The “going dark” debate, which concerns how society and the technology industry should address the challenges that law enforcement faces in investigating crime due to the increasing use of encryption on mobile devices and by communication platforms and services, was in the news again because of Apple's recent proposal to engage in client-side scanning. Apple planned to scan iPhones for child sexual abuse material, or CSAM, before such images were uploaded to iCloud. Prior to Apple's announcement, however, a distinguished group of computer scientists and engineers were already working on a paper to explain the security and privacy risks of client-side scanning. The paper, which they have now released, is called “Bugs in our Pockets: The Risks of Client-Side Scanning.”
To talk about this most recent development in the going dark debate, Stephanie Pell sat down with two of the paper’s authors: Susan Landau, Bridge Professor of Cybersecurity and Policy in The Fletcher School and at the School of Engineering, Department of Computer Science, at Tufts University; and Ross Anderson, professor of security engineering at the University of Cambridge and at the University of Edinburgh. They discussed some of the most significant privacy and security risks client-side scanning creates, why client-side scanning requires a different analysis from other aspects of the discussion about government access to encrypted data, and why the authors of the paper consider client-side scanning to be a dangerous technology.