International Association
for Cryptologic Research

In 2019, US Attorney General William Barr authored an open letter to Facebook, requesting the company delay its plans to deploy additional end-to-end encryption technology. A key objection raised by the Barr memo was that end-to-end encryption technologies “[put] our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions.” In addition to reiterating a previous law-enforcement position regarding “exceptional access” to encrypted records, the Barr letter outlined a new request: for technology providers to “​embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims.” In the two years since Barr’s letter, the scientific, policy and industrial communities have grappled with the implications of this request. A major topic of concern is whether existing server-side media scanning technologies — used to detect the presence of known child sexual abuse material (CSAM) — can be adapted to work in end-to-end encrypted systems. This work is largely referred to by the term “client-side scanning.” (We use this designation to refer to any system that performs scanning on plaintext at the client, even if some realizations may use two-party protocols.) This debate came to a head in August 2021 when Apple announced the inclusion of a new on-device CSAM scanning technology that is slated for inclusion in iOS 15. In this presentation the authors propose to discuss the background and provide a taxonomy of security and privacy risks related to client-side scanning systems.

Securing elections is hard: there are challenging technical problems, and even more challenging social and political ones. Real mathematical evidence may not be accepted by everyone, while complete nonsense might seem convincing to many. So what can cryptographers do for democracy? We have good designs for privacy-preserving, receipt-free and verifiable election systems. It's exciting to see them getting deployed in practice in polling-place settings where we have a reasonable chance of preserving the secret ballot and guiding voters through verification. But there is still plenty of work to be done. How do these solutions connect with statistical notions of confidence and testing? How do we help the public distinguish between genuine and fake notions of cryptographic verification? Is threshold-trust the best we can do for the secret ballot? How much work can we ask voters to do? Can we meaningfully connect cryptographic evidence with the easy verification of paper ballots? And is there anything at all we can do for remote voting?

No abstract