Security News > 2022 > June > Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly
In an ArXiv paper titled "YASM," Kaspar Rosager Ludvigsen and Shishir Nagaraja, of the University of Strathclyde, and Angela Daly, of the Leverhulme Research Center for Forensic Science and Dundee Law School, in Scotland, revisit CSS as a way to ferret out CSAM and conclude the technology is both ineffective and unjustified.
Client-side scanning in this context involves running software on people's devices to identify unlawful images - generally those related to the exploitation of children but EU lawmakers have also discussed using CSS to flag content related to terrorism and organized crime.
Even if you assume, they argue, that a CSS system caught all CSAM it encountered - an unrealistic assumption - there's no clear definition of CSAM. There's a legal definition, they say, but this cannot be translated into rules for a CSS system.
"CSS contains in its very notion constant surveillance upon the system, and unlike pure logging, attempts to oversee all events within a given framework," the boffins explain.
The authors go on to chide the European Commission for the techno-solutionist belief that CSS is the only possible way to combat CSAM. The Commission, they say, "Disregards and does not analyze the potential consequences either CSS or server-side scanning would have on cybersecurity and privacy, while they justify the victim's potential positive outcomes outweighing the negative of everyone else."
"What you usually do not do, is to dig up the entire crust of the surface of the earth. CSS systems and mass surveillance represent the latter." .
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/02/eu_child_protection/