Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

S Moonesamy <> Sat, 16 December 2023 20:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D5C79C14F5F9; Sat, 16 Dec 2023 12:09:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.131
X-Spam-Status: No, score=-0.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lnSes7iDQcVY; Sat, 16 Dec 2023 12:08:56 -0800 (PST)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 2F9D2C14F5E7; Sat, 16 Dec 2023 12:08:56 -0800 (PST)
Received: from ([]) (authenticated bits=0) by (8.15.2/8.14.5) with ESMTPSA id 3BGK8gIh023898 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 16 Dec 2023 12:08:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1702757334; x=1702843734;; bh=4ZFcpLPhaFAq1lPMcw5Yy84e1Jl4bgqpd3l0zQe43t0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=MAXeenkK9mjnjjdJ5iCo/OyUnvNnpgdAR/1QKvCMw4IV2C9XcK8ZW2N6qBeEWmqCk pRi/93pEsXVEBOH7ErmwBox7YKcmJwmAWE4Ufd/qpX1NLNwLcefhYxvtp9pCD+Ob3a FnuiGjxsc58Im6wVF1Qsg590kyTWQZ2UlVLS+ykU=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Sat, 16 Dec 2023 12:07:44 -0800
From: S Moonesamy <>
In-Reply-To: <>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Dec 2023 20:09:00 -0000

Dear Internet Architecture Board,
At 11:45 AM 15-12-2023, IAB Executive Administrative Manager wrote:
>The Internet Architecture Board has posted a new IAB Statement on 
>Encryption and Mandatory Client-side Scanning of Content.

I was a bit surprised when I saw the statement about encryption and 
mandatory client-side scanning of content as I was not aware that it 
was a matter of interest to the Internet Architecture Board (IAB).

The statement starts with a paragraph about supporting human rights 
with respect to privacy and freedom of opinion.  The second paragraph 
quotes legislation being in the United Kingdom, the European Union 
and the United States as "policy proposals".  The term used is a bit 
odd.  Is the IAB providing input to the legislators in those countries?

There is a paragraph about government control into 
communication.  The paragraph ends with a statement about the IETF 
Community.  Did the IAB or any of its members seek the opinion of the 
IETF Community?  If so, I would appreciate a pointer to where the 
discussion happened.

I am at a loss on how mandatory use of client-side scanning could 
restrict the use of open-source software as the statement does not 
explain that.

I would like to commend the members of the IAB for acknowledging the 
concern about societal harms.  I do have some reservations about the 
rest of the sentence.  For example, the definition of "illegal 
content" varies across countries.

I could not find the document referenced as "[7]".  Could you please 
share the reference?

As a nit, the reference to RFC9490 points to an I-D.

S. Moonesamy