{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T17:36:13Z","timestamp":1776101773392,"version":"3.50.1"},"reference-count":73,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2024,1,27]],"date-time":"2024-01-27T00:00:00Z","timestamp":1706313600000},"content-version":"vor","delay-in-days":26,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 1923528"],"award-info":[{"award-number":["CNS 1923528"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy\u2014in the sense of unimpeded end-to-end encryption\u2014and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.<\/jats:p>","DOI":"10.1093\/cybsec\/tyad020","type":"journal-article","created":{"date-parts":[[2024,1,27]],"date-time":"2024-01-27T10:10:34Z","timestamp":1706350234000},"source":"Crossref","is-referenced-by-count":19,"title":["Bugs in our pockets: the risks of client-side scanning"],"prefix":"10.1093","volume":"10","author":[{"given":"Harold","family":"Abelson","sequence":"first","affiliation":[{"name":"Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology , 77 Massachusetts Avenue, Cambridge, MA 02139 ,","place":["United States"]}]},{"given":"Ross","family":"Anderson","sequence":"additional","affiliation":[{"name":"Computer Laboratory, University of Cambridge , JJ Thomson Avenue, Cambridge CB3 0FD ,","place":["United Kingdom"]},{"name":"School of Informatics, University of Edinburgh , 10 Crichton Street, Edinburgh EH8 9AB ,","place":["United Kingdom"]}]},{"given":"Steven M","family":"Bellovin","sequence":"additional","affiliation":[{"name":"Department of Computer Science and affiliate faculty, Law School, Columbia University , MC 0401, New York, NY 10027 ,","place":["United States"]}]},{"given":"Josh","family":"Benaloh","sequence":"additional","affiliation":[{"name":"Microsoft Research, One Microsoft Way , Redmond, WA 98052 ,","place":["United States"]}]},{"given":"Matt","family":"Blaze","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Law School, Georgetown University , 3700 O St NW, Washington, DC 20057 ,","place":["United States"]}]},{"given":"Jon","family":"Callas","sequence":"additional","affiliation":[{"name":"The Electronic Frontier Foundation , 815 Eddy Street, San Francisco, CA 94109 ,","place":["United States"]}]},{"given":"Whitfield","family":"Diffie","sequence":"additional","affiliation":[{"name":"Gonville and Caius College, Cambridge University , United Kingdom"}]},{"given":"Susan","family":"Landau","sequence":"additional","affiliation":[{"name":"The Fletcher School and School of Engineering, Department of Computer Science Tufts University , 160 Packard Ave, Medford, MA 02155 ,","place":["United States"]}]},{"given":"Peter G","family":"Neumann","sequence":"additional","affiliation":[{"name":"Computer Science Lab, SRI International , 333 Ravenswood Ave, Menlo Park, CA 94025 ,","place":["United States"]}]},{"given":"Ronald L","family":"Rivest","sequence":"additional","affiliation":[{"name":"Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology , 77 Massachusetts Avenue, Cambridge, MA 02139 ,","place":["United States"]}]},{"given":"Jeffrey I","family":"Schiller","sequence":"additional","affiliation":[{"name":"Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology , 77 Massachusetts Avenue, Cambridge, MA 02139 ,","place":["United States"]}]},{"given":"Bruce","family":"Schneier","sequence":"additional","affiliation":[{"name":"Harvard Kennedy School and The Berkman Klein Center for Internet & Society, Harvard University , 79 John F. Kennedy Street, Cambridge, MA 02138 ,","place":["United States"]},{"name":"Inrupt, Inc. , Boston, MA 02138 ,","place":["United States"]}]},{"given":"Vanessa","family":"Teague","sequence":"additional","affiliation":[{"name":"College of Engineering and Computer Science, Australian National University , Canberra, ACT 2600 ,","place":["Australia"]}]},{"given":"Carmela","family":"Troncoso","sequence":"additional","affiliation":[{"name":"SPRING Lab, Ecole Polytechnique Federale de Lausanne, Rte Cantonale , 1015 Lausanne ,","place":["Switzerland"]}]}],"member":"286","published-online":{"date-parts":[[2024,1,27]]},"reference":[{"key":"2024121909125863700_bib1","first-page":"69","article-title":"Keys under doormats: mandating insecurity by requiring government access to all data and communications","volume":"1","author":"Abelson","year":"2015","journal-title":"J Cybersecur"},{"key":"2024121909125863700_bib2","article-title":"The risks of key recovery, key escrow, and trusted third-party encryption.