Bugs in our Pockets: The Risks of Client-Side Scanning
- URL: http://arxiv.org/abs/2110.07450v1
- Date: Thu, 14 Oct 2021 15:18:49 GMT
- Title: Bugs in our Pockets: The Risks of Client-Side Scanning
- Authors: Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt
Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald
L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague and Carmela
Troncoso
- Abstract summary: We argue that client-side scanning (CSS) neither guarantees efficacious crime prevention nor prevents surveillance.
CSS by its nature creates serious security and privacy risks for all society.
There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.
- Score: 8.963278092315946
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Our increasing reliance on digital technology for personal, economic, and
government affairs has made it essential to secure the communications and
devices of private citizens, businesses, and governments. This has led to
pervasive use of cryptography across society. Despite its evident advantages,
law enforcement and national security agencies have argued that the spread of
cryptography has hindered access to evidence and intelligence. Some in industry
and government now advocate a new technology to access targeted data:
client-side scanning (CSS). Instead of weakening encryption or providing law
enforcement with backdoor keys to decrypt communications, CSS would enable
on-device analysis of data in the clear. If targeted information were detected,
its existence and, potentially, its source, would be revealed to the agencies;
otherwise, little or no information would leave the client device. Its
proponents claim that CSS is a solution to the encryption versus public safety
debate: it offers privacy -- in the sense of unimpeded end-to-end encryption --
and the ability to successfully investigate serious crime. In this report, we
argue that CSS neither guarantees efficacious crime prevention nor prevents
surveillance. Indeed, the effect is the opposite. CSS by its nature creates
serious security and privacy risks for all society while the assistance it can
provide for law enforcement is at best problematic. There are multiple ways in
which client-side scanning can fail, can be evaded, and can be abused.
Related papers
- Privacy Aware Memory Forensics [3.382960674045592]
Recent surveys indicate that 60% of data breaches are primarily caused by malicious insider threats.
In this research, we present a novel solution to detect data leakages by insiders in an organization.
Our approach captures the RAM of the insiders device and analyses it for sensitive information leaks from a host system.
arXiv Detail & Related papers (2024-06-13T11:18:49Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - Enc2DB: A Hybrid and Adaptive Encrypted Query Processing Framework [47.11111145443189]
We introduce Enc2DB, a novel secure database system following a hybrid strategy on and openGauss.
We present a micro-benchmarking test and self-adaptive mode switch strategy that can choose the best execution path (cryptography or TEE) to answer a given query.
We also design and implement a ciphertext index compatible with native cost model and querys to accelerate query processing.
arXiv Detail & Related papers (2024-04-10T08:11:12Z) - Boosting Digital Safeguards: Blending Cryptography and Steganography [0.30783046172997025]
Steganography involves hiding data within another medium, thereby facilitating covert communication by making the message invisible.
This proposed approach takes advantage of the latest advancements in Artificial Intelligence (AI) and Deep Learning (DL), especially through the application of Generative Adversarial Networks (GANs)
The application of GANs enables a smart, secure system that utilizes the inherent sensitivity of neural networks to slight alterations in data.
arXiv Detail & Related papers (2024-04-09T03:36:39Z) - Privacy-preserving Optics for Enhancing Protection in Face De-identification [60.110274007388135]
We propose a hardware-level face de-identification method to solve this vulnerability.
We also propose an anonymization framework that generates a new face using the privacy-preserving image, face heatmap, and a reference face image from a public dataset as input.
arXiv Detail & Related papers (2024-03-31T19:28:04Z) - YASM (Yet Another Surveillance Mechanism) [1.332091725929965]
Apple proposed to scan their systems for such imagery. CSAMD was since pushed back, but the European Union decided to propose forced CSS.
We argue why CSS should be limited or not used and discuss issues with the way pictures cryptographically are handled.
In the second part, we analyse the possible human rights violations which CSS in general can cause within the regime of the European Convention on Human Rights.
arXiv Detail & Related papers (2022-05-29T08:42:59Z) - Deep Learning Algorithm for Threat Detection in Hackers Forum (Deep Web) [0.0]
We propose a novel approach for detecting cyberthreats using a deep learning algorithm Long Short-Term Memory (LSTM)
Our model can be easily deployed by organizations in securing digital communications and detection of vulnerability exposure before cyberattack.
arXiv Detail & Related papers (2022-02-03T07:49:44Z) - Reinforcement Learning on Encrypted Data [58.39270571778521]
We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces.
Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
arXiv Detail & Related papers (2021-09-16T21:59:37Z) - Crypto Currency Regulation and Law Enforcement Perspectives [0.6445605125467572]
We look at various questions of criminal use and misuse of technology.
The aim of the paper is to raise a set of concerns arising in the criminal justice and policing circles.
We propose a simplified classification of crimes related to crypto currency.
arXiv Detail & Related papers (2021-09-01T09:56:28Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - A vision for global privacy bridges: Technical and legal measures for
international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil"
An open conflict is arising between business demands for data and a desire for privacy.
We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.