Auto-scans of phones would violate data privacy, say security experts
A group of world-leading cryptography and security experts has warned that scanning images on smartphones, like a scheme proposed by Apple in August, should be treated like mass surveillance and prohibited by law.
“[Device scanning] makes what was formerly private on a user’s device potentially available to law enforcement and intelligence agencies, even in the absence of a warrant,” said the authors, who include Whitfield Diffie, an inventor of public key cryptography, Ronald Rivest, an inventor of the widely used RSA encryption system, and firewall expert Steven Bellovin.
“Because this privacy violation is performed at the scale of entire populations, it is a bulk surveillance technology,” they added.
The researchers raised the alarm as calls to circumvent encryption from intelligence and law enforcement agencies around the world become increasingly strident, with the EU due to propose a new law on child protection that may include suggestions for device scanning in December.
It also follows now-delayed plans by Apple to install software on American iPhones to scan continuously for child abuse imagery.
Such an automated system would proactively alert a team of human reviewers who would then contact law enforcement, if they believe illegal imagery is detected. Apple halted plans to launch the software after a fierce backlash from privacy campaigners and other tech companies.
“The concern is that European institutions could bring in a law making something like Apple’s child abuse blocking proposal mandatory for people providing phones and chat apps,” said Ross Anderson, a co-author of the paper, titled “Bugs In Our Pockets”, and a professor of security engineering at the University of Cambridge.
“Interfering with the security of people’s devices by making them intrinsically easy to wiretap, putting in government-mandated snooping software that will look at your pictures, texts and videos to see if there is anything the government doesn’t like, really does cross a red line.”
Scanning a user’s device, known as “client-side scanning”, has been proposed by governments as a way to identify unlawful content — including child abuse and terrorism — on a person’s phone, while nominally preserving end-to-end encryption.
“But unfortunately it’s not that simple . . . client-side scanning would render the user privacy and security guarantees of encryption hollow,” wrote Erica Portnoy, senior technologist at the Electronic Frontier Foundation. “Even a well-intentioned effort to build such a system will . . . open the door to broader abuses.”
Scanning stored data on a user’s device “brings surveillance to a new level”, Anderson and his colleagues write, adding that promises by companies like Apple that its use would be limited to child abuse imagery is “illusory”.
In 2016, Apple went to court with the FBI, defending its use of encryption when pressured by the authorities to access a terror suspect’s iPhone following a shooting in San Bernardino, California.
The researchers said that the proposal to pre-emptively scan all user devices for targeted content was “far more insidious” than the FBI asking for specific access to an individual’s device.
They said: “The [intelligence] agencies’ direction of travel is the bulk scanning of everyone’s private data, all the time, without warrant or suspicion. Is it prudent to deploy extremely powerful surveillance technology that could easily be extended to undermine basic freedoms?”