Bugs in Our Pockets: The Risks of Client-Side Scanning
"For more than two decades, U.S. law enforcement has fought against the use of strong cryptography by the public in telecommunications. In 1992, the FBI argued that due to encryption, 60 percent of criminal wiretaps would be useless within three years—and, in the worst case, none might be intelligible. Ever since the U.S. government loosened cryptographic export controls in 2000, the FBI talked of doom and gloom regarding criminal investigations due to the public’s use of encryption.
Since the 1990s, the bureau has tried to thwart the use of end-to-end encryption, a system in which only the sender and the receiver can read the message. First, there was the Clipper, a National Security Agency design in which digitized voice communications would be encrypted with keys that would be split and escrowed by two agencies of the U.S. government. That didn’t fly; neither industry nor other nations were willing to use such a system. Next, there was the effort by FBI Director James Comey to press for exceptional access—strong encryption that provides access to unencrypted content to legally authorized searches. Technologists, including Lawfare contributor Bruce Schneier and me, argued that such solutions weren’t feasible. Mandating such a solution would decrease society’s security, not increase it. The Obama administration agreed, seeing the cost of widely available encryption tools as outweighed by the costs to public safety, national security, cybersecurity and economic competitiveness of imposing access requirements.
Law enforcement, and some national security agencies, haven’t given up. And despite the increasing number of former senior national security and law enforcement officials who have publicly supported the widespread use of encryption, U.S. law enforcement and allied countries around the globe are back with a new proposal to get around encryption. This one, in fact, does exactly that.
The new proposal is client-side scanning, scanning content on a user’s device prior to its encryption or after decryption. Supporters of the technology argue that such scanning can uncover child sexual abuse material (CSAM) without putting people’s privacy at risk. The supporters reason that people whose phones don’t have CSAM will have nothing to fear; the scanning will be local and, if there is no targeted material on the device, no information will ever leak from it."