Re: [arch-d] [IAB] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

"Mirja Kuehlewind (IETF)" <> Fri, 19 January 2024 17:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4145CC14F6B9; Fri, 19 Jan 2024 09:19:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.068
X-Spam-Status: No, score=0.068 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qLbhR9VE0Ux5; Fri, 19 Jan 2024 09:19:06 -0800 (PST)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 07D69C48EDDA; Fri, 19 Jan 2024 09:17:10 -0800 (PST)
Received: from ([]; authenticated by running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1rQsUM-0005Bn-OG; Fri, 19 Jan 2024 18:17:06 +0100
From: "Mirja Kuehlewind (IETF)" <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A33E919D-89A8-4797-8ABC-62E51D2A87C5"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Fri, 19 Jan 2024 18:16:56 +0100
In-Reply-To: <>
Cc: IAB IAB <>,
To: S Moonesamy <>
References: <> <>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <>
Subject: Re: [arch-d] [IAB] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 19 Jan 2024 17:19:10 -0000

Sorry for my late reply and please see for your question below:

> On 16. Dec 2023, at 21:07, S Moonesamy <> wrote:
> Dear Internet Architecture Board,
> At 11:45 AM 15-12-2023, IAB Executive Administrative Manager wrote:
>> The Internet Architecture Board has posted a new IAB Statement on Encryption and Mandatory Client-side Scanning of Content.
> I was a bit surprised when I saw the statement about encryption and mandatory client-side scanning of content as I was not aware that it was a matter of interest to the Internet Architecture Board (IAB).
> The statement starts with a paragraph about supporting human rights with respect to privacy and freedom of opinion.  The second paragraph quotes legislation being in the United Kingdom, the European Union and the United States as "policy proposals".  The term used is a bit odd.  Is the IAB providing input to the legislators in those countries?
> There is a paragraph about government control into communication.  The paragraph ends with a statement about the IETF Community.  Did the IAB or any of its members seek the opinion of the IETF Community?  If so, I would appreciate a pointer to where the discussion happened.
> I am at a loss on how mandatory use of client-side scanning could restrict the use of open-source software as the statement does not explain that.
> I would like to commend the members of the IAB for acknowledging the concern about societal harms.  I do have some reservations about the rest of the sentence.  For example, the definition of "illegal content" varies across countries.
> I could not find the document referenced as "[7]".  Could you please share the reference?

Sorry for only referencing this indirectly but the first link in the referenced article leads to the document here:


> As a nit, the reference to RFC9490 points to an I-D.
> Regards,
> S. Moonesamy