Good intentions can hide mass surveillance and censorship.
The Internet Architecture Board (IAB) has warned that policy proposals to scan users devices for illegal content proposed by the European Union, the United Kingdom and the United States threaten the open Internet.
Client-Side Scanning (CSS) involves automatically analyzing files on devices for illegal photos and other materials, and then performing certain actions, such as marking documents and then deleting them or handing them over to the authorities. The main issues concern the loss of confidentiality in the identification process, the accuracy of reports, and possible errors that lead to improper charges.
In August 2021, Apple introduced its client-side scanning technology. Apple's scanning technology drew sharp criticism from other tech companies and users for violating privacy, and the company eventually abandoned scanning and focused on offering iCloud encryption.
However, the idea of client-side scanning is coming back into the legislation. IAB is against technologies that imply unlimited access to personal content and undermine the concept of End-to-end encryption (E2EE). The organization points out the danger of using such tools for mass surveillance and censorship.
In particular, the IAB refers to the planned "Regulation setting out Rules for Preventing and Combating Child Sexual Abuse" in Europe, the UK's Online Safety Act (OSA), which came into force at the end of October, and the US Money-Making Act . Each of them provides for regulatory regimes that may potentially require decryption of encrypted content in support of mandatory surveillance.
The IAB recognizes the social harm caused by the spread of illegal content on the Internet and the need to protect Internet users, but argues that general indiscriminate surveillance is the wrong way to deal with prohibited content.
According to a 2021 technical analysis from cryptography experts, client-side scanning is unrealizable and anti-democratic, but child safety organizations and technology companies continue to lobby for legislation that would allow the use of such a technique.
The IAB believes that the scanning initiatives are similar to other problematic proposals – wiretapping and widespread surveillance. The Council also stated that a secure, resilient and interoperable Internet is in the public interest and supports human rights to privacy, as well as freedom of opinion and expression.
"We are opposed to technologies that facilitate surveillance, as they weaken the user's expectations regarding the confidentiality of communications, which reduces confidence in the Internet as the main communication platform in modern society," the organization wrote.
Law enforcement agencies have other options besides client-side scanning. For example, in 2018, the FBI created its own encrypted communication app called ANOM and sold more than 12,000 such devices to at least 300 criminal groups in more than 100 countries, using the network for mass arrests in 2021.
It is also worth recalling two other encrypted communication services-EncroChat and Sky ECC, which were also hacked earlier and soon closed. Like ANOM, these messengers were popular with criminals to hide their illegal operations. Data from all three services was used by law enforcement officers as evidence for thousands of arrests.
The Internet Architecture Board (IAB) has warned that policy proposals to scan users devices for illegal content proposed by the European Union, the United Kingdom and the United States threaten the open Internet.
Client-Side Scanning (CSS) involves automatically analyzing files on devices for illegal photos and other materials, and then performing certain actions, such as marking documents and then deleting them or handing them over to the authorities. The main issues concern the loss of confidentiality in the identification process, the accuracy of reports, and possible errors that lead to improper charges.
In August 2021, Apple introduced its client-side scanning technology. Apple's scanning technology drew sharp criticism from other tech companies and users for violating privacy, and the company eventually abandoned scanning and focused on offering iCloud encryption.
However, the idea of client-side scanning is coming back into the legislation. IAB is against technologies that imply unlimited access to personal content and undermine the concept of End-to-end encryption (E2EE). The organization points out the danger of using such tools for mass surveillance and censorship.
In particular, the IAB refers to the planned "Regulation setting out Rules for Preventing and Combating Child Sexual Abuse" in Europe, the UK's Online Safety Act (OSA), which came into force at the end of October, and the US Money-Making Act . Each of them provides for regulatory regimes that may potentially require decryption of encrypted content in support of mandatory surveillance.
The IAB recognizes the social harm caused by the spread of illegal content on the Internet and the need to protect Internet users, but argues that general indiscriminate surveillance is the wrong way to deal with prohibited content.
According to a 2021 technical analysis from cryptography experts, client-side scanning is unrealizable and anti-democratic, but child safety organizations and technology companies continue to lobby for legislation that would allow the use of such a technique.
The IAB believes that the scanning initiatives are similar to other problematic proposals – wiretapping and widespread surveillance. The Council also stated that a secure, resilient and interoperable Internet is in the public interest and supports human rights to privacy, as well as freedom of opinion and expression.
"We are opposed to technologies that facilitate surveillance, as they weaken the user's expectations regarding the confidentiality of communications, which reduces confidence in the Internet as the main communication platform in modern society," the organization wrote.
Law enforcement agencies have other options besides client-side scanning. For example, in 2018, the FBI created its own encrypted communication app called ANOM and sold more than 12,000 such devices to at least 300 criminal groups in more than 100 countries, using the network for mass arrests in 2021.
It is also worth recalling two other encrypted communication services-EncroChat and Sky ECC, which were also hacked earlier and soon closed. Like ANOM, these messengers were popular with criminals to hide their illegal operations. Data from all three services was used by law enforcement officers as evidence for thousands of arrests.
