It appears you don't have support to open PDFs in this web browser. To view this file, Open with your PDF reader
Abstract
Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer
Details
1 Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology , 77 Massachusetts Avenue, Cambridge, MA 02139 , United States
2 Computer Laboratory, University of Cambridge , JJ Thomson Avenue, Cambridge CB3 0FD , United Kingdom
3 Department of Computer Science and affiliate faculty, Law School, Columbia University , MC 0401, New York, NY 10027 , United States
4 Microsoft Research, One Microsoft Way , Redmond, WA 98052 , United States
5 Department of Computer Science and Law School, Georgetown University , 3700 O St NW, Washington, DC 20057 , United States
6 The Electronic Frontier Foundation , 815 Eddy Street, San Francisco, CA 94109 , United States
7 Gonville and Caius College, Cambridge University , United Kingdom
8 The Fletcher School and School of Engineering, Department of Computer Science Tufts University , 160 Packard Ave, Medford, MA 02155 , United States
9 Computer Science Lab, SRI International , 333 Ravenswood Ave, Menlo Park, CA 94025 , United States
10 Harvard Kennedy School and The Berkman Klein Center for Internet & Society, Harvard University , 79 John F. Kennedy Street, Cambridge, MA 02138 , United States
11 College of Engineering and Computer Science, Australian National University , Canberra, ACT 2600 , Australia
12 SPRING Lab, Ecole Polytechnique Federale de Lausanne, Rte Cantonale , 1015 Lausanne , Switzerland