DeepSec 2024 Talk: Insights on Client-Side Scanning and Alternatives in the Fight Against Child Sexual Abuse and Exploitation – Carolyn Guthoff
Content Warning: This talk may include mention of child sexual abuse and exploitation.
In this talk, we want to summarize our research into Client-Side Scanning (CSS) and follow-up work on safety in end-to-end encrypted messaging concerning sexual risks.
Client-Side Scanning (CSS) is discussed as a potential solution to contain the dissemination of child sexual abuse material (CSAM). A significant challenge associated with this debate is that stakeholders have different interpretations of the capabilities and frontiers of the concept and its varying implementations.
In the current work, we explore stakeholders’ understandings of the technology and the expectations and potential implications in the context of CSAM by conducting and analyzing 28 semi-structured interviews with a diverse sample of experts.
We identified mental models of CSS and the expected challenges. Our results show the CSS is often a preferred solution in the child sexual abuse debate because of the perceived lack of an alternative. Our findings illustrate the importance of further interdisciplinary discussions to define and comprehend the impact of CSS usage on society, particularly vulnerable groups such as children, on whom CSS would have a detrimental impact.
Why should you care? Child sexual abuse and exploitation (CSAE) is a global problem hurting every society. The introduction of Client-Side Scanning would have far-reaching consequences not only for individuals but also for companies. Understanding what it is and can be is a first step in participating in the discussion. Since the CSS won’t solve the root problem of CSAE, it is also imminent to research alternatives that give agency to users to protect themselves from these crimes online. However, sexual abuse and exploitation are not only problems for youth; adults can also fall victim to these crimes. Thus, protective mechanisms are important for everyone.
We asked Carolyn a few more questions about her talk.
Please tell us the top 5 facts about your talk.
- It’s very easy to talk past each other about client-side scanning.
- Client-side scanning to fight the distribution of CSAM (child sexual abuse material) will harm children more than it will help them.
- Mental models explain how people perceive the world around them.
- We have a long way to go before we can consider the internet a safe place.
- It’s important to establish a common understanding of a problem before figuring out a technical solution.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
This talk summarizes current research.
Why do you think this is an important topic?
Child sexual abuse and exploitation (CSAE) is an important global problem hurting every society.
Is there something you want everybody to know – some good advice for our readers, maybe?
Educate yourself before forming an opinion.
A prediction for the future – what do you think will be the next innovations or future downfalls with your field of expertise / the topic of your talk in particular?
Usable security and privacy will become more important in the future, especially for companies, because it can help solve tremendous problems by looking at these from different perspectives and in more holistic ways. If a company has anything they need protected through cyber security, disregarding usable security and privacy will be one of the biggest mistakes they can make.
Carolyn Guthoff is a doctoral researcher at the CISPA Helmholtz Center for Information Security in Germany. Her research primarily focuses on usable security and privacy, particularly on bridging the gap between theoretical security measures and their practical applications, where she aims to align the demands of security researchers with the realities faced by end users.
Before joining CISPA, she worked as an application owner and business analyst at Mercedes-Benz.