Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Hesham ElBakoury <> Mon, 18 December 2023 22:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 32A5BC14CE53 for <>; Mon, 18 Dec 2023 14:59:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QHr2ybTv2k75 for <>; Mon, 18 Dec 2023 14:59:44 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id DB98EC14CE29 for <>; Mon, 18 Dec 2023 14:59:44 -0800 (PST)
Received: by with SMTP id 41be03b00d2f7-517ab9a4a13so2963793a12.1 for <>; Mon, 18 Dec 2023 14:59:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702940384; x=1703545184;; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n2+JNTei4nP1Q+9gC5Ah4SUIaroUPoJaQFMbQrrmUlc=; b=iY0ZGyha4afKsYd5xakzgirYXVr7wqmLl4OYaRfBa0T4IRi7fPz9Fx4VOGCNgp/U/h P2xLR2Uk6OSowHcdACUnwT35/v5d5GR+6FJ9mM3t1t4hYjdegeudrymozutUiG7nnxFa 2mf5NQxaVuFx1bDSw5J6QBN0wafY88d1heEQH7zZ7vzCI7Pq/0wUTdjSk1z5yQjwrCer 5MPSYg21qJSOBN9E8IPQWKXVxNW0Eqx5iPSZd6k9cb3mOZkG4asjMabbsxDhowHSGLG4 CmlMQ7Ylka7quDggPMfWL//N2F2jW1Bip6f3oxtdqiIOBIEjyq309JYH+Pz36s28m22M EcMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702940384; x=1703545184; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n2+JNTei4nP1Q+9gC5Ah4SUIaroUPoJaQFMbQrrmUlc=; b=trwvlzTo9cWLJE+urP1ZJeR83zy/2KoMvKAt9kF8etrlxXqFIFiHSoSP3oi6AuA7gJ lOjVzKzPywDaKzf14N7o79gUFvCT21reLQX0PhrCG/iNGXuYMf71Ln57T5HjDIp8o74v qx4rAbAbX6d4MvrmQ85PvcrmR8sWCsb0f0MW6//C2HWeDqKO/lcWCaaAwin+NJOef0Gj sRUs3/lbaLQ6OIV0sGcuRCMo8wTMCPl2yUtCPMc912bw7WVXQOtjJOsWbQwThY0C7z8V QhRv/UxB7OvbRm6br8Swl5MLjLLm131g69NGVdKCEwGL2Do+A+FlD7BNLc+MTCmBr7tQ RTnw==
X-Gm-Message-State: AOJu0Yxs2tWmMJUi6JtQZQPu+gJoQlQd3Vs9xYQ2l0Y3z3cv8oPqu6cd dmGKcbOnkO6yknpjvdppAI9u3NWMVndmNLT13QI=
X-Google-Smtp-Source: AGHT+IGSbNhXg00bq4Sx0oNtLfYoo+vSEiiBhv0l8VI9Y4i9I82UyNOzTsz7Tn7Whd3SsBivk3j9oo/9l503RoYr9qc=
X-Received: by 2002:a17:902:dace:b0:1d3:d9d3:6a4d with SMTP id q14-20020a170902dace00b001d3d9d36a4dmr568210plx.83.1702940384094; Mon, 18 Dec 2023 14:59:44 -0800 (PST)
MIME-Version: 1.0
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <> <02ae01da31f2$80580630$81081290$> <>
In-Reply-To: <>
From: Hesham ElBakoury <>
Date: Mon, 18 Dec 2023 14:59:33 -0800
Message-ID: <>
To: Mallory Knodel <>
Cc: Adrian Farrel <>, Andrew Campling <>, IAB <>,
Content-Type: multipart/alternative; boundary="000000000000aaeff4060cd0b455"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 22:59:49 -0000

Nubeva has developed technology to extract TLS keys to be used by 3rd party
tools to decrypt and inspect the traffic [

Would this violates client privacy?


On Mon, Dec 18, 2023, 1:35 PM Mallory Knodel <mknodel=> wrote:

> On 12/18/23 3:40 PM, Adrian Farrel wrote:
> Mallory,
> Let's cool it a bit. Saying that someone's argument is "just utter smoke and mirrors" is coming on too strong for debate in our environment.
> Hi Adrian,
> You're right-- that would be an uncool thing to say in response to one
> person. In this context, that is what happened and I am sorry. In the
> broader context, the argument has been made widely at this point and
> doesn't belong to one person, which is why I felt the need to highlight it.
> It might be helpful to provide a pointer to a definition that you find helpful and clear. (We can argue about whether the IAB statement would have been better including the definition or a pointer to it, but since the statement has been published, we must focus on the discussion that follows).
> I find to be helpful both in definitions and reasoned discussion.
> Thanks for digging up that resource. The statement includes several
> resources that have the luxury of many pages to carefully elaborate these
> things. I like the "bugs in our pockets"[0] paper, too.
> However, the ISOC resource does not include computer vision techniques
> that would detect novel content. Nor does it discuss where on the device or
> at what exact point the scanning occurs. I'm not critiquing the ISOC
> paper-- it's fantastic. I'm merely demonstrating the risk with presenting a
> definition that a slight tweak to the design and that definition no longer
> applies, thus negating the two arguments made in the statement, which do
> not in fact depend on how the scanning is done.
> Cheers,
> Adrian
> PS, If someone wants to fix the citation indexes at, that would be very welcome
> Leaving out a definition was not an error.
> -Mallory
> [0]
> -----Original Message-----
> From: Architecture-discuss <> <> On Behalf Of Mallory Knodel
> Sent: 18 December 2023 20:17
> To: Brian E Carpenter <> <>; Andrew Campling <> <>; George Michaelson <> <>
> Cc:;; S Moonesamy <> <>
> Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
> Hi,
> On 12/18/23 2:22 PM, Brian E Carpenter wrote:
> Andrew,
> On 18-Dec-23 23:43, Andrew Campling wrote:
> ...
> Reflecting further on the IAB statement, I do believe that the lack
> of inclusion of a clear definition of client-side scanning within the
> IAB's statement is problematic. I suspect that the real issue relates
> to the results of that scanning being shared with a third party
> without the knowledge of the user rather than the scanning per se.
> The statement is about *mandatory* scanning, which clearly implies
> that an official third party is involved.
> IMHO, it should be my choice whether my email agent is set up to
> detect occurrences of "Scunthorpe" in incoming email. Alternatively,
> it should be my choice whether my mail service provider performs that
> check for me. But none of this is a protocol issue, or a protocol
> security issue, so however bad one believes the societal harm to be,
> I'm at a loss to see why it's an IETF issue.
> I just came back here to address the scanning, too. This line that
> client-side scanning "isn't well defined" or "means too many things" is
> just utter smoke and mirrors. Quite the opposite-- because there are so
> many ways to violate a person's civil liberties by breaking into their
> agents and devices means that *all* of them are to be rejected, early
> and often, despite their inner workings.
> -Mallory
> The IAB statement is about the effect of specific government
> requirements that "undermine end-to-end encryption", and that *is* a
> protocol security issue, so it's a legitimate topic for the IAB and
> the IETF.
>     Brian
> _______________________________________________
> Architecture-discuss mailing listArchitecture-discuss@ietf.org
>  --
> Mallory Knodel
> CTO :: Center for Democracy and Technology
> newsletter ::
> _______________________________________________
> Architecture-discuss mailing list