Top computer security and cryptography experts have published a paper against client-side scanning (CSS). They argue that CSS, which analyzes data on devices before encryption, poses security and privacy risks. This method is often used to detect illegal content while protecting data off-device.
Apple proposed a CSS system to scan photos for child sexual abuse material (CSAM) before uploading to iCloud. However, they withdrew the proposal due to objections from the security community and advocacy organizations. The paper, titled “Bugs in our Pockets: The Risks of Client-Side Scanning,” delves into these concerns.
The paper, written by prominent computer science and cryptography professionals, argues that CSS is a form of mass surveillance that threatens free speech, democracy, security, and privacy. They believe that CSS doesn’t guarantee effective crime prevention or prevent surveillance. Instead, it creates significant security and privacy risks and can be easily misused or evaded.
The paper also discusses the potential misuse of CSS by governments to suppress political dissent. It notes that Apple’s policy to only scan for content hashes from child safety organizations could be circumvented by countries submitting politically sensitive images. The authors conclude that CSS systems can’t be secure or trustworthy due to their design.