The Korea Herald

지나쌤

[Digital Simplicity] Time to rethink the privacy of personal data on mobile devices

By Yang Sung-jin

Published : Aug. 21, 2021 - 16:00

    • Link copied

Stop to think before you act. This is an incredibly useful advice that can be applied to a number of situations. In an era of ubiquitous mobile devices and platforms, the timeless advice should be modified into a longer, more complex version: Stop to think before you put any “too personal” photos on your phone and cloud storage.

Apple, a self-styled champion of privacy, recently surprised many security experts and ordinary users by announcing a software update that is feared to set a dangerous precedent.

The cause is laudable: The software is designed to detect child sex abuse images and report the cases to authorities. Apple said it will use a database of known child abuse photos and have its employees double-check the accuracy of the match to reduce false positives.

Nobody will argue against steps to help protect children against sex criminals, and it is widely known that other tech giants such as Google and Facebook scan users’ photos to flag such images.

But Apple’s plan to fight child sex abuse is essentially different, as it directly intrudes into the most private space of users: storage of iPhones. The software scans not only the user’s iCloud but also photos saved on iPhones that are marked to be uploaded to the cloud storage.

If a US iPhone user turns on an automatic backup that uploads all photos to iCloud and saves problematic photos on the phone, Apple will report the case to authorities.

To put it another way, Apple has developed a highly sophisticated and super-accurate technology that can scan the data on an iPhone to find a certain match. It is not hard to imagine that Apple might be persuaded or forced to expand the scope of target matches such as terrorism, drug cartels and other criminal activities.

Apple said it will not do so, but the debut of such a powerful photo-scanning solution could open up a floodgate of similarly invasive solutions that other tech companies the world over might develop and apply in the name of protecting people against all sorts of harms.

Caught off guard by a storm of criticism, Apple hurriedly tried to defend its move, arguing software-based scanning is different from human staff looking at user’s personal photos.

In the digital world, where many, if not most, of today’s people live with the help of various online services and social media, Apple’s new technology to find a certain category of content on smartphones is frightening enough to rethink the way we handle personal data.

I do not mean that we should be allowed to save illegal images on mobile devices. The key issue is that tech companies should make sure that there is a threshold they will not cross in terms of privacy.

Certainly, it has to do with public image and marketing. Apple repeatedly stressed that it cares about the privacy of its users, but it has become a pioneer in undermining protections in an innovative fashion.

The dispute over Apple’s scanning technology is a reminder that personal data on smartphones and cloud storage is not only vulnerable to cyberattacks but also subject to the scrutiny of Big Tech.

Given that a number of Korean users, including myself, have faced at least a couple of hacking attempts, it is increasingly hard to find a viable option to safely store personal data in the long term.

There are both local and foreign cloud services, as well as back-up software, but many experts point out the danger of depending heavily on a single product. When I browse posts about data security on an online community, what is called “triple back-up system” is often touted as a reliable solution.

The triple back-up system refers to storing data on a personal computer first, and putting a copy in a well-known cloud storage as a second layer of protection. The third layer is to buy an external hard disk drive on a regular basis -- ideally once a year -- and put the same copy of data on the physical drive. This way, at least one copy of personal data is likely to remain intact when a disruption happens, unless all three layers break down simultaneously.

A particularly important piece of advice on the security forum is that one should stop to think before saving any sensitive personal data on mobile devices or cloud storage, and the most secure step is to save it in multiple physical drives.