Security Risks of Client-Side Scanning

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it’s a really bad idea.

We had been working on the paper well before Apple’s announcement. And while we do talk about Apple’s system, our focus is really on the idea in general.

Ross Anderson wrote a blog post on the paper. (It’s always great when Ross writes something. It means I don’t have to.) So did Susan Landau. And there’s press coverage in the New York Times, the Guardian, Computer Weekly, the Financial Times, Forbes, El Pais (English translation), NRK (English translation), and — this is the best article of them all — the Register. See also this analysis of the law and politics of client-side scanning from last year.

Posted on October 15, 2021 at 9:30 AM17 Comments

Comments

name.withheld.for.obvious.reasons October 15, 2021 3:35 PM

I had mentioned previously that the architecture of both Microsoft and Apple operating systems have deliberated layered a functional provision of data, information, and bits from human inputs (all of them). From speech to gesturing and synthesis. Cortona is the primary functional architecture for Windows, and on Apple in is the a textual core framework. I speculated at the time that this was to be exactly how these vendors would address the pressures from abhorrent government overreach. Well played Microsoft and Apple, brownie points for everyone.

Sancho_P October 15, 2021 5:59 PM

Re: “We seem to have to do this every decade or so.” (@Bruce)

“Against stupidity even gods struggle in vain” (F. v. Schiller, about 1800).

Clive Robinson October 15, 2021 6:06 PM

@ Bruce, ALL,

We seem to have to do this every decade or so.

As I’ve said before, this is entirely predictable.

The reason is simple,

“For those pushing to destroy everyones privacy there is effectively no balance to stop them.”

So they will keep pushing and pushing, nearly every time they drag things a little in the direction they want to go.

The only consequence for them if they fail is a very short lived push back from a small part of society, that very very quickly goes away.

Untill there is a guenuine punishment that has significant consequences not just for the individual such as “malfeasance in public office” and the agency suffering a significant set of cutbacks, then they will carry on.

No ifs, no buts, no maybes, they will carry on, and eventually get everything they currently want and then a whole lot more we can not yet foresee.

So if you want to stop privacy being stolen, you have to treat the crooks the way they should be and turned into criminals. That loose their freedom, any wealth they have accrued, be baned from holding any office with responsibility and be held in the public eye in the same way we do the likes of major criminals. Such as those behind Enron and Madoff Investment Securities “Wealth Managment” etc.

ech October 15, 2021 6:25 PM

@Bruce

RE:UK Draft Online Safety Law

Part one.

Duty of care and safeguarding are well established in law as is the real threat from media and social media to provoke and encourage hate crime. The problem is not the law in principle but how it will be used and abused by an out of cotrol and reckless human rights abusing government with a grip on regulators and access to law and other mechanisms for information and redress.

The UK has a bit of a far right problem given licence by the current UK Conserative Party on top of recklessness and other failures of governance and human rights and other abuses. They also have a problem along with the majority right wing billionaire owned media as defining in pratice “free speech” as being anything they want to say and any challenge or disagreement as being “cancelled” by “snowflakes” as they hop from one platform to another with their megaphone complaning about it when their victims often have little effective redress due in part to a loophole in OFCOM’s rules and the near wholesale takeover of regulatory and media by their own appointment placement.

ech October 15, 2021 6:25 PM

@Bruce

RE:UK Draft Online Safety Law

Part two.

US style “freedom of speech” and low regulation for the business environment causes real problems for Europe and elsewhere as the US can and has been a breeding ground for content and ideologically driven people causing problems including but not limited to increasing corruption and a rise in hate crimes.

The current UK government has created a “hostile enviroment” riddled with polarising and inflamatory and sterotyping rhetoric and this has been felt in the US in some quarters with some legislators getting ideas and pushing through harmful and truly terrifying agendas and polices.

The EU has not sat on its hands and both EU parliametarians as well as the EU commission have taken steps with the boundaries of its powers to rein in some of the worst behaviour.

I am more than irritated when technical experts and lobby groups from the US especially poke their nose into fields and legal jurisdictions and situations and circumstances they are ignorant about. You’re not helping.

SpaceLifeForm October 16, 2021 12:55 AM

@ –

What is it you say about vowels?

Buy early, buy often.

Vowels can be hard to buy.

Supply chain disruptions.

