International Association
for Cryptologic Research

Investigative journalists collect large numbers of digital documents during their investigations. These documents can greatly benefit other journalists' work. However, many of these documents contain sensitive information. Hence, possessing such documents can endanger reporters, their stories, and their sources. Consequently, many documents are used only for single, local, investigations. We presented DatashareNetwork, a decentralized and privacy-preserving search system that enables journalists worldwide to find documents via a dedicated network of peers, as the first search engine designed by journalists for journalists in 2020 to address this problem. We start the talk by introducing real-world problems that investigative journalists face and describe DatashareNetwork as a possible solution. Then, we discuss the practical challenges of moving forward from an academic prototype to deploying DatashareNetwork for the International Consortium of Investigative (ICIJ). This talk covers (1) our joint requirement gathering and (2) design with journalists, (3) a user study to help ICIJ with presenting the privacy property of our system to journalists and making utility/privacy trade-off decisions, (4) deployment challenges to integrate DatashareNetwork into ICIJ's IT infrastructure, and finally (5) open problems that require more attention from the community.

In 2019, US Attorney General William Barr authored an open letter to Facebook, requesting the company delay its plans to deploy additional end-to-end encryption technology. A key objection raised by the Barr memo was that end-to-end encryption technologies “[put] our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions.” In addition to reiterating a previous law-enforcement position regarding “exceptional access” to encrypted records, the Barr letter outlined a new request: for technology providers to “​embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims.” In the two years since Barr’s letter, the scientific, policy and industrial communities have grappled with the implications of this request. A major topic of concern is whether existing server-side media scanning technologies — used to detect the presence of known child sexual abuse material (CSAM) — can be adapted to work in end-to-end encrypted systems. This work is largely referred to by the term “client-side scanning.” (We use this designation to refer to any system that performs scanning on plaintext at the client, even if some realizations may use two-party protocols.) This debate came to a head in August 2021 when Apple announced the inclusion of a new on-device CSAM scanning technology that is slated for inclusion in iOS 15. In this presentation the authors propose to discuss the background and provide a taxonomy of security and privacy risks related to client-side scanning systems.

No abstract