Even before Apple made [its announcement](), law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn't touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It's not a cryptographic backdoor, but it's still a backdoor -- and brings with it all the insecurities of a backdoor. I'm part of a group of cryptographers that has just published a [paper]() discussing the security risks of such a system. (It's substantially the same group that wrote a similar paper about [key escrow]() in 1997, and other ["exceptional access" proposals]() in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it's a really bad idea. We had been working on the paper well before Apple's announcement. And while we do talk about Apple's system, our focus is really on the idea in general. Ross Anderson wrote a [blog post]() on the paper. (It's always great when Ross writes something. It means I don't have to.) So did [Susan Landau](). And there's press coverage in the _[New York Times]()_, the _[Guardian]()_, _[Computer Weekly]()_, the _[Financial Times]()_, _[Forbes]()_, _[El Pais]()_ (English [translation]()), _[NRK]()_ (English [translation]()), and -- this is the best article of them all -- the _[Register]()_. See also [this analysis]() of the law and politics of client-side scanning from last year.