Steven Murdoch

@sjmurdoch

Professor of Security Engineering & Research Fellow at University College London ; Innovation Security Architect at . Views my own

London, UK
murdoch.is
Joined November 2008
382 Photos and videos Photos and videos

Tweets

You blocked @sjmurdoch

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @sjmurdoch

  1. 16 hours ago

    Apple are postponing their content-scanning features in response to fears that they could be abused. I wrote about some of these risks at

    Apple has announced that it is delaying the rollout of controversial child safety features which it had planned to launch later this year.
    6 retweets 9 likes
    Undo
  2. Retweeted
    Aug 26

    🗣On 2 September, we’re running a masterclass on the overarching challenges of dealing with online harms data. Details (including our agenda) below👇🏻 Register on Eventbrite (key: 168568927199) - we look forward to seeing you there!

    5 retweets 4 likes
    Undo
  3. Retweeted
    Jul 27

    are hiring a Senior Lecturer/Associate Professor in Privacy to contribute to our research activities in Cyber Security & Cryptography, & in particular . Details here:

    2 retweets 3 likes
    Undo
  4. Retweeted
    Aug 17

    Herein lies the tension at the heart of the new hub for protecting citizens online. How to reconcile competing objectives of detecting illegal abusive behaviour and protecting our privacy online - unpacks it.

    Technically Apple’s CSAM detection proposal is impressive, and I’m pleased to see Apple listening to the community to address issues raised. However, the system still creates risks that will be difficult to avoid. Governments are likely to ask to expand the system to types of content other than CSAM, regardless of what Apple would like to happen. When they do, there will be complex issues to deal with, both for Apple and the broader technology community. The proposals also risk causing people to self-censor, even when they are doing nothing wrong.
    Apple announced they will be scanning iPhones for illegal images. They only want to look for child abuse images, but might not be able to hold back requests for more.
    4 retweets 9 likes
    Undo
  5. Retweeted
    Aug 18

    Lots has been written about Apple's CSAM scanning mechanism but, knowing the pressure you are likely to face (e.g. from ), why would you decide against building some verification/transparency mechanisms in the cryptographic protocol itself?

    1 reply 1 retweet 7 likes
    Show this thread
    Show this thread
    Undo
  6. Aug 18

    The reason that PhotoDNA is secret is to prevent people from learning how to hide CSAM from it. If the code discovered is indeed NeuralHash then triggering false-negatives is as much a concern as false-positives.

    someone found Apple's Neurohash CSAM hash system already embedded in iOS 14.3 and later, and managed to export the MobileNetV3 model and rebuild it in Python how many months until there's a GAN that creates innocuous images that're detected as CSAM?
    1 reply 5 retweets 10 likes
    Undo
  7. Retweeted
    Aug 17

    New piece out: wrote about how Apple's exceptional access system has addressed only some of the privacy challenges, but really the hardest challenges remain unsolved.

    2 retweets 4 likes
    Undo
  8. Aug 17

    Apple announced they will be scanning iPhones for illegal images. They only want to look for child abuse images, but might not be able to hold back requests for more.

    Technically Apple’s CSAM detection proposal is impressive, and I’m pleased to see Apple listening to the community to address issues raised. However, the system still creates risks that will be difficult to avoid. Governments are likely to ask to expand the system to types of content other than CSAM, regardless of what Apple would like to happen. When they do, there will be complex issues to deal with, both for Apple and the broader technology community. The proposals also risk causing people to self-censor, even when they are doing nothing wrong.
    , , and
    2 replies 23 retweets 39 likes
    Undo
  9. Retweeted
    Aug 16

    Very happy to announce that will have 2x (two!) faculty positions this Fall with application deadline in November. We will be looking in all areas that complement the expertise in our team (). Do get in touch if you have any questions!

    1 reply 23 retweets 52 likes
    Undo
  10. Aug 13

    This does not sound like what3words thought through this workflow. Having emergency call handlers asking callers to press an unpronounceable icon (which varies depending on OS) could easily go wrong.

