Tristan Karl
2/11/2024
Article Review #1 Bugs in our pockets: the risks of client-side scanning | Journal of
Cybersecurity | Oxford Academic (oup.com)
Author: Harold Abelson
Student: Tristan Karl
Department of Computer Science, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor: Diwakar Yalpi
Due: February 11, 2024


I. Introduction
CSS (client-side-scanning) is a method of monitoring information on users’ devices for targeted
information. While this technology has potential advantages for government agencies it also proposes
serious privacy risks for users.
II. Privacy and Security Risks
Currently, monitoring is accomplished by individual websites and servers monitoring users’ inputs into
the system and searching for targeted information. This targeted information varies by website and
server and even country. This results in false positive reports being submitted and causing countless
hours of human moderation to document and classify this information. This painstaking process can be
avoided by implementing CSS. This is all related to the escalated crimes being committed and the ever-increasing complexity of technology. With CSS, organizations can monitor all information on a user’s
device, including sensitive information. This would potentially lead to an erosion of trust between users
and organizations implementing CSS.
III. User Control
CSS offers users the ability to customize the scanning settings. This also potentially means that people can take it a step further and disable the scanning process, thus removing the ability to identify and
prevent malicious activity. Without the ability for organizations to monitor for targeted information to
help improve criminal investigations; we could potentially see a rise in crime committed if people feel that they can evade investigators.
IV. Degraded User Experience
Due to the constant scanning of user’s devices being used, this can also adversely affect device
performance. Slower device performance and an increased battery consumption both result in a less
desirable user experience. This is doubly so for users with older devices that already have performance
issues. The only way to compensate for this would be to change the settings on the scanning resulting in
a less secure network.
V. Offline Security
Tristan Karl
2/11/2024
While this technology may have some negative drawbacks it does also provide users with offline
protection. For devices that are not connected to the internet, this technology can search for malicious
code on devices, enhancing users’ cybersecurity.
VI. Principles of Social Science
This article utilizes the principles of social science by relating user privacy to increasing cybersecurity. By
increasing the overall cybersecurity, it could potentially reduce or eliminate user privacy. Also, this
article takes a neutral stance by not only pointing out the negatives of this technology, but also
highlighting the positives. This technology, if used by responsible organizations, can be extremely helpful
in investigative efforts to bring people to justice. The author does an excellent job of breaking down
complex terms in the article and simplifying it for readers convenience. This is an important concept for
people who are “not in the know” of current technological terms. This allows others to use their
presented information to conduct their own research.
VII. Research Methods
While this article does not conduct surveys or case studies, it references many sources and cites many
regulations regarding security policy and is knowledgeable on the function of these scanning tools. It is
incredibly important to conduct as many methods of research as possible to get the best results for
whatever experiment you are working on.
VIII. Overall Contributions
This article offers a detailed description of how CSS functions and while the author dissuades the use of
this technology, it gives other researchers the necessary information to conduct their own experiments
to hopefully improve the technology, thus improving the relationship between the desire for user
privacy and aiding investigative agencies. The author highlights the differences between current
moderating technologies and CSS which is helpful to people who are new to the world of cyber security
learn about the different methods organizations can employ.