Bugs in our pockets: the risks of client-side scanning-Reference-Cited by-同舟云学术

Bugs in our pockets: the risks of client-side scanning

Published:2024-01-01 Issue:1 Volume:10 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Abelson Harold¹,Anderson Ross²³,Bellovin Steven M⁴,Benaloh Josh⁵,Blaze Matt⁶,Callas Jon⁷,Diffie Whitfield⁸,Landau Susan⁹,Neumann Peter G¹⁰,Rivest Ronald L¹,Schiller Jeffrey I¹,Schneier Bruce¹¹¹²,Teague Vanessa¹³,Troncoso Carmela¹⁴

Affiliation:

1. Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology , 77 Massachusetts Avenue, Cambridge, MA 02139 , United States

2. Computer Laboratory, University of Cambridge , JJ Thomson Avenue, Cambridge CB3 0FD , United Kingdom

3. School of Informatics, University of Edinburgh , 10 Crichton Street, Edinburgh EH8 9AB , United Kingdom

4. Department of Computer Science and affiliate faculty, Law School, Columbia University , MC 0401, New York, NY 10027 , United States

5. Microsoft Research, One Microsoft Way , Redmond, WA 98052 , United States

6. Department of Computer Science and Law School, Georgetown University , 3700 O St NW, Washington, DC 20057 , United States

7. The Electronic Frontier Foundation , 815 Eddy Street, San Francisco, CA 94109 , United States

8. Gonville and Caius College, Cambridge University , United Kingdom

9. The Fletcher School and School of Engineering, Department of Computer Science Tufts University , 160 Packard Ave, Medford, MA 02155 , United States

10. Computer Science Lab, SRI International , 333 Ravenswood Ave, Menlo Park, CA 94025 , United States

11. Harvard Kennedy School and The Berkman Klein Center for Internet & Society, Harvard University , 79 John F. Kennedy Street, Cambridge, MA 02138 , United States

12. Inrupt, Inc. , Boston, MA 02138 , United States

13. College of Engineering and Computer Science, Australian National University , Canberra, ACT 2600 , Australia

14. SPRING Lab, Ecole Polytechnique Federale de Lausanne, Rte Cantonale , 1015 Lausanne , Switzerland

Abstract

Abstract Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

Funder

National Science Foundation

Publisher

Oxford University Press (OUP)

Link

https://academic.oup.com/cybersecurity/article-pdf/10/1/tyad020/56987583/tyad020.pdf

Reference73 articles.

1. Keys under doormats: mandating insecurity by requiring government access to all data and communications;Abelson;J Cybersecur,2015

2. The risks of key recovery, key escrow, and trusted third-party encryption. A report by an ad hoc group of cryptographers and computer scientists;Abelson,1997

3. Moving the encryption policy conversation forward;Carnegie Endowment for International Peace,2019

4. The law and policy of client-side scanning;Rosenzweig;Lawfare,2020

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The Encryption Debate: An Enduring Struggle;Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy;2024-06-19

2. Private Hierarchical Governance for Encrypted Messaging;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19