Ross Anderson looks into impact of client-side scanning on citizen’s privacy
In a recent report Ross Anderson and colleagues analyse solutions for mass surveillance through software embedded in users’ devices, as opposed to the current practice of monitoring people’s communications.
The report is published in response to law enforcement and national security agencies arguing that the spread of cryptography has hindered access to evidence and intelligence.
Earlier this year Apple proposed to implement a system that would check all iPhones for illegal images (e.g. child nudity). The proposal was put on hold after a widespread pushback: both ineffectiveness of the solution, and impact on privacy were highlighted.
In the report Anderson and colleagues look at CSS (client-side scanning) and its implications for citizen’s security, privacy and freedom of speech as well as lack of guarantees that it will effectively prevent crimes.
Authors of the report note that there are multiple ways in which client-side scanning can fail, can be evaded, and can be abused. Systems trained on images of child abuse that are illegal can be manipulated by editing images to create both false negatives and false positives.
Some of the proponents of using CSS would like to see it installed on all devices. However, as the report points out, universal deployment would mean that devices that belong to law-abiding citizens are scanned as well as those of suspects or ex-offenders.
Ross Anderson is a researcher in security engineering. He is Professor of Security Engineering at both the School of Informatics, The University of Edinburgh and the Department of Computer Science and Technology, University of Cambridge.
Anderson discusses the report in his blog post Bugs in our pockets? The full report is available from arXiv.