Leon Theremin October 16, 2021 9:15 AM

Bad idea? Tell this to the people who put hardware backdoors into all devices and Remote Neural Monitoring in all radio towers.

Petre Peter October 16, 2021 11:31 AM

This reminds me of communist Romania where the secret police (Securitatea) planted microphones inside the TV sets. This was exposed in the book Red Horizons by Ion Mihai Pacepa. So it seems like the the bugs have moved from the living room to our pockets. Great title, great alarm signal. Thank you.

Steve October 16, 2021 3:33 PM

Sometimes reading the comments section of this blog I feel like I’ve arrived at a party where everyone else is three or four drinks ahead of me.

Just sayin’.

- October 16, 2021 4:02 PM

@SLF:

“Supply chain disruptions.”

O, apparently not, as one came in with a new shipment of Squid…

Sometimes people just have to follow that penny.

Common sense Bob October 17, 2021 12:08 PM

I do not understand why anyone consider these insane invasions of privacy even for a second. They’re are abominations full stop and lacks fundamental respect for the individual.

Any devices with a backdoor goes in the shredder. If that leaves me with no devices at all, so be it. If this is the future of technology I’m opting out fully, wholly and without any regret.

Peter A. October 18, 2021 9:33 AM

Let’s rephrase it in 1970’s terms; maybe in this way it hits home (pun intended):

THE GUVMINT:

OK, many people oppose to all their [analog landline – editor’s note] phone conversations being eavesdropped and all their [paper – ed. note] letters & packages being read & examined by crooks without any warrant & control, effectively treating everybody as violent criminals under suspicion of planning a horrible crime; so let’s put secret agents in everybody’s home instead, make the agents follow you wherever you go, and call the new agency CSS.

The agents will be dressed in camouflage so they would be hardly noticeable, and will not interfere with your daily routine at all, we promise. Oh, maybe the agents would whisper a kind word of warning into your kids’ ears, when they try to play naughty, but will tell you as well, aiding you so much in your parenting (unless the kid is over 13 years old, which means ze is a totally responsible individual and can do whatever ze pleases, unless CSS says no). We promise solemnly CSS agents would only look at the [analog, photo-paper – ed. note] photos you send in the mail to your kids, family & relatives (or maybe play the videotapes[1] you send too; but only in the Old World, so don’t worry) and will never sift through your family albums, your bookshelf, your important documents binders, your doctor’s written recommendations & prescriptions, your love letters, your shopping lists, your very personal notes to self, or your wallet. Never ever!

The CSS agents would receive secret orders solely from us, The Good Guys, so don’t worry. We hire only the deaf-blind, guaranteed, and they’ll never talk back or gesture back at you, no matter how hard you try, so you’ll know they really are. They will only feel and sniff the photos you send out, after being very secretly trained to do so, and will only make a secret mark on the envelope, when they feel or sniff something really, really abhorrent, so your trusty postman can check if it really is, and will tell us a word if he thinks so; so we can double check if your neighbor isn’t a beastly ra..st terr…st mass mur…er. You surely won’t do such horrible thing as sending out photos of [censored], would you? So you have absolutely no reason to worry about your privacy.

We cannot show you our agents’ training material; it is so abhorrent it will blow your mind – but if you manage to get it somehow, we’ll throw you in jail for life, for good measure, because you ARE a ra..st terr…st mass mur…er!

Every new home built throughout the country will have an agent assigned from the moment it’s erected. Old homes will get old and ugly and eventually crumble in a few years or so you’ll have to buy a new one someday.

THINK OF THE CHILDREN!

THE SHEEPLE:

We’re totally cool about that since it is not wiretapping and therefore does not infringe on our fundamental sheeple rights in any way.

[1] Big, bulky, stringy, stone-age versions of .mov or .mp4 files.

Denton Scratch October 18, 2021 10:28 AM

It’s always great when Ross writes something.

Sure is! Clayton is good too. But LightBlueTouchpaper is not on my regular reading list, because they don’t post very often. So thanks for the tip-off.

Gert November 14, 2021 1:46 AM

This is one of the problems that comes with banning third-party clients. For open protocols, like email, client-side scanning would be impossible to enforce, since the user can just switch to a different client. (It is not really needed for email, since it is not end-to-end encrypted)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.