    Ask them to press the location icon (arrow on iPhone or crosshairs on Android) in the bottom right-hand corner of the screen.
    8 replies 6 retweets 21 likes
    Undo
  11. Retweeted
    Aug 12

    The Problems and Complications of Apple Monitoring for Child Sexual Abuse Material in iCloud Photos

    2 replies 13 retweets 31 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Aug 13

    Thank you to everyone who voted and offered such constructive responses. I posted the poll because of an argument in the Horizon Issues court case about whether a "phantom transaction" was a bug, or "working as designed" and would cause a problem only if users made a mistake. 1/4

    Poll for testers. You're a test lead and find the system does something that might confuse users and cause them to make costly errors. The devs and PM refuse to accept it is a bug. They point to the system spec saying "the system is working as designed; it's a feature." Do you...
    Show this thread
    3 replies 10 retweets 13 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    Aug 10

    Best of luck to everyone receiving their A level results today! If you need to get in contact with admissions regarding your results you can do so by calling +44(0)20 8059 0939 or using the live chat on our website:

    Best of luck to everyone receiving their A level results today! If you need to get in contact with admissions regarding your results you can do so by calling +44(0)20 8059 0939 or using the live chat on our website:
    34 retweets 82 likes
    Undo
  14. Retweeted
    Aug 9

    The last time China stamped an inappropriate demand for access, sold out their users out. To quote them: “While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful." (LINK1: LINK2: )

    https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf
    Apple commit to challenging requests to expand their CSAM detection to other material. So did UK ISPs, but they lost in court and did it anyway. Will Apple leave a market if put in the same position? h/t
    Show this thread
    56 replies 637 retweets 2,073 likes
    Undo
  15. Aug 9

    I commented to on the risk that Apple’s child-abuse image detection system could be extended to other content, regardless of what Apple would like to happen.

    Apple says it will refuse any government demands to use a planned system for detecting child abuse material on iCloud accounts for other criminal or national security investigations - but some experts doubt whether it will be able to. HT
    12 retweets 25 likes
    Undo
  16. Retweeted
    Aug 9

    Chapter 6 of the draft Online Safety Bill lays the legal scaffolding for giving government the powers to demand anything of any service provider they wish, under "special circumstances".

    Apple says it will refuse any government demands to use a planned system for detecting child abuse material on iCloud accounts for other criminal or national security investigations - but some experts doubt whether it will be able to. HT
    3 replies 44 retweets 43 likes
    Show this thread
    Show this thread
    Undo
  17. Aug 9

    Apple allude to where they refused to build new functionality to unlock an iPhone. That’s different from adding a hash to an existing database. In other cases Apple have acceded to legal demands to reduce security, e.g. limiting availability of Private Relay and iCloud encryption

    3 replies 3 retweets 60 likes
    Show this thread
    Show this thread
    Undo
  18. Aug 9

    Apple commit to challenging requests to expand their CSAM detection to other material. So did UK ISPs, but they lost in court and did it anyway. Will Apple leave a market if put in the same position? h/t

    https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf
    20 replies 86 retweets 260 likes
    Show this thread
    Show this thread
    Undo
  19. Aug 9

    Commercial confidentiality has been a key element of Apple’s strategy to build competitive advantage, but raising the industry’s level of child-protection is something that is better done collaboratively.

    2 retweets 2 likes
    Show this thread
    Show this thread
    Undo
  20. Aug 9

    One of the most disappointing aspects of the Apple debacle was the features being developed in secret and sprung on the community. More consultation could have resulted in a better solution and a more welcome reception.

    Kool-Aid man busting through the wall.
    Apple was invited but declined to participate in these discussions, and with this announcement they just busted into the balancing debate and pushed everybody into the furthest corners with no public consultation or debate.
    Show this thread
    1 reply 1 retweet 7 likes
    Show this thread
    Show this thread
    Undo

@sjmurdoch hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·