Repository logo
 

Bugs in our pockets: the risks of client-side scanning

Published version
Peer-reviewed

Repository DOI


Change log

Authors

Abelson, Harold 
Anderson, Ross 
Bellovin, Steven M 
Benaloh, Josh 
Blaze, Matt 

Abstract

Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

Description

Acknowledgements: We wish to acknowledge the contributions of John Gilmore, Matt Green, Mike Specter, and Danny Weitzner, who participated in early discussions of this text. We also wish to thank Nicolas Papernot, Ilia Shumailov, Nicholas Boucher, and Sam Ainsworth who gave us valuable feedback on early drafts of the sections on machine learning and system security. Finally, we would like to thank Beth Friedman, whose copyediting contributed to the clarity of the ideas as well as the clarity of expression.

Keywords

Client-side scanning, Perceptual hash, Risks

Journal Title

Journal of Cybersecurity

Conference Name

Journal ISSN

2057-2085
2057-2093

Volume Title

10

Publisher

Oxford University Press
Sponsorship
National Science Foundation (CNS 1923528)