A Backdoor by Any Other Name, and How to Stop It

Max Hunter, EFF

Abstract: 

Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “extraordinary access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child sexual abuse material (CSAM).

On their face, proposals to do client-side scanning seem to give us the best of all worlds: they preserve encryption, while also combating the spread of illegal and morally objectionable content.

But unfortunately it’s not that simple. While it may technically maintain some properties of end-to-end encryption, client-side scanning would render the user privacy and security guarantees of encryption hollow. This talk will explain why that is, and what we can do to keep encryption encrypted.

Maximillian Hunter, EFF

Max manages a team of engineers who maintain Certbot, STARTTLS Everywhere, and other projects to encrypt the Internet. Max writes and speaks primarily about consumer privacy, security, and tech policy on cryptography. They serve on the boards of the Internet Security Research Group (which operates Let's Encrypt) and the Nordic Center for Data Privacy.
BibTeX
@inproceedings {257957,
author = {Maximillian Hunter},
title = {A Backdoor by Any Other Name, and How to Stop It},
booktitle = {2020 {USENIX} Conference on Privacy Engineering Practice and Respect ({PEPR} 20)},
year = {2020},
url = {https://www.usenix.org/conference/pepr20/presentation/hunter},
publisher = {{USENIX} Association},
month = oct,
}

Presentation Video