Bugs In Your Pocket?
Mass Survellience or The Answer To Detecting Crime?
When you have people like Ross Anderson, Ron Rivest, Bruce Schneier and Whitfield Diffie are part of a research paper, you sit up and take notice [here]:
Their target is the use of client-side scanning (CSS), and that it is not effective in preventing crime. Along with this, it does not prevent surveillance. The authors argue that some agencies would like CSS installed on all mobile phone devices, and not just for suspects. This may risk the privacy of law-abiding citizens and may overrule the actual risks to society. For them, the risks of implementing CSS is far more dangerous than the previously defined methods to break end-to-end encryption:
The ability of citizens to freely use digital devices, to create and store content, and to communicate with others depends strongly on our ability to feel safe in doing so. The introduction of scanning on our personal devices — devices that keep information from to-do notes to texts and photos from loved ones — tears at the heart of privacy of individual citizens. Such bulk surveillance can result in a signiﬁcant chilling eﬀect on freedom of speech and, indeed, on democracy itself.
One of the targets of the paper is the perceptual hashing method used by Apple for their CSAM scanning technique. This aims to scan iPhone devices in order to find similarities between images, and then send a cryptographically protected alert to Apple on the detection of a possible match. The use of CSS thus differs from the normal practice of scanning for matches on the server-side (Figure 1).
The paper outlines the case of Europol which has around 5,000 words for drugs and guns. These include different slang terms and languages. The authors outline that the usage of CSS would generate many false positives for hunters, writers and gun collectors.