IETF Logo Mail Archive

Re: [arch-d] [EXTERNAL] Re: IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Tommy Jensen <Jensen.Thomas@microsoft.com> Tue, 19 December 2023 17:07 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EECBAC15C2B5 for <architecture-discuss@ietfa.amsl.com>; Tue, 19 Dec 2023 09:07:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-KEixgOXLHb for <architecture-discuss@ietfa.amsl.com>; Tue, 19 Dec 2023 09:07:51 -0800 (PST)
Received: from DM6FTOPR00CU001.outbound.protection.outlook.com (mail-centralusazon11020002.outbound.protection.outlook.com [52.101.61.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A79CCC151075 for <architecture-discuss@ietf.org>; Tue, 19 Dec 2023 09:07:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j7SbDoCMPi9N+sQAJaalOPD31nfE7YdCLE8acxyEvXjZqQLm7Pqmkgz+dDGSZlsXu1NFu3TAcZB2Hn1++lF7YKUq+/zjMvyi/8SPCwOcDyDNsOQ/JVO8F+6vWFKSvGTdVhIQ0qG4yqMsr2mY0wIQYDFayoatj8YGS+DUb69QmqJn2brcUYfiMRunZDFweBjStWxaeSrEsQMEPBVcd+o8Aqe8gkA63qEZswRNbTLPrzOInrXTQ3w0zQ0+zNDHJbjhshaihT6ZRcqSeUJZ1DvMNFKxnO7KyCjVU92CjrmpMT4mUv9b6sSVDQaO0nT7D+LzHskXojoK1u/nK1CvAkFvgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o9mHQf96HN0x7yyOIPGYimwfJLmiY/JhzVGSKsjopvQ=; b=FadDvVD1du1A0lfWQFE/Y3I7azDssgg/9OOp7c/ZK4WTrOOzES/qsbHLq4OIB/mvnv1E71VDDLCZMTTFQl4IBBxZXiFUnR3p9hBM4yi2duzOUGv2Iyx9xAxh3rWDhEIlUsjJPK71x0YfBaYu5DXtDwWHjG7ZKWfQXkfUd5U7aDuxhN1lYIZdcmGLaRzPjI0AMrO597qmlN4KVTpqNh7AakGhrgq7W+OJotsXXUi7vX0vViIEUDOXcrvJqDfUXuEd9vbnsXxwaIEry49L4MSOL9Sa5Sax1b9zSNs4Ftt0IkT854CtK4KASr7hhCeMjgzcom6kZpIuHrWtwAAGpLXSbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o9mHQf96HN0x7yyOIPGYimwfJLmiY/JhzVGSKsjopvQ=; b=IkV6E2hEdR/YF0VCWiEhYtc+pjsZxd4DTgcqVGXtAzvt7pMnJ/LlFHjxMzHeCsRHtly9hIqIvtPh5UYN0pdPXyAKIarxD5f/QplT6eRZSEa2LAdSjvHKAhpt1kS1APcEmmgTImFv8sSGlZXILKnr5nkqzMZPvA/cumguYYUBZDE=
Received: from MW4PR00MB1501.namprd00.prod.outlook.com (2603:10b6:303:21b::12) by SJ0PR00MB1223.namprd00.prod.outlook.com (2603:10b6:a03:370::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7150.0; Tue, 19 Dec 2023 17:07:48 +0000
Received: from MW4PR00MB1501.namprd00.prod.outlook.com ([fe80::4739:acad:3811:c153]) by MW4PR00MB1501.namprd00.prod.outlook.com ([fe80::4739:acad:3811:c153%6]) with mapi id 15.20.7150.000; Tue, 19 Dec 2023 17:07:48 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>
CC: Andrew Campling <andrew.campling@419.consulting>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>, "iab@iab.org" <iab@iab.org>
Thread-Topic: [EXTERNAL] Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
Thread-Index: AQHaMZ8sBSNW3HIGvEO228qrnX/j+LCva7mAgAAPdoCAACDTAIAAuA8AgACBFlA=
Date: Tue, 19 Dec 2023 17:07:48 +0000
Message-ID: <MW4PR00MB1501C0D677CA32DE371599CDFA97A@MW4PR00MB1501.namprd00.prod.outlook.com>
References: <170266952162.33107.14325064798861197261@ietfa.amsl.com> <6.2.5.6.2.20231216110256.18d0acd0@elandnews.com> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <CAKr6gn2Hf4N+DgKHKyO+i3T3OJyYRBJhH1AdQf-uXZ0xKmJ4Eg@mail.gmail.com> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <790032a6-24f6-60d1-fb60-4b44bd447bde@gmail.com> <fadd9250-4b31-4bf5-aa76-4f37d24fd650@cdt.org> <CABcZeBNQBw6tiW4+JSB_8J=si2ewzZfOaSxX0eU=UrMhDv+O2A@mail.gmail.com> <74692684.138702.1702977220127@appsuite-gw2.open-xchange.com>
In-Reply-To: <74692684.138702.1702977220127@appsuite-gw2.open-xchange.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c9f45ce5-86b9-40ee-91ce-1b5443cb1109; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-12-19T16:55:41Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR00MB1501:EE_|SJ0PR00MB1223:EE_
