technical approach that's worthy of the industry's attention.

  • Apple's scheme does some work in the cloud and other work on the device, and the two systems share information only under strictly defined circumstances. That could help preserve privacy by creating and sharing less user data.

Driving the news: Apple last week announced its plan to begin scanning iPhones in the U.S. to see if they contain material that has been flagged as illegal by the National Center for Missing and Exploited Children. A separate change would allow parents to be notified if children under 13 are sent nude images.

  • Critics immediately slammed the moves, saying that, however well intended, such systems would inevitably be used toward other ends, such as authoritarian governments spying on their opponents.
  • In a New York Times op-ed on Thursday, Matthew Green and Alex Stamos urged Apple to hold off implementing the planned moves until they could be studied by researchers to better understand their risks.
  • Apple employees "have flooded an Apple internal Slack channel with more than 800 messages," many criticizing the plan, per Reuters.

The big picture: Much of the debate mirrors past encryption controversies, in which encryption proponents have argued that any kind of exception or back door creates vulnerabilities that will be exploited by bad actors, so you might as well not bother using encryption at all.

Indeed, critics of Apple's approach here say that once it starts scanning devices on the client side, it really won't be offering end-to-end encryption at all.

  • "Once they’ve built this door, the policy choices that are designed to limit how it can be used are insufficient to provide the level of security that was previously provided," said Sharon Bradford Franklin, co-director of the security and surveillance project at the Center for Democracy and Technology.
  • CDT issued its own paper this week suggesting different tools that can co-exist with full end-to-end encryption, including user reporting of problematic content and analysis of metadata.
  • Will Cathcart, head of Facebook-owned messaging app WhatsApp, also blasted Apple's move.
  • "There is no way to make technology work for 'good reasons' only," Cathcart told Axios. "We're concerned that creating the power to scan people's private photos or documents on their devices to make reports to governments is going to lead to long term abuse. This is a surveillance system that many governments will want to control, including China."

My thought bubble: The immediate blowback suggests that Apple either didn't get the balance right in this instance, or did a bad job of communicating its system, or both.

  • However, Apple's plan does put forward a useful idea that bears consideration in future system designs.
  • With this system, Apple isn't just deploying a single broad tool for scanning devices. Instead, it's creating multiple systems that only create data that can be shared when a certain threshold is reached. While still problematic, such an approach creates far less data from far fewer users than more broad-brush approaches would.

Apple has explored this in other areas as well — including the system that it created with Google to notify users of potential COVID-19 exposure. A mix of information on a device and in the cloud ensured that only a narrow amount of new data about users' health and location was created, and even less was shared.

  • Apple's new CSAM tool is obviously different. The COVID-19 system was opt-in, while Apple will use the new CSAM detection system for all customers who use iCloud photo sharing. (Users who don't use iCloud won't have their photos screened.)

Even those who criticize Apple over its new CSAM detection feature acknowledge there is some benefit to Apple's approach.

  • "If the choice must be between a narrow backdoor with policy limits to minimize its reach and application, versus a complete abandonment of encryption, absolutely the former is preferable," Franklin said.
2. Senate qualms over Amazon palm-print system

Illustration: Sarah Grillo/Axios

A bipartisan group of senators wants to know how Amazon is protecting data privacy and security as it promotes a new palm-print recognition system that will allow consumers to pay for in-store purchases with a wave of the hands, Axios' Margaret Harding McGill reports.

Why it matters: Amazon's move into biometrics opens up the tech giant to additional Washington scrutiny on a new front.

What's happening: Amazon One palm scanners allow for customers to make contactless payments once they have connected their credit card information to their palm print.

  • When it launched the program last year, Amazon said it intends to offer the service to third parties like retailers, stadiums and office buildings.
  • TechCrunch reported earlier this month that the company is offering $10 in promotional credits to those who enroll and link to their Amazon account.

What they're saying: Sens. Amy Klobuchar (D-Minn.), Bill Cassidy (R-La.) and Jon Ossoff (D-Ga.) pressed Amazon CEO Andy Jassy on Amazon's biometric data collection practices in a letter Friday.

  • The program raises questions about how the e-commerce giant may use the data for advertising and tracking purposes, the senators said.
  • They want to know how many users have signed up, how many third-parties have licensed the technology, and whether Amazon plans to use the technology in additional locations of its Whole Foods subsidiary.

The other side: Amazon has said palm recognition is considered more private than some other types of biometric data, since you can't use palm prints to determine someone's identity and since they're not scanned passively — people use them intentionally.

3. Lawmakers flag Zillow deal for FTC scrutiny

Top Republicans in the House and Senate antitrust subcommittees want the FTC to dig into Zillow's plans to buy a home-showing scheduling platform amid concerns about competition in the residential real estate market, Margaret reports.

Why it matters: Federal antitrust scrutiny of tech deals keeps widening, and any hot market in which tech is playing an increasingly big role — like real estate — is likely to come under regulators' eyes.

Driving the news: Rep. Ken Buck (R-Colo.) and Sen. Mike Lee (R-Utah), the ranking members of the House and Senate antitrust subcommittees, urged FTC chair Lina Khan to "closely examine competition issues" in the real estate market, and highlighted Zillow's acquisition spree.

  • The online real estate company has expanded to operate as a broker, and announced in February plans to buy scheduling platform ShowingTime for $500 million.
  • The lawmakers fear the acquisition could "further entrench Zillow's consumer information advantage to the detriment of homebuyers and their competitors."

What they're saying: They also worry that Zillow's Zestimate could "unduly influence" homeowners trying to sell their homes.

  • Zillow's acquisitions allow it to "effectively tell the homeowner what their home is worth," buy the home at that price and then flip it for more money, the lawmakers told the FTC.

Between the lines: The letter underscores the prospect that regulators may look at services like Zillow as platform owners who should not be allowed to participate in the marketplaces they operate.

The other side: In announcing the deal, Zillow said ShowingTime would remain an open platform and the acquisition will help make scheduling home showings easier.

4. House members join Senate with app-store bill

House Judiciary lawmakers on Friday introduced legislation meant to boost competition in app stores by setting rules for how companies like Google and Apple control their marketplaces, Margaret writes.

Why it matters: The bipartisan bill is the House companion to Senate legislation introduced earlier this week, showing the appetite from both chambers of Congress to take on the app store battle.

Driving the news: Buck and Rep. Hank Johnson (D-Ga.) say the Open App Markets Act will allow app developers to tell consumers about lower prices and open up more competition for third-party app stores and payment services.

  • Sens. Richard Blumenthal (D-Conn.), Marsha Blackburn (R-Tenn.) and Klobuchar introduced their bill, cheered by developers including Spotify and Tile, earlier this week.
5. Take note

On Tap

Trading Places

  • GoFundMe has hired Jeneen Minter as CFO. Minter previously has held finance posts for a variety of companies, including Allbirds, Zappos, Material Bank and Coors Brewing.

ICYMI

  • British antitrust authorities are probing whether Facebook's acquisition of Giphy was anticompetitive. (Variety)