Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Phillip Hallam-Baker <> Mon, 18 December 2023 19:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7AD25C14F6AF for <>; Mon, 18 Dec 2023 11:12:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.406
X-Spam-Status: No, score=-6.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id or5OeRgwnjMq for <>; Mon, 18 Dec 2023 11:12:56 -0800 (PST)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id A9282C14F682 for <>; Mon, 18 Dec 2023 11:12:56 -0800 (PST)
Received: by with SMTP id 006d021491bc7-591341db3a1so2340611eaf.3 for <>; Mon, 18 Dec 2023 11:12:56 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702926775; x=1703531575; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VlI5jAJBRC9+kKRv1YwjkcR2ZJHbrMTRN2JnIEpVGrQ=; b=Efp8ontU3rohtzftqg+7ttrbU/1oPHaC9J6gKS12ee+F3yjW1/sEhaASO3GfenPBpX wCVQkX9sGFzsMagpu/W56UXV7a80bGGUHa/ViBEEq4ghHEX2ciCySZPs32duwAS8BBe6 lDcspEAda6E09K09PbbUgBs5jwVvJ8XSsTDDSsT+Gt0Luvt8jqrXiBU+B42Ge8IinLhK sCHGNjW00sCee9Pr9RhaZqCO9f4p/Pv0u4CfkHghf+xAMxk0IojwaR/lYt7kDftSlALE J+YDm+YUyp3lLiY6T+n/Zd5DR1MUPVGcV6F3VpwKLof46QmVhQ0htw5eD4kbAtkvxWs3 MhiA==
X-Gm-Message-State: AOJu0YyXi9S7a+hGk2vwQbUbGJQ0VCorqj7RxKVOK5Mw0gcz5wNRp3ZS wTkfOchhr6tbCPV5rtca3rAuALVr42daHQbigyXFmZO9F4w=
X-Google-Smtp-Source: AGHT+IHUSA3uecD0yiiOAG6Rm9hEP8Ka4ALLoYI91FR3nLaz7rGuhHQUz5kCnco0zhjlEi8Al1dzRwTPr3NNn8hI7p8=
X-Received: by 2002:a05:6820:2224:b0:58d:9942:b49 with SMTP id cj36-20020a056820222400b0058d99420b49mr14739774oob.9.1702926775426; Mon, 18 Dec 2023 11:12:55 -0800 (PST)
MIME-Version: 1.0
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Mon, 18 Dec 2023 14:12:41 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="0000000000008723c9060ccd8991"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 19:12:57 -0000

This is an important discussion. But I get the feeling that a core problem
both here and among the policy makers is the notion that opponents of
regulating use of cryptography don't understand the uses made of strong
encryption by terrorist groups to evade intercept capability.

When I was 18, I woke to the news that the Provisional IRA had attempted to
assassinate my cousin along with other members of the British cabinet. Some
years late, I learned that my MP, Peter Morrison had been arrested on more
than one occasion for offenses committed in a children's home. Instead of
prosecuting him, he was made party vice chairman so they could 'keep an eye
on him'. Meanwhile in the US, well known politicians of both parties
eagerly sought the endorsement of Gerry Adams, the leader of the PIRA and
attended numerous fundraisers to buy bullets and bombs knowing full well
that they were building their political careers on the murder of civilians.

I have been a consistent advocate for effective measures to oppose the use
of violence to effect political ends. Stopping the terrorists getting
access to guns, bullets and the means to make bombs has a proven record of
being effective. I have absolutely no sympathy for the position that means
of communication must be regulated while access to instruments of death
must be entirely unfettered.

When I met Tim Berners-Lee in 1992 and he showed me the Web, I joined the
project because I saw it as a continuation of the work done across Eastern
Europe during the cold war. The Soviet Union had just collapsed because the
weight of free expression was too much for the corrupt dictatorship to bear.

Several people have made the argument that governments aren't interested in
these issues. Which comes as a surprise to those of us who know what 'HM
Cabinet Office' means on a name badge. If certain people found a certain
presentation in Singapore incomprehensible, it was because they weren't the
intended audience. I was telling certain people that I was fed up of
certain criminal parties being allowed to act with impunity so that our own
illegals don't end up having a hard time. If the actions of certain parties
are so flagrant and obvious that someone like myself who does not have a
clearance can see what they are up to, something is up. One of those
individuals has since been arrested and served time, the other has not but
the FBI officer who I understand to have been heading the counter-intel
desk in charge of that case has just received four years for taking bribes
from a foreign operative.

So in case it's not obvious, I am doing the same here. HMG doesn't have the
travel budget post-Brexit but they can afford to subscribe to a mailing
list or five hundred. So let me make the case with CLARITY.

To be effective, the IAB case must stick closely to its established field
of expertise. There is an established form for such submissions.

1) Statement of authority: Who is speaking and why do they have it.
2) Describe the argument being disputed
3) Introduce evidence
4) Demonstrate that the disputed argument is flawed

It has been asserted by the proponents of client side scanning that this
technology can be deployed in an effective form without impact on the right
of freedom of expression. It is not the IAB that has brought up human
rights, the technology proponents did when they attempted their prebuttal.

The point I would begin with is that the Internet is an international
infrastructure that by design lacks a central point of control. To be
viable, any technical proposal must work for every user of the Internet
regardless of which country they are a citizen of, which country they
reside in or which country they currently happen to be visiting.

If an intercept capability were to be deployed for use by Western
governments, the same capabilities would have to be shared with foreign
governments and those intercept capabilities could not be limited to
intercepting communications by their own citizens, residents or even
communications originating or passing through their territory.

The problem of abusing intercept capabilities is not limited to the likes
of corrupt FBI officers such as McGonigal. The PRC uses the term
'Information Terrorism' to refer to what we in the West call 'freedom of

Client side scanning is a form of constrained intercept. To be effective,
the scanning application must disclose metadata and results of analyzing
content data to an external party. If HMG is successful in forcing
deployment of client-side scanning to deter content it finds objectionable,
dictatorships will demand scanning to deter content they find
objectionable. Resisting such demands from convenient dictatorships is
likely to prove even more challenging.

To be effective against the targeted groups, any form of intercept,
including client-side scanning must be pervasive or the targeted
groups will simply switch to an infrastructure that is not subject to the
requirements. Thus a proposal limited to the largest platform providers
must inevitably be expanded to apply to every provider or the entire point
is lost.

My own end-to-end secure messaging technology allows anyone to become a
service provider and for users to choose their service provider and to
change that choice at any time. It is thus straightforward for a UK citizen
to make use of a service provider in Argentina, they can even be their own
service provider if they choose.

As with many naive security mechanisms, client side scanning is a
technology that requires the constant addition of epicycles to save the
appearances. Like Brexit it only sounds like a great idea when condensed to
a slogan to fit on the side of bus.