x-ms-office365-filtering-correlation-id: fd1b9cf8-3d60-4519-3e50-08dc00b506d0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oMZemCH3mEme5Qh93ui3NylK+Zvb8kswN2xGZ/5JF+SdVbYDeMYYSyhvv8AbjHWkdAthy0conwOTGLcUPmqeujWUAs43yu4gKEcZGPARrqk+DxedcBevyVc/7cvxQEyxdOXHDUCyIZrvrz0PrkJEBJRCMnxT3wxX6S+9zELcufYlYajew+481ENCT3mnU/wObJ2QiGRaAicikEC8sXO8jR0ON9kv9sn+ppvalNZ5xURuX2fYWQnRL/la8pbbEF42dlA74v6EySI0bt6K9HN+3kjTG89tMdLi+EV6WTKcacJ5qPJk372JsBgpM1UyDLRs5j42u7oRMEUK1xbyUvhbuyzJaUSuIVMIZDgw1Ea4YYEl5FYEEoLNnLEFkNCdczyNJuIgrstjb5W7rkAgR+j7qy1vFSvy08IkvMPkk7/Jcs9UnmtLalUxxqGe629vo3SYogG9y4INSQ+L8Et1R0AJqXMWBKcmB8MxcYOzfWl3fX+KlZSqewJOsloc17UuX+g/c9Lx/sqck3BHfm+QI0rPAEDz6kn3Qo2BPVJJHj38Wu75NjGD7XnYxyqVmkA9y6JuIhYqrrVlNoUqBq69W90BlqjqLcpQ6kPQF0f+HqEhxAGLSkNX60XPOJQVfZnZarqgdSRmQlNGeo+3i5sfA0r/BX8o0XujtVa9aoLtNEbuKihqJ7KzOqq6FBnTrSeDcieF
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR00MB1501.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(39860400002)(346002)(136003)(366004)(230273577357003)(230173577357003)(230922051799003)(1800799012)(451199024)(64100799003)(186009)(8936002)(8676002)(55016003)(4326008)(316002)(966005)(54906003)(66476007)(66556008)(64756008)(110136005)(76116006)(66946007)(52536014)(21615005)(66446008)(66574015)(41300700001)(83380400001)(166002)(38100700002)(122000001)(5660300002)(86362001)(7696005)(6506007)(53546011)(82960400001)(9686003)(8990500004)(71200400001)(2906002)(33656002)(82950400001)(10290500003)(478600001)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Mo6jUKHKd0ZwzNs6VT37qmIby2+ip9u2cyjuDW4pMflN4lQhIOBKy2NpOgQuX1bwZGGPRAEFQMz0pEr7XB1YtoVTpX/b0jU629xlHKBaeavx2BTextEbfiF8MKygp8cxHWM9aMLbvl1bIjzuc9ZoCJco+YHxLxnRkdjRVXdjmM2mhuotx2s92oSPQPTLMCHsjU8ApPncSjGchrOX0CNmvw5TbKLxEH0oKzZVQ0NVvukVWNyA/z+UOPrbv7ut3q/t3ZhbaDEwFS1tUAOS7jgMt39y6dyphO5ZIm0wfr3zvOemF2+SPIXc4OF4Lavn+UF8mV9m7lOSyuqofdnhAvL7jJe5c+HQyLL6Ey4297kOyURj9gYOMj7CwUV1QGOWThzZ8q3ZomdWj60nzC06mu1R9qFdnf3+M8avc9PtQnsALQpTuSPK8g/KO9LThY0IPAMDeNLG7j48lYVFmBJyK5WLyNLQffO4ckZQz1UHir4ZO+qahApCbFuBiFb8crG5AmNv2cOSBLm7UmtbUcZV6NDy+fqu4hlcs826qF3lEAlI8sFmijEyJaaRRKmlt0w8ZNsx8GWjoE/8GA6S+bQEA10c2cNtXvDPpPuxXd8fQZTMT1P+jbAmCRCXLC5YMgueYgymS/qbCj9JKZovmK259r+Urnh8sZk9EvTPMm3hSxIPLA48vPbKJbv865ShjWzLb8YUtY48e5ImY416M5mF3j/SA2rZbADaRMWPEINY6J9nlhOTjdzrFYU63xGeJelB++6D7Y8T1Xh1V0Wd64wXGw5EpS4gCqnC9Anrww+aYzhgoe5ZMY6Y7IiTFy+IhJO2I+pwjftIhzf/lLcO0wgzhhZ3sKDCE5GpmtzdD4JAe/Oe+JnAhfFqbx6eVX2oFTdJ5RTHcjV7kMODyOcasDb8D3YzK29Mwxrn0RVf4SR37mw5tb8Q5pHXmcvIml+BDyJNoHREfko/06JIg5swb7tUcg/+oEpmeRU80Mh78t/g+Q6HSTEqzf6S1YemB1HHnkb6Jfq4jaCh5g1r/9JwBG8DnPfUXS6dVPGFhb5t9QjK5MJUz14/UKZ0spsGuvEyoZk9kT2gW2JaoBLd4GEobY++GJxWtNJGxCwG5xMR7LlKnbwI8dc+1tuGDqeD5dIi47oj83PzHuxFhC2UDCdboy7WwAKAMAUH9rtmmHLx7zNdYjWueGsNnfA1txBvcqnPaCNKKXG3aMZnFhdeLIWBElNobvViKY69PDY+cVgcXV+pDu5ZP8h8iGcJtoh/YdBVCfvPoEWMNbF+24vTkCLjZmYeOtHM1f0mUKPS0kVV9VUCqzxJxwLqi3zhLHWN0T7lAo31LEYld5Ww89UoxfyChUygRFoAokGeM827Vcj7HP6fgFepvzWdfX5C/FSR0ilf618KG45Vk53LFCxDnt3M7xgky/iQ2d/Y8ST416EKncgXb3dJg64mpodu3yoCUg5/zwlI0gmqcWKdqAb/22riMjRXArxnB/GsgK/zOWMacEnQpUN+oPqwwavYU+YQtD1GQfdWf75VYzJynx8Sz2gkEy2De+kpmJpz0FNM0yowgc0x4KQo/ipenbFJPIiZHUCgGPA0vZcMnfrPdxj6+eQd4ZBzO8DOzp5dnO1jCFnrsMIhmUX9qcqoljeMLYY+WHdUaQ6orgoJ
Content-Type: multipart/alternative; boundary="_000_MW4PR00MB1501C0D677CA32DE371599CDFA97AMW4PR00MB1501namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR00MB1501.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd1b9cf8-3d60-4519-3e50-08dc00b506d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2023 17:07:48.3073 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pS/t7VhOK7Y4SD0g7icJY+eDkdEpcCOpMVLNEPmFID/e3McWFDG8SfVU57h+RsipnzKa3lzV8MASHr/GINLoaw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR00MB1223
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/tDfuDieb1X7zg56guBVI8onruo0>
Subject: Re: [arch-d] [EXTERNAL] Re: IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 17:07:54 -0000

