DeepSec 2021 Press Release: Organized Espionage on Digital Devices. DeepSec Conference Warns: Searching for “Forbidden” Data on Clients Compromises Information Security.
A basic principle of information security is access control. We are all used to the fact that data is only available to people and systems with the right authorizations. The discussion about the search for prohibited image files on Apple systems sparked the discussion about the so-called Client-Side Scanning (CSS) technology. Searching for specific content past access restrictions has always been an appealing shortcut. It is now clear that CSS leads to serious problems that endanger the basis of information security and do not bring the hoped-for benefits. Instead, there are additional security loopholes. Search of end devices Lately, the EU Commission and law enforcement authorities have repeatedly addressed the issue of circumventing secure encryption. In mathematical terms, we cannot carry strong encryption out without stored duplicate keys or deliberately weakening the technologies used.