Once limited to military and intelligence agencies, cryptographic tools became widely available with the invention of the PC around the turn of the 20th century, providing a means for users to encrypt and secure their private data and communications. This was met with intense resistance from Law Enforcement officials who believed it served to hinder legitimate investigations. To circumvent the encryption and decryption problem, many jurisdictions are pushing for an intrusive solution known as Client-Side Scanning which comes with profound ethical considerations; CSS lives on a client’s device where data can be obtained without requiring it to be in transport, regardless of encryption status; it has the potential to be used disproportionately against marginalized groups, and it intersects with core sociology concepts such as individual agency and institutional trust (Abelson et. Al, 2024).
While not an empirical study, Abelson et al. presented some important ethical research considerations such as who’s interest was being served by implementing client-side scanning, how could it be abused or even circumvented by the perpetrators it was originally meant to catch, and how could this technology be utilized by malicious governments or bad actors? Perhaps their most important questions were if the technology could be implemented without undermining privacy, who controls the scanning criteria, and what prevents abuse? Their analysis focused on prior case studies, technical literature, assessment of risk concerning Client-Side Screening, and the privacy implications of it.
Another concern raised by Abelson et al. with client-side screening has to do with the integrity of machine learning models and perceptual hashing algorithms utilized to detect the targeted content. On top of demonstrating common failures within models, they also discussed how adversaries could manipulate these systems by changing the hash of legitimate target items to match those which are unrelated. Marginalized groups could be targeted through this manipulation as Abelson pointed out, showing how these systems can be weaponized to suppress dissent and discriminate.
From a social sciences perspective, CSS is a huge challenge to the balance of security vs privacy and personal autonomy. The broader societal impacts of it cannot be ignored; by embedding CSS in user devices, traditional legal safeguards would be avoided at the cost of user trust being significantly eroded. Once these technologies are implemented, their scope can be easily increased – further increasing the risk of improper utilization. What was meant to detect illegal content could quickly be utilized for unethical surveillance, monitoring of political speech, and violation of individual privacy rights.
While promoted as an autonomous solution to sensitive, often illegal content such as CSAM, the reality of Client-Side Screening is that it adds complexity to an already complex environment, has too much potential for misuse by legitimate or unauthorized users, and creates more problems than it solves. It violates core security engineering, undermines legal safeguards, and could threaten marginalized groups, all while offering a less than 0 percent chance of error during trivial tasks like image recognition. The societal contribution of the work from Abelson et al. arises from their call for transparency, restraint, and public oversight; Technologies which claim to protect must not be implemented if they will in turn violate the freedom of individuals, especially if their deployment normalizes mass surveillance and erodes the democratic principles this country is founded upon. “In the end, we find no design space for solutions that provide substantial benefits to law enforcement without seriously risking the privacy and security of law-abiding citizens.” (Abelson et al, 2024).

References:
Abelson, H., Anderson, R., Bellovin, S. M., Benaloh, J., Blaze, M., Callas, J., Diffie, W., Landau, S., Neumann, P. G., Rivest, R. L., … (2024). Bugs in our pockets: The risks of client-side scanning. Journal of Cybersecurity, 10(1), tyad020. https://doi.org/10.1093/cybsec/tyad020