\u00a0A report by an ad hoc group of cryptographers and computer scientists","author":"Abelson","year":"1997"},{"key":"2024121909125863700_bib3","volume-title":"Decrypting the Encryption Debate: A Framework for Decision Makers","author":"National Academies of Sciences, Engineering, and Medicine","year":"2018"},{"key":"2024121909125863700_bib4","article-title":"Moving the encryption policy conversation forward","author":"Carnegie Endowment for International Peace","year":"2019"},{"key":"2024121909125863700_bib5","article-title":"The law and policy of client-side scanning","author":"Rosenzweig","year":"2020","journal-title":"Lawfare"},{"key":"2024121909125863700_bib6","article-title":"Overview of apple\u2019s client-side CSAM scanning","author":"Rescorla","year":"2021","journal-title":"Educated Guesswork"},{"key":"2024121909125863700_bib7","article-title":"If you build it, they will come: apple has opened the backdoor to increased surveillance and censorship around the world","author":"Opsahl","year":"2021"},{"key":"2024121909125863700_bib8","article-title":"Apple letting the content-scanning genie out of the bottle","author":"Murdoch","year":"2021"},{"key":"2024121909125863700_bib9","article-title":"The Apple Client-Side Scanning System","author":"Rosenzweig","year":"2021","journal-title":"Lawfare"},{"key":"2024121909125863700_bib10","article-title":"Apple\u2019s new \u2018child safety\u2019 plan for iPhones isn\u2019t so safe","author":"Gillmor","year":"2021"},{"key":"2024121909125863700_bib11","article-title":"Apple quietly removes all references to CSAM, but says nothing has changed [U]","volume-title":"9to5Mac","author":"Lovejoy","year":"2021"},{"key":"2024121909125863700_bib12","volume-title":"Proposal for a regulation of the European Parliament and of The Council laying down rules to prevent and combat child sexual abuse","author":"European Commission","year":"2022"},{"key":"2024121909125863700_bib13","article-title":"Council resolution on encryption\u2014security through encryption and security despite encryption (13084\/1\/20)","author":"Council of the European Union","year":"2020"},{"key":"2024121909125863700_bib14","article-title":"Draft online safety bill","author":"UK Parliament","year":"2021"},{"key":"2024121909125863700_bib15","article-title":"Who moderates the social media giants?","author":"Barrett","year":"2020"},{"key":"2024121909125863700_bib16","volume-title":"PhotoDNA","author":"Microsoft, Dartmouth College","year":"2015"},{"key":"2024121909125863700_bib17","article-title":"Facebook open-sources algorithms for detecting child exploitation and terrorism imagery","author":"Newton","year":"2019","journal-title":"The Verge"},{"key":"2024121909125863700_bib18","article-title":"Expanded protections for children","author":"Apple Inc","year":"2021"},{"key":"2024121909125863700_bib19","article-title":"Curbing the surge in online child sex abuse","author":"Negreiro","year":"2020"},{"key":"2024121909125863700_bib20","article-title":"Technical solutions to detect child sexual abuse in end-to-end encrypted communications: draft document","author":"Commission of the European Union"},{"key":"2024121909125863700_bib21","volume-title":"A Hacker\u2019s Mind: How the Powerful Bend Society\u2019s Rules, and How to Bend Them Back","author":"Schneier","year":"2023"},{"key":"2024121909125863700_bib22","article-title":"How Moscow uses Interpol to pursue its enemies","author":"Higgins","year":"2016","journal-title":"The New York Times"},{"key":"2024121909125863700_bib23","article-title":"U.S. warned firms about Russia\u2019s Kaspersky software day after invasion","author":"Bing","year":"2022","journal-title":"Reuters"},{"key":"2024121909125863700_bib24","doi-asserted-by":"crossref","first-page":"tyaa006","DOI":"10.1093\/cybsec\/tyaa006","article-title":"Security threats in intimate relationships","volume":"6","author":"Levy","year":"2020","journal-title":"J Cybersecur"},{"key":"2024121909125863700_bib25","article-title":"Children\u2019s databases\u2014safety and privacy","author":"Anderson"},{"key":"2024121909125863700_bib26","doi-asserted-by":"crossref","DOI":"10.1002\/9781119644682","volume-title":"Security engineering\u2014a guide to building dependable distributed systems","author":"Anderson","year":"2020"},{"key":"2024121909125863700_bib27","doi-asserted-by":"crossref","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","article-title":"The protection of information in computer systems","volume":"63","author":"Saltzer","year":"1975","journal-title":"Proc IEEE"},{"key":"2024121909125863700_bib28","first-page":"5","article-title":"La Cryptographie Militaire","volume":"9","author":"Kerckhoffs","year":"1883","journal-title":"J