Client-side scanning (CSS) is a technology designed to detect harmful or illegal content, such as child sexual abuse material (CSAM) directly on a user’s device before messages, photos, or files are encrypted and sent in apps that use end-to-end encryption (E2EE). In E2EE, messages are scrambled on the sender’s device so only the intended recipient can read them; even the app company cannot access the content. CSS proponents argue it allows platforms to catch bad material without “breaking” encryption. Critics, including the Internet Society, contend that scanning before encryption undermines the privacy and security E2EE is meant to provide, likened to “reading the letter as it is being written” rather than simply checking the sealed envelope in transit.
Key Points
- Core Idea: CSS scans content locally on the user’s device against databases of known objectionable material before encryption occurs, aiming to identify illegal content in otherwise private E2EE communications.
- How It Differs from Traditional Scanning: Server-side scanning checks messages after they reach company servers (where they may be unencrypted). CSS performs checks on-device upfront, preserving the appearance of encryption while still accessing content.
- Privacy Concerns: It breaches the confidentiality promise of E2EE, exposing user communications to scanning and creating risks to fundamental rights. Once scanning infrastructure exists, it could expand beyond CSAM to other content.
- Security and Practical Issues: CSS introduces new vulnerabilities and can often be bypassed (e.g. by encrypting files separately first), making it potentially ineffective while weakening overall trust in encrypted services and the broader internet ecosystem.
- Arguments For and Against: Supporters see it as a way to combat illegal content without dismantling encryption. Opponents, including the Internet Society and data protection authorities, view it as disproportionate, ineffective, and harmful to privacy, security, and digital trust; they recommend prohibiting general monitoring via such technologies.
- Broader Implications: Widespread adoption could reduce confidence in secure messaging, affect the digital economy, and set precedents for expanded surveillance, even if initially framed narrowly for child protection.
Therefore, client-side scanning is presented as a technical compromise between safety and privacy, but it raises fundamental questions about whether it truly safeguards users or erodes the protections of encrypted communication.
Those new to the topic should explore resources on end-to-end encryption and digital rights for deeper understanding.
