IETF Logo Mail Archive

Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 18 December 2023 23:38 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E22E2C151067 for <architecture-discuss@ietfa.amsl.com>; Mon, 18 Dec 2023 15:38:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xh08FQk_Tw_A for <architecture-discuss@ietfa.amsl.com>; Mon, 18 Dec 2023 15:38:21 -0800 (PST)
Received: from mail-oo1-f48.google.com (mail-oo1-f48.google.com [209.85.161.48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04BCC14EB17 for <architecture-discuss@ietf.org>; Mon, 18 Dec 2023 15:38:21 -0800 (PST)
Received: by mail-oo1-f48.google.com with SMTP id 006d021491bc7-5910b21896eso2388144eaf.0 for <architecture-discuss@ietf.org>; Mon, 18 Dec 2023 15:38:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702942701; x=1703547501; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eBYupRv75YC8IKHQQG7bhyqZ9xeuSeVHVWdopgtKftk=; b=e6VrC6e1ILezd9WzOfn+XHMPBT6kTITyuyYoLp06em0DoqrwZeXD5nc7EQEqqECk8R k/PU68wYMfuycvh4QBbMGdoy3HkkgNy7hCrN58gCb+wlS0tdOD1rUGxYwpKn5Lr3MwPt ojkHUcVQRoe4/eZGsds8N7wQ5W7iz/MwMStBowD/+PDylBnjcVayAeF22g3fPwvUp62R ojYEAPzsKG+cLOG0o9iS3WVF0G/FSjUULHbKew1A9KHgYOtYG/3VlG145voqgpN71ypQ CG47Lryh0nDx7VTXAe3PxeIAmzCQ3w4oCyYO+gpjD5eVw3w0/p92LBf61dJekwlgGsBV yYWw==
X-Gm-Message-State: AOJu0YxcXtIzC8oTvnpVbXJ6wRsZv/PXh8pUXv9xvEeJnyM1vHhfYgKz Yeay0DbYgRA/hhIA+xs8SFrWYk8mP295Oxh9l71XIx3gO1o=
X-Google-Smtp-Source: AGHT+IFoTtK5+w7WAzwpcggXjFmIRgyzbc8SzxTkVlPqLrEG/k7rJFBACnCfkv3YtlRJxHQoBg1VnuwYK41tdzkC6oQ=
X-Received: by 2002:a4a:98a9:0:b0:593:bf32:d897 with SMTP id a38-20020a4a98a9000000b00593bf32d897mr1071832ooj.0.1702942700913; Mon, 18 Dec 2023 15:38:20 -0800 (PST)
MIME-Version: 1.0
References: <170266952162.33107.14325064798861197261@ietfa.amsl.com> <6.2.5.6.2.20231216110256.18d0acd0@elandnews.com> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <CAKr6gn2Hf4N+DgKHKyO+i3T3OJyYRBJhH1AdQf-uXZ0xKmJ4Eg@mail.gmail.com> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <790032a6-24f6-60d1-fb60-4b44bd447bde@gmail.com> <fadd9250-4b31-4bf5-aa76-4f37d24fd650@cdt.org> <CABcZeBNQBw6tiW4+JSB_8J=si2ewzZfOaSxX0eU=UrMhDv+O2A@mail.gmail.com>
In-Reply-To: <CABcZeBNQBw6tiW4+JSB_8J=si2ewzZfOaSxX0eU=UrMhDv+O2A@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 18 Dec 2023 18:38:06 -0500
Message-ID: <CAMm+LwgMN0EHhsfAm+8Nyf0Uu2Z0rb2J-UpBwWke4OqHbV-u-w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Mallory Knodel <mknodel=40cdt.org@dmarc.ietf.org>, Andrew Campling <andrew.campling@419.consulting>, S Moonesamy <sm+ietf@elandsys.com>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>, "iab@iab.org" <iab@iab.org>, George Michaelson <ggm@algebras.org>
Content-Type: multipart/alternative; boundary="000000000000c2cd27060cd13eb5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/ikNAuDeNtPH5h2CKxXBUESqmuvc>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2023 23:38:26 -0000