des Sci Militairies"},{"key":"2024121909125863700_bib29","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1002\/j.1538-7305.1949.tb00928.x","article-title":"Communication theory of secrecy systems","volume":"28","author":"Shannon","year":"1949","journal-title":"Bell Sys Tech J\u00a0"},{"key":"2024121909125863700_bib30","article-title":"Rethinking the detection of child sexual abuse imagery on the Internet","volume-title":"Enigma","author":"Bursztein","year":"2019"},{"key":"2024121909125863700_bib31","first-page":"77","article-title":"Gender shades: intersectional accuracy disparities in commercial gender classification","author":"Buolamwini","year":"2018","journal-title":"Conference on Fairness, Accountability and Transparency (FAT)"},{"key":"2024121909125863700_bib32","article-title":"Apple\u2019s new child safety technology might harm more kids than it helps","author":"Redmiles","year":"2021","journal-title":"Scientific American"},{"key":"2024121909125863700_bib33","article-title":"BadNets: identifying vulnerabilities in the machine learning model supply chain","author":"Gu"},{"key":"2024121909125863700_bib34","article-title":"PhotoDNA and Limitations","author":"Krawetz"},{"key":"2024121909125863700_bib35","doi-asserted-by":"crossref","DOI":"10.1145\/2810103.2813677","article-title":"Model inversion attacks that exploit confidence information and basic countermeasures","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Fredrikson","year":"2015"},{"key":"2024121909125863700_bib36","first-page":"4771","article-title":"Data-free model extraction","volume-title":"Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition","author":"Truong","year":"2021"},{"key":"2024121909125863700_bib37","doi-asserted-by":"crossref","first-page":"512","DOI":"10.1109\/EuroSP.2019.00044","article-title":"PRADA: protecting against dnn model stealing attacks","volume-title":"2019 IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Juuti","year":"2019"},{"key":"2024121909125863700_bib38","article-title":"Identifying harmful media in end-to-end encrypted communication: efficient private membership computation","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Kulshrestha","year":"2021"},{"key":"2024121909125863700_bib39","article-title":"Analysis of the green dam censorware system","author":"Wolchok"},{"key":"2024121909125863700_bib40","volume-title":"This is How They Tell Me the World Ends","author":"Perlroth","year":"2020"},{"key":"2024121909125863700_bib41","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MSPEC.2007.376605","article-title":"The Athens affair","volume":"44","author":"Prevelakis","year":"2007","journal-title":"IEEE Spectrum"},{"key":"2024121909125863700_bib42","article-title":"Exploiting lawful intercept to wiretap the internet","author":"Cross","year":"2010"},{"key":"2024121909125863700_bib43","doi-asserted-by":"crossref","DOI":"10.17487\/rfc3924","article-title":"Cisco architecture for lawful intercept in ip networks","author":"Baker","year":"2004"},{"key":"2024121909125863700_bib44","article-title":"The large immortal machine and the ticking time bomb","author":"Landau","year":"2013","journal-title":"J Telecommun High Technol Law"},{"key":"2024121909125863700_bib45","article-title":"Combating hate and extremism","author":"Facebook","year":"2019"},{"key":"2024121909125863700_bib46","article-title":"Online child protection","author":"Facebook","year":"2019"},{"key":"2024121909125863700_bib47","article-title":"Four steps we\u2019re taking today to fight terrorism online","author":"Google","year":"2018"},{"key":"2024121909125863700_bib48","doi-asserted-by":"crossref","DOI":"10.1145\/3460120.3484559","article-title":"It\u2019s not what it looks like: manipulating perceptual hashing based applications","volume-title":"ACM Conference on Computer and Communications Security (CCS)","author":"Hao","year":"2021"},{"key":"2024121909125863700_bib49","article-title":"Apple says collision in child-abuse hashing system is not a concern","author":"Brandom","year":"2021","journal-title":"The Verge"},{"key":"2024121909125863700_bib50","first-page":"2317","article-title":"Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Jain","year":"2022"},{"key":"2024121909125863700_bib51","first-page":"387","article-title":"Evasion attacks against machine learning at test time","volume-title":"Joint European conference on machine learning and knowledge discovery in databases","author":"Biggio","year":"2013"},{"key":"2024121909125863700_bib52","article-title":"Intriguing properties of neural networks","volume-title":"arXiv