Hey Vittorio,

I’m not saying you don’t have a valid product design gripe (noting that Windows also employs executable signing checks), but I think it’s a false equivalency to compare that to mandated client-side scanning. Following ekr’s example of gaining clarity, for the context of my response, let’s assume “mandated client-side scanning” means “a third party to the customer/platform relationship is coercing the platform (second party) into scanning communicated content before transmission.”

An important distinction here is that client-side scanning, when mandated by a sovereign authority of some kind, cannot be opted out of by the user (first party), and sometimes isn’t even disclosed to the user. In contrast, operating systems blocking the execution of programs which are not recognized provides both: active notice (the popup you described, Windows does something similar) and opt out. You may find the opt out painful, but that’s again a product design gripe, not a policy concern.

As an example, should the UK mandate client-side scanning of end-to-end encrypted content such as Signal messages, will I have the ability to click through any flow to opt out? If not, then these are not equivalent comparisons. Additionally, the equivalent of content scanning in your example is not legal or political in nature; nobody will end up falsely accused of a heinous crime when they download a random executable from the Internet based on the kind of feature you’re describing, but that absolutely can happen with content scanning [0].

Thanks,
Tommy

[0] https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

From: Architecture-discuss <architecture-discuss-bounces@ietf.org> On Behalf Of Vittorio Bertola
Sent: Tuesday, December 19, 2023 1:14 AM
To: Eric Rescorla <ekr@rtfm.com>
Cc: Andrew Campling <andrew.campling@419.consulting>; architecture-discuss@ietf.org; iab@iab.org
Subject: [EXTERNAL] Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content


Il 18/12/2023 23:14 CET Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> ha scritto:

ISTM that this is an example of a setting in which we have a term of art which is used in a way somewhat different from its literal meaning.

Specifically, it is very common right now to have clients of various kinds scan for material that the recipient doesn't want to receive, such as in the case of spam filtering, virus scanning, or Apple's sensitive content warning [0]. In many if not most of those cases, the operator of the device opted into or at least actively wants that kind of scanning. I think we can agree that this type of scanning works to some extent and isn't incompatible with open source or open protocols. This is, of course, scanning that happens on the client, and I believe it's what Brian is referring to.

What the IAB statement is referring to is something different, which is to say scanning which is imposed upon the operator of the device whether they want it or not, and is designed to stop the operator from sending and receiving certain classes of content.
Great! So, could the IAB please tell Apple to stop preventing me from running on my MacBook Pro executables that didn't go through their app store or vetting process? A few days ago I tried to run "rar" via command line after getting it via Homebrew, and my laptop simply refused to do so because rar's developer isn't a friend of Apple, and in the end I had to go through a seven click process at the third level of the computer's settings just to be able to run rar. I never asked for this check, but apparently there is no way, not even a cumbersome one, to disable it permanently.

Somehow, however, this kind of client-side scanning and blocking of content "imposed upon the operator of the device whether they want it or not" does not seem to be a problem for the IAB, but blocking CSAM is.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com<mailto:vittorio.bertola@open-xchange.com>
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email