On Mon, Dec 18, 2023 at 5:15 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Mon, Dec 18, 2023 at 12:17 PM Mallory Knodel <mknodel=
> 40cdt.org@dmarc.ietf.org> wrote:
>
>> Hi,
>>
>> On 12/18/23 2:22 PM, Brian E Carpenter wrote:
>> > Andrew,
>> >
>> > On 18-Dec-23 23:43, Andrew Campling wrote:
>> >
>> > ...
>> >> Reflecting further on the IAB statement, I do believe that the lack
>> >> of inclusion of a clear definition of client-side scanning within the
>> >> IAB's statement is problematic. I suspect that the real issue relates
>> >> to the results of that scanning being shared with a third party
>> >> without the knowledge of the user rather than the scanning per se.
>> >
>> > The statement is about *mandatory* scanning, which clearly implies
>> > that an official third party is involved.
>> >
>> > IMHO, it should be my choice whether my email agent is set up to
>> > detect occurrences of "Scunthorpe" in incoming email. Alternatively,
>> > it should be my choice whether my mail service provider performs that
>> > check for me. But none of this is a protocol issue, or a protocol
>> > security issue, so however bad one believes the societal harm to be,
>> > I'm at a loss to see why it's an IETF issue.
>> >
>> I just came back here to address the scanning, too. This line that
>> client-side scanning "isn't well defined" or "means too many things" is
>> just utter smoke and mirrors. Quite the opposite-- because there are so
>> many ways to violate a person's civil liberties by breaking into their
>> agents and devices means that *all* of them are to be rejected, early
>> and often, despite their inner workings.
>>
>
> ISTM that this is an example of a setting in which we have a term of art
> which is used in a way somewhat different from its literal meaning.
>
> Specifically, it is very common right now to have clients of various kinds
> scan for material that the recipient doesn't want to receive, such as in
> the case of spam filtering, virus scanning, or Apple's sensitive content
> warning [0]. In many if not most of those cases, the operator of the device
> opted into or at least actively wants that kind of scanning. I think we can
> agree that this type of scanning works to some extent and isn't
> incompatible with open source or open protocols. This is, of course,
> scanning that happens on the client, and I believe it's what Brian is
> referring to.
>

This type of scanning is really a bandaid for defects in the protocol.

SMTP lacks authentication and there is no contact exchange protocol so
there is no native mechanism for setting up access control on message
receipt. DKIM authenticates the service, not the sender.

Early spam filtering did rely heavily on content filtering but that
approach has become less and less important as there are trivial
countermeasures that present a massive asymmetric work factor to the
advantage of the abuser.

Modern filtering is relying much more on metadata.




> What the IAB statement is referring to is something different, which is to
> say scanning which is imposed upon the operator of the device whether they
> want it or not, and is designed to stop the operator from sending and
> receiving certain classes of content. As you note, it's common practice to
> refer to this and not the type of scanning in the previous paragraph as
> "client-side scanning" (in contract to "server-side scanning"), but it's
> really the mandatory part of it that makes it distinct from other cases in
> which scanning happens on the client.
>
> -Ekr
>
> [0] https://support.apple.com/en-us/HT213834
>
> -Mallory
>>
>> > The IAB statement is about the effect of specific government
>> > requirements that "undermine end-to-end encryption", and that *is* a
>> > protocol security issue, so it's a legitimate topic for the IAB and
>> > the IETF.
>> >
>> >     Brian
>> >
>> > _______________________________________________
>> > Architecture-discuss mailing list
>> > Architecture-discuss@ietf.org
>> > https://www.ietf.org/mailman/listinfo/architecture-discuss
>>
>> --
>> Mallory Knodel
>> CTO :: Center for Democracy and Technology
>> newsletter :: https://internet.exchangepoint.tech
>>
>> _______________________________________________
>> Architecture-discuss mailing list
>> Architecture-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/architecture-discuss
>>
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss
>

v2.23.0 | Report a Bug | By Email