Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

S Moonesamy <> Sun, 17 December 2023 01:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6B9B7C14F5F8 for <>; Sat, 16 Dec 2023 17:05:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.704
X-Spam-Status: No, score=-1.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QwaAp2EhmeF0 for <>; Sat, 16 Dec 2023 17:05:45 -0800 (PST)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 47648C14F5F6 for <>; Sat, 16 Dec 2023 17:05:45 -0800 (PST)
Received: from ([]) (authenticated bits=0) by (8.15.2/8.14.5) with ESMTPSA id 3BH15RFS016615 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 16 Dec 2023 17:05:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1702775139; x=1702861539;; bh=WQLSFWGq7lzVUPPJrU9Gn1rpMhilnDKudI2VEmJApdc=; h=Date:To:From:Subject:In-Reply-To:References; b=oJZz9DPE/0Sy9xjg4K+VOe7aLJgtVLjxNf9NrzNqjWv6p6wODMTXKN00SJOptvKUH BpeDis3tDmyTriIbUp2z+aCOzaZdZnYf38x7Dkhyj/bpP3xVybmJqbZeg8gxl1Eyy4 C6J8s82Clm5shLe8wb+u4iksyTkL147oFd2xs0C8=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Sat, 16 Dec 2023 17:00:44 -0800
To: Brian E Carpenter <>,
From: S Moonesamy <>
In-Reply-To: <>
References: <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 17 Dec 2023 01:05:49 -0000

Hi Brian,
At 02:41 PM 16-12-2023, Brian E Carpenter wrote:
>That seems fairly clear to me. If open-source software does not allow,
>or actively prevents, mandatory scanning it would be illegal to use it. 
states that the law affects "platforms" with a monthly active 
recipients which is equal to 45 million or higher.  If I am not 
mistaken, the other details (please see 
) do not seem to target open-source software as such.

>In general, it's clear that the argument against standardising in-host
>scanning is almost identical to the argument against standardising
>wiretapping (i.e. RFC 2804). However, it's not a protocol issue, so
>the IETF would never standardise it anyway. Any scanning that happens
>before material enters the host is already covered by RFC 2804. Whether
>one agrees with the IAB or not (I do), IETF policy is already set.

The topic reminds me of OPES instead of wiretapping.  It sounds more 
like a matter for civil society.  There are civil society 
organizations which do advocacy on such matters.

S. Moonesamy