Robert Slade drew my attention to an article on Apple’s Deleting iCloud Emails That Contain The Phrase ‘Barely Legal Teens’. We can probably all see how that phrase might suggest pornography, even child-abusive pornography, though as one comment to the article noted, ‘barely legal’ does seem to suggest legal, not illegal. But it came to light as a result of the constant silent trashing of a legitimate script attached to email sent by a screenwriter to a director. And indeed it appears that “Apple reserves the right to remove any content at any time that it feels is objectionable, without telling you that they’re going to delete it.”
(See the iCloud Terms of Service.)
But is that what happened here? Jordan Merrick isn’t so sure: Apple’s filtering iCloud emails? Probably not. I’m not in a position to test that service, so I’m reserving judgement. However, it seems to me that some of the protests about Apple’s ‘censorship’, if that’s what’s really happening, miss the point. The silent trashing of legitimate mail is unpleasant, but it’s been with us a long time. An article I wrote for Virus Bulletin back in 2006 looks at the furore caused when Verizon appeared to be “rejecting mail by IP block resulted in the loss of all mail from large portions of Europe and Asia.” And I make an oblique reference to the now-defunct rfc-ignorant.org, which at one time blacklisted domains such as *.nhs.uk (the UK’s National Health Service) and the country-level TLD .de (Germany!) for perceived breaches of RFC compliance.
Much of the time, though, the problem isn’t simple arrogance, or censorship, but automation. The history of spam and malware filtering is littered with filtering criteria that resulted in unanticipated side-effects:
- Word files detected as malware because they contained the text of the EICAR test file.
- Messages discarded because they contained the same text in the subject field as some malicious messages.
- Messages discarded because they contained inoffensive words that themselves contained a potentially offensive substring (Scunthorpe Syndrome).
- A security product that quarantined all emails containing the letter ‘p’.
Not only message filters but many other layers of security are dependent on automated processing and heuristics that don’t catch everything malicious and don’t spare everything that isn’t malicious. Yes, you can apply that to anti-malware at least as accurately as you can to anti-spam measures. Not surprisingly, since those are overlapping technologies in many modern products. Sadly, the 100% perfect solution exists only in marketing hype.
Still, this is one scenario that desktop AV can’t be blamed for. According to Infoworld, Steven G., the unfortunate scriptwriter, “being a Mac user … doesn’t use antimalware software (of course).” Sorry about that: for a moment it slipped my mind that there is no Mac malware, never was, never could be… Sigh…
David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World/Anti-Malware Testing
ESET Senior Research Fellow