Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Phillip Hallam-Baker <> Mon, 18 December 2023 02:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 694D2C14F5E8 for <>; Sun, 17 Dec 2023 18:54:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.404
X-Spam-Status: No, score=-6.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aCf6cYD1GyuQ for <>; Sun, 17 Dec 2023 18:54:03 -0800 (PST)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 3B007C14F5F2 for <>; Sun, 17 Dec 2023 18:54:03 -0800 (PST)
Received: by with SMTP id 46e09a7af769-6da2e360861so1544389a34.1 for <>; Sun, 17 Dec 2023 18:54:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702868042; x=1703472842; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5VffQomgW0v+bK6SyQTRAqkhMHWo951VWOr6eR0iZuc=; b=Y8gmkquy/wr2maTVgO9/HudLzPl4178SSKlYw5DXKtboDRQk+WnzmBCp9AcCaTdFZS PcYMu3SyH/g0vlXmUlLMhmYYXcEOl6BIJOeeOe9R7UOVHomfXtCzK9hifJmXXgMDk3an KN6PIZEbtOJFYc0Cjuz+i3GauDrTCY1DawUAtMcAQECUhUR0hZRgRXV9Z5npgBuTN3zu iLPkwZVtqj3+3bdpRh+YXlwfu2d6kwugmh30VvCoYAERjj++uNM/K3QtDQ+uuW8oBsTv EaP/Z8zRzMzgOcV90kUoX+iIZs5HPwlN/68y4JIdJvaC5bOjDwZMEXDdN5DG1dFcNiAj OAfg==
X-Gm-Message-State: AOJu0YygLitBRGSVawBfLky0+X48VG8tXzK5aSVU05o5g2J1KWoBdTfH Suz2Njrz7q01Wf6oLfG89cukRvzu9pAQXPR3Vk2epq8RPXs=
X-Google-Smtp-Source: AGHT+IFQt7jNUyFpPvJr2DePZkeK3NXCQgIbCRVxfGsnXypY7iatdAKfEh3TM4iJaMYkJyrw2oBwgpDWK+9kxz+zm3E=
X-Received: by 2002:a05:6830:3207:b0:6d9:d132:f021 with SMTP id n7-20020a056830320700b006d9d132f021mr6213231ott.36.1702868042313; Sun, 17 Dec 2023 18:54:02 -0800 (PST)
MIME-Version: 1.0
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Sun, 17 Dec 2023 21:53:50 -0500
Message-ID: <>
To: Christian Huitema <>
Cc: Andrew Campling <>, "" <>, "" <>, S Moonesamy <>
Content-Type: multipart/alternative; boundary="000000000000c2f557060cbfdc49"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 02:54:07 -0000


Any rational policy making has to begin with a statement of goals and ask
what is the best and most reliable means of achieving them.

Deployment of intercept capabilities is a means, not a goal. The criminals
have been using countermeasures against intercept for a very long time and
they have been using secure E2E applications since the mid 1990s. And they
are pretty ineffective for pedophile groups attempting to recruit new
members from outside their circle.

Infiltration rather than intercepts is the strategy that is delivering

On Sun, Dec 17, 2023 at 9:25 PM Christian Huitema <>

> On 12/17/2023 4:44 PM, Andrew Campling wrote:
> > At 8:08 PM 16-12-2023, S Moonesamy<>  wrote:
> >
> >> I would like to commend the members of the IAB for acknowledging the
> concern about societal harms.
> > The document states that "The IAB shares concerns about societal harms
> through the distribution of illegal content and criminal action on the
> Internet and recognizes the need to protect Internet users from such
> threats".  Whilst the document rules out the use of client-side scanning (a
> definition of which could usefully be added), it does not go on to indicate
> how the IAB recommends Internet users should be protected from such
> threats; is there a plan to produce a separate document that addresses this
> important issue?
> The current police powers seem sufficient to catch these criminals. See
> for example the recent arrest of 80 alleged pedophiles in France
> (
> The article is a bit short on how the police did it, but it smells of
> old fashioned police work, infiltrating networks, seizing documents and
> eventually rolling up these networks.
> The hoopla in Europe seem to have been whipped up by a "non profit"
> organization that wanted to sell Artificial Intelligence systems to the
> police, and somehow required access to clear text exchanges for their
> system to work, be sold to the police, and make them money. It was
> probably amplified by police organizations in search of extra
> surveillance powers (e.g., Europol). The whole thing was debated in the
> European parliament, where the proposal was voted down.
> -- Christian Huitema
> _______________________________________________
> Architecture-discuss mailing list