@article{AABBx24,
  author = { Harold Abelson and Ross Anderson and Steven M. Bellovin and Josh
             Benaloh and Matt Blaze and Jon Callas and Whitfield Diffie and
             Susan Landau and Peter G. Neumann and Ronald L. Rivest and
             Jeffrey Schiller and Bruce Schneier and Vanessa Teague and
             Carmela Troncoso },
  title = { Bugs in our pockets: the risks of client-side scanning },
  journal = { Journal of Cybersecurity },
  date = { 2024 },
  OPTmonth = { },
  OPTyear = { 2024 },
  publisher = { Oxford University Press },
  url = { https://academic.oup.com/cybersecurity/article/10/1/tyad020/7590463?searchresult=1 },
  abstract = {
  Our increasing reliance on digital technology for personal, economic, and government affairs has made it es-
sential to secure the communications and devices of private citizens, businesses, and governments. This has
led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and na-
tional security agencies have argued that the spread of cryptography has hindered access to evidence and in-
telligence. Some in industry and government now advocate a new technology to access targeted data: client-
side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to de-
crypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were
detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no
information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public
safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully
investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor pre-
vents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for
all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways
in which CSS can fail, can be evaded, and can be abused. },
}