- Impact
- 24,262
Bugs in our Pockets: The Risks of Client-Side Scanning
H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, J. Callas, W. Diffie, S. Landau, P. G. Neumann, R. L. Rivest, J. I. Schiller, B. Schneier, V. Teague, C. Troncoso
October 15, 2021
Our increasing reliance on digital technology for personal, economic, and government
affairs has made it essential to secure the communications and devices of private
citizens, businesses, and governments. This has led to pervasive use of cryptography
across society. Despite its evident advantages, law enforcement and national security
agencies have argued that the spread of cryptography has hindered access to evidence
and intelligence. Some in industry and government now advocate a new technology to
access targeted data: client-side scanning (CSS). Instead of weakening encryption or
providing law enforcement with backdoor keys to decrypt communications, CSS would
enable on-device analysis of data in the clear. If targeted information were detected,
its existence and, potentially, its source, would be revealed to the agencies; otherwise,
little or no information would leave the client device. Its proponents claim that CSS
is a solution to the encryption versus public safety debate: it offers privacy—in the
sense of unimpeded end-to-end encryption—and the ability to successfully investigate
serious crime.
Read more (PDF)
https://www.cs.columbia.edu/~smb/papers/bugs21.pdf
H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, J. Callas, W. Diffie, S. Landau, P. G. Neumann, R. L. Rivest, J. I. Schiller, B. Schneier, V. Teague, C. Troncoso
October 15, 2021
Our increasing reliance on digital technology for personal, economic, and government
affairs has made it essential to secure the communications and devices of private
citizens, businesses, and governments. This has led to pervasive use of cryptography
across society. Despite its evident advantages, law enforcement and national security
agencies have argued that the spread of cryptography has hindered access to evidence
and intelligence. Some in industry and government now advocate a new technology to
access targeted data: client-side scanning (CSS). Instead of weakening encryption or
providing law enforcement with backdoor keys to decrypt communications, CSS would
enable on-device analysis of data in the clear. If targeted information were detected,
its existence and, potentially, its source, would be revealed to the agencies; otherwise,
little or no information would leave the client device. Its proponents claim that CSS
is a solution to the encryption versus public safety debate: it offers privacy—in the
sense of unimpeded end-to-end encryption—and the ability to successfully investigate
serious crime.
Read more (PDF)
https://www.cs.columbia.edu/~smb/papers/bugs21.pdf
Last edited: