Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Christian Huitema <> Mon, 18 December 2023 02:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DA92FC14F5E8 for <>; Sun, 17 Dec 2023 18:25:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id afcMfR75Wkmf for <>; Sun, 17 Dec 2023 18:25:39 -0800 (PST)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 11E48C14F5E0 for <>; Sun, 17 Dec 2023 18:25:38 -0800 (PST)
Received: from ([] by with esmtp (Exim 4.92) (envelope-from <>) id 1rF3K3-00GDZd-IM for; Mon, 18 Dec 2023 03:25:37 +0100
Received: from (unknown []) by (Postfix) with ESMTPS id 4StkFT4q8Zz5Rg for <>; Sun, 17 Dec 2023 18:25:33 -0800 (PST)
Received: from [] ( by with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <>) id 1rF3K1-0001Sx-Ft for; Sun, 17 Dec 2023 18:25:33 -0800
Received: (qmail 24232 invoked from network); 18 Dec 2023 02:25:33 -0000
Received: from unknown (HELO []) ([]) (envelope-sender <>) by (qmail-ldap-1.03) with ESMTPA for <>; 18 Dec 2023 02:25:32 -0000
Message-ID: <>
Date: Sun, 17 Dec 2023 18:25:32 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Andrew Campling <>, "" <>
Cc: "" <>, S Moonesamy <>
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
From: Christian Huitema <>
In-Reply-To: <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results:; auth=pass smtp.auth=
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8yhht8OYqy+MWuagqrhPQqPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5yLNgi2F4M0RbknB3BDmsRxyINTMb4kYMD15j85Ktbckyo/ xMM0hxORRmMMI7DUTwj4UrZg7F3bgkXu6znHDxKG5g+sHZmT3CLVmxntdIVybVy+BbGrglZA45nG CXVN8lqeyrhzWminYO4gRGXn3bDVBVisGv8MyVI5ms3guyJnGkxuudlO7cIvoln0zkt2m8EUOled bu+r9+W9cDXvzL3SSWV8YAcIRnuu1cV/qMovTNvifT4GqBfEkB7aN5XuM7B02nkLZSrmz+olE44+ sjwESum7gC1WgO/NiysYOr0Zp4PDdWi4V6nXPowtUXJ1bnedw+XGlIW1bb6iLQaqIs5BLfTttFI5 MCNL/izpcNORuAUvossjam0/HVDFzCeLVAjI+ht+2XwDC3Hj+WjRz7dukQbqbub9Z8raDZ3Nd/Bn xBCILRF8l4+kt0g70XjHFfE11Iy42FkLdf+cZ0MpjKD7IK/1NH5THMtlYvyHAYGOGqz2oidVuoQM okQutY3pHcCHFzboKDhGx0chVC6Uo5u42dYfx3w0UOSIPFYT7DxPDYMYWZBlFrwsfZBHs6TDWwBl NEbSfKDUSzq1gjpI3rhFvShrWNPoUe4XQjh/lQh+Bg0aI0lYszZdHHv7O7tD/W+zoo6HN0gmX1qd UY5I1gsP7yFM015AwIoiYphoS1BbktpYWiHrV3woNSXQFazsCnzuNleIdpycZ3IEQq6Oo3uvVKBS Lw97CHD9X4STzOgf/BHVA/dv2/nNkRbOXFpByFXF7frl545kYNXXEUyt/ygsN+xaPV6oNm0AvN9X KQ2odSnHNHehVrUO5S3A7JqdQkBtALl6tE9e8KCaN2ryngAyLMuuOzJ9M8JhswIt2Z/mHbYUTYLO yIOJf1xK6WJ94JWUyhbmk5dfVtyEqvftSoi7BEhlPsvn43YI7nWcYkz4vjBtUD9+Z7GHz/OHPkRS tyombmeTgFKBgc4kmBS2brus198cbJqk/JfQEZbE2pQGnw==
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 02:25:42 -0000

On 12/17/2023 4:44 PM, Andrew Campling wrote:
> At 8:08 PM 16-12-2023, S Moonesamy<>  wrote:
>> I would like to commend the members of the IAB for acknowledging the concern about societal harms.
> The document states that "The IAB shares concerns about societal harms through the distribution of illegal content and criminal action on the Internet and recognizes the need to protect Internet users from such threats".  Whilst the document rules out the use of client-side scanning (a definition of which could usefully be added), it does not go on to indicate how the IAB recommends Internet users should be protected from such threats; is there a plan to produce a separate document that addresses this important issue?

The current police powers seem sufficient to catch these criminals. See 
for example the recent arrest of 80 alleged pedophiles in France 
The article is a bit short on how the police did it, but it smells of 
old fashioned police work, infiltrating networks, seizing documents and 
eventually rolling up these networks.

The hoopla in Europe seem to have been whipped up by a "non profit" 
organization that wanted to sell Artificial Intelligence systems to the 
police, and somehow required access to clear text exchanges for their 
system to work, be sold to the police, and make them money. It was 
probably amplified by police organizations in search of extra 
surveillance powers (e.g., Europol). The whole thing was debated in the 
European parliament, where the proposal was voted down.

-- Christian Huitema