preprint arXiv:13126199","author":"Szegedy","year":"2013"},{"key":"2024121909125863700_bib53","article-title":"A Complete List of All (arXiv) Adversarial Example Papers","author":"Carlini"},{"key":"2024121909125863700_bib54","doi-asserted-by":"crossref","DOI":"10.1109\/CVPR.2017.17","article-title":"Universal adversarial perturbations","volume-title":"IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Moosavi-Dezfooli","year":"2017"},{"key":"2024121909125863700_bib55","article-title":"On adaptive attacks to adversarial example defenses","volume-title":"Neural Information Processing Systems (NeurIPS)","author":"Tram\u00e8r","year":"2020"},{"key":"2024121909125863700_bib56","article-title":"Robustness may be at odds with accuracy","volume-title":"International Conference on Learning Representations (ICLR)","author":"Tsipras","year":"2019"},{"key":"2024121909125863700_bib57","article-title":"Fundamental tradeoffs between invariance and sensitivity to adversarial perturbations","volume-title":"International Conference on Machine Learning, (ICML)","author":"Tram\u00e8r","year":"2020"},{"key":"2024121909125863700_bib58","first-page":"21692","article-title":"Detecting adversarial examples is (nearly) as hard as classifying them","volume-title":"CoRR","author":"Tram\u00e8r","year":"2022"},{"key":"2024121909125863700_bib59","doi-asserted-by":"crossref","DOI":"10.1145\/1128817.1128824","article-title":"Can machine learning be secure?","volume-title":"ACM Symposium on Information, Computer and Communications Security, (ASIACCS)","author":"Barreno","year":"2006"},{"key":"2024121909125863700_bib60","article-title":"Poisoning attacks against support vector machines","volume-title":"International Conference on Machine Learning (ICML)","author":"Biggio","year":"2012"},{"key":"2024121909125863700_bib61","article-title":"ImageNet contains naturally occurring NeuralHash collisions","author":"Dwyer","year":"2021"},{"key":"2024121909125863700_bib62","article-title":"NeuralHash collider","author":"Athalye","year":"2021"},{"key":"2024121909125863700_bib63","article-title":"Technical Report on the CleverHans v2.1.0 Adversarial Examples Library","author":"Papernot","year":"2018"},{"key":"2024121909125863700_bib64","volume-title":"Cryptography\u2019s role in securing the information society","author":"Dam","year":"1996"},{"key":"2024121909125863700_bib65","article-title":"Apple\u2019s software chief explains \u2018misunderstood\u2019 iPhone child-protection features","author":"Stern","year":"2021","journal-title":"The Wall Street Journal"},{"key":"2024121909125863700_bib66","article-title":"Security threat model review of Apple\u2019s child safety features","author":"Apple","year":"2021"},{"key":"2024121909125863700_bib67","article-title":"Apple\u2019s compromises in China: 5 Takeaways","author":"Nicas","year":"2021","journal-title":"The New York Times"},{"key":"2024121909125863700_bib68","article-title":"Google and Apple, under pressure from Russia, remove voting app","author":"Troianovski","year":"2021","journal-title":"The New York Times"},{"key":"2024121909125863700_bib69","article-title":"Amid backlash, Apple will change photo-scanning plan but won\u2019t drop it completely","author":"Brodkin","year":"2021","journal-title":"Ars Technica"},{"key":"2024121909125863700_bib70","article-title":"The EU\u2019s proposal on CSAM is a dangerous misfire","author":"Landau","year":"2022","journal-title":"Lawfare"},{"key":"2024121909125863700_bib71","article-title":"Finally Some Clear Thinking on Child Sexual Abuse and Exploitation Investigation and Intervention","author":"Landau","year":"2022"},{"key":"2024121909125863700_bib72","article-title":"Wiretap Report","author":"Administrative Office of the United States Courts","year":"2020"},{"key":"2024121909125863700_bib73","article-title":"Pioneering a new national security\u2014the ethics of artificial intelligence","author":"GCHQ"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyad020\/61182335\/tyad020.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyad020\/61182335\/tyad020.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,19]],"date-time":"2024-12-19T09:13:21Z","timestamp":1734599601000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyad020\/7590463"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,1]]},"references-count":73,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,2]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyad020","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,1,1]]},"published":{"date-parts":[[2024,1,1]]},"article-number":"tyad020"}}