Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

S Moonesamy <> Mon, 18 December 2023 23:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 651E6C14CE29 for <>; Mon, 18 Dec 2023 15:01:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.704
X-Spam-Status: No, score=-6.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HeXNS0zBgJSo for <>; Mon, 18 Dec 2023 15:01:23 -0800 (PST)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 6E9DFC14CE31 for <>; Mon, 18 Dec 2023 15:01:23 -0800 (PST)
Received: from ([]) (authenticated bits=0) by (8.15.2/8.14.5) with ESMTPSA id 3BIN18Ie009417 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Dec 2023 15:01:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1702940480; x=1703026880;; bh=5ZIgprqQ4bvD6oZMvBG/cbosa/6x5MkHyeU1CDppGxw=; h=Date:To:From:Subject:In-Reply-To:References; b=12lZKGdRCk97euPMAVeH7RaeCryrR//Lbn7SsYx5RMOePTCNUuMroC9PhxXB0JSK2 H44VbEY5f2kqb3qcZhgCd+szgR+7blAYmda9toUA/kboE1aoL9WMg8d3JIcnlarlEE 2Wys0C0/VL9ZwxO1qEFvsU8brYZOfdjbj3kJmS4g=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Mon, 18 Dec 2023 14:59:50 -0800
To: Mallory Knodel <>,
From: S Moonesamy <>
In-Reply-To: <>
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 23:01:27 -0000

Hi Mallory,
At 12:17 PM 18-12-2023, Mallory Knodel wrote:
>I just came back here to address the scanning, too. This line that 
>client-side scanning "isn't well defined" or "means too many things" 
>is just utter smoke and mirrors. Quite the opposite-- because there 
>are so many ways to violate a person's civil liberties by breaking 
>into their agents and devices means that *all* of them are to be 
>rejected, early and often, despite their inner workings.

There are academic papers about client-side scanning (CSS).  I forgot 
about CSS as the topic was in the news in 2021.  Let's assume that 
there are two jurisdictions, X and Y.  A company under jurisdiction X 
implements CSS as that is mandated by law.  A company under 
jurisdiction Y does not implement it as there is no law which 
mandates that.  Some of users from the company in X will likely move 
to the company in Y.  There is a decrease in MAU for the company in X.

The second part of your comment is not clear.  I am not sure whether 
it is an argument for or against CSS.  Anyway, I am not keen about 
intrusive surveillance.  As for CSS, the discussion is a bit 
hazy.  For what it is worth, the persons who run SMTP services 
generally have software scanning for unwanted emails.

S. Moonesamy