Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Eric Rescorla <> Tue, 19 December 2023 17:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 296BEC1AE971 for <>; Tue, 19 Dec 2023 09:45:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5-CTC2Y7vVS4 for <>; Tue, 19 Dec 2023 09:45:41 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 9EAAAC1AE96F for <>; Tue, 19 Dec 2023 09:45:41 -0800 (PST)
Received: by with SMTP id 3f1490d57ef6-db538b07865so3918533276.2 for <>; Tue, 19 Dec 2023 09:45:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1703007941; x=1703612741;; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZYoSdGvrfx1GWNAQOgkDm2wFcwM3Kw0+4rjDd4KXRL0=; b=VQdT+48HhKxcMhySm2XZnd3K5uJ2/yGL2SxBV6NHREw3RPfaHh21z8/8WRb4hVuBZd 77oUBt6dlx4iP0wcRYhHxvfVqpp8wGJJXXzOu5aK1AfhPsvZuEutWcqTqGnNbiueqQhu IOgUNAI9j9FQW66WSv9TKYql0kH7mVAJmPmbhIGgbTUuWk52f3UCsq/TISmUnhgHwftQ KmReImuSj4uCN9/shO1Yf2ryJhhqBi+tN4qHDOJebBcHyMjOmdcf9S6Rcjpl1Y4o+3TF a42SNFPh/BB+5cdq7PD2SJzWqRZAweR7x0M1J8Ai+v1Ay2/BvzbfTMinWzD+D0IxNg7j 02rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1703007941; x=1703612741; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZYoSdGvrfx1GWNAQOgkDm2wFcwM3Kw0+4rjDd4KXRL0=; b=UQHloGKcA25CXpBE5qRErYeQ1egdhpSytIF+E2clPjb157eibLggNLtbGyj/fq/2KD weP2HEAvp5YFy4CG5Qfrm4nLBbtbd6MoWcBv6QCC43vyx6ewwxIB/lCsQtlvme01PkOq aFfNpymK8hhaJUEUh6u9tZaP7Ez1j+dRCdHiU/5EJjDCY08SIc5HP46i16sjWDXeHoFO D69xN9TGXaFFnA3zZLN1Ybm1oXCpqrNV4gXi9kna+ozPw2IZJoI7AePBrpK8932l26Ym 81SOzET/jivx3nwjBqKW0jsAGjJNN00/uNs/+S9C3NlnJz9+2xdq/sbGs/B17Nn7CYhv Hxgw==
X-Gm-Message-State: AOJu0YwS2bX92ENQPlc+ZL5+spBOEYhyToUfbhFMV6v87POLrMm4KBY8 Y1p6WNCJnJMaiPP3csqlBcaqvOMJ70sh6GYAfUStOaWcmZqeTyiB
X-Google-Smtp-Source: AGHT+IEXRfRUSjx+WM2AYkOsWhs58VFzYHFIkMcxnDUWNTsWJuaoeC9uCAUKefXz98z82Ky+Mn5AeJv/xeuC4eGgt+M=
X-Received: by 2002:a25:dbcf:0:b0:dbd:73ce:1169 with SMTP id g198-20020a25dbcf000000b00dbd73ce1169mr495826ybf.75.1703007940766; Tue, 19 Dec 2023 09:45:40 -0800 (PST)
MIME-Version: 1.0
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <> <> <>
In-Reply-To: <>
From: Eric Rescorla <>
Date: Tue, 19 Dec 2023 09:45:03 -0800
Message-ID: <>
To: Vittorio Bertola <>
Cc: Andrew Campling <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="0000000000005c0cd8060ce06fc6"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Dec 2023 17:45:46 -0000

I'm no fan of Apple (or indeed any OS vendor) restricting which code users
can run, and of course iOS is even more restrictive. However, I'm also not
on the IAB, so I'm not sure why this message is in response to me.


On Tue, Dec 19, 2023 at 1:13 AM Vittorio Bertola <> wrote:

> Il 18/12/2023 23:14 CET Eric Rescorla <> ha scritto:
> ISTM that this is an example of a setting in which we have a term of art
> which is used in a way somewhat different from its literal meaning.
> Specifically, it is very common right now to have clients of various kinds
> scan for material that the recipient doesn't want to receive, such as in
> the case of spam filtering, virus scanning, or Apple's sensitive content
> warning [0]. In many if not most of those cases, the operator of the device
> opted into or at least actively wants that kind of scanning. I think we can
> agree that this type of scanning works to some extent and isn't
> incompatible with open source or open protocols. This is, of course,
> scanning that happens on the client, and I believe it's what Brian is
> referring to.
> What the IAB statement is referring to is something different, which is to
> say scanning which is imposed upon the operator of the device whether they
> want it or not, and is designed to stop the operator from sending and
> receiving certain classes of content.
> Great! So, could the IAB please tell Apple to stop preventing me from
> running on my MacBook Pro executables that didn't go through their app
> store or vetting process? A few days ago I tried to run "rar" via command
> line after getting it via Homebrew, and my laptop simply refused to do so
> because rar's developer isn't a friend of Apple, and in the end I had to go
> through a seven click process at the third level of the computer's settings
> just to be able to run rar. I never asked for this check, but apparently
> there is no way, not even a cumbersome one, to disable it permanently.
> Somehow, however, this kind of client-side scanning and blocking of
> content "imposed upon the operator of the device whether they want it or
> not" does not seem to be a problem for the IAB, but blocking CSAM is.
> --
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> Office @ Via Treviso 12, 10144 Torino, Italy