Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Mallory Knodel <> Mon, 18 December 2023 21:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 61433C14CE31 for <>; Mon, 18 Dec 2023 13:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iQLxr6egvp8A for <>; Mon, 18 Dec 2023 13:35:29 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 0DCCDC14CE54 for <>; Mon, 18 Dec 2023 13:35:29 -0800 (PST)
Received: by with SMTP id ffacd0b85a97d-33664b4e038so1793637f8f.3 for <>; Mon, 18 Dec 2023 13:35:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; t=1702935327; x=1703540127;; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=JAPLoO1V8elq9uBKlNCG6HQFl8hWXJQIN6pNvZBNt5o=; b=I0dfESiuh0R9T2EhmJqcNnVgZeLYMRWuEVbEwvOwwT0qR7FAv6Bi8I7fM51RQOUi5y AYZ+mZtzBxtrL9QkJ5tMZt3U9E6VjbSUKHmdvRxV8CP5KZVfewwT2vSkdCoG10Rvb5X0 k1ybmzU+3vj1BRqP/+U8YX3kJx0qOqiMyzXdc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702935327; x=1703540127; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JAPLoO1V8elq9uBKlNCG6HQFl8hWXJQIN6pNvZBNt5o=; b=h4L9bJXGMW/+WLXR4Aveby13eXjFO+/ypm8RgWJF48BFM8M1yfs8cpWZNcV3FS1c8t 2ZUog8WONO3fbF4otOcBBX95nbvBobWIUG7DaCWb56MdXjHhUBpjt4Rcc7Q5lgZP2N+y KkFfnyJOTGy0wYGQCLT3GjLaLGS8b9mt1q+PGjy3nUb1qa1U0ZzRE8lKYb3Jqq3ImOSB moF6sdrf9uQPJcEXkUqYYQ+9eH67Mu4rRngb/ITep2037Nrr7yK0v8JIKtvFWg0ICa4W jNK+qq4RrDhhMkDHWKUmGp2rsKoYQYo49bM4hb5p0tZyLY10ARKLGTLzX6tV+EtOyY+l j4Sg==
X-Gm-Message-State: AOJu0YzPVf5jsdcGZVCvj95Vb/3FShGrfXP0u6luqAO+Q6k5s/sO2/Qe c3TPzsdpiuzJwSlWRD8YO7xNoY9yR1SgtwgSVTc=
X-Google-Smtp-Source: AGHT+IHggELbct3eisHKMv1D3SJYuYVISXL52Qj2ytfw/YmUspoWFnbfwaVwYRO0BWi5LgRbDae/4A==
X-Received: by 2002:a5d:6852:0:b0:336:6542:fc20 with SMTP id o18-20020a5d6852000000b003366542fc20mr1384880wrw.42.1702935326729; Mon, 18 Dec 2023 13:35:26 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id q2-20020a05600000c200b0033668993237sm3571590wrx.49.2023. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 Dec 2023 13:35:25 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------TIejtTwcFMlYDid0nwpvBr1H"
Message-ID: <>
Date: Mon, 18 Dec 2023 16:35:20 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To:, 'Andrew Campling' <>
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <> <02ae01da31f2$80580630$81081290$>
From: Mallory Knodel <>
In-Reply-To: <02ae01da31f2$80580630$81081290$>
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Dec 2023 21:35:33 -0000

On 12/18/23 3:40 PM, Adrian Farrel wrote:
> Mallory,
> Let's cool it a bit. Saying that someone's argument is "just utter smoke and mirrors" is coming on too strong for debate in our environment.
Hi Adrian,

You're right-- that would be an uncool thing to say in response to one 
person. In this context, that is what happened and I am sorry. In the 
broader context, the argument has been made widely at this point and 
doesn't belong to one person, which is why I felt the need to highlight it.

> It might be helpful to provide a pointer to a definition that you find helpful and clear. (We can argue about whether the IAB statement would have been better including the definition or a pointer to it, but since the statement has been published, we must focus on the discussion that follows).
> I find  to be helpful both in definitions and reasoned discussion.

Thanks for digging up that resource. The statement includes several 
resources that have the luxury of many pages to carefully elaborate 
these things. I like the "bugs in our pockets"[0] paper, too.

However, the ISOC resource does not include computer vision techniques 
that would detect novel content. Nor does it discuss where on the device 
or at what exact point the scanning occurs. I'm not critiquing the ISOC 
paper-- it's fantastic. I'm merely demonstrating the risk with 
presenting a definition that a slight tweak to the design and that 
definition no longer applies, thus negating the two arguments made in 
the statement, which do not in fact depend on how the scanning is done.

> Cheers,
> Adrian
> PS, If someone wants to fix the citation indexes at, that would be very welcome

Leaving out a definition was not an error.



> -----Original Message-----
> From: Architecture-discuss<>  On Behalf Of Mallory Knodel
> Sent: 18 December 2023 20:17
> To: Brian E Carpenter<>; Andrew Campling<>; George Michaelson<>
>;; S Moonesamy<>
> Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
> Hi,
> On 12/18/23 2:22 PM, Brian E Carpenter wrote:
>> Andrew,
>> On 18-Dec-23 23:43, Andrew Campling wrote:
>> ...
>>> Reflecting further on the IAB statement, I do believe that the lack
>>> of inclusion of a clear definition of client-side scanning within the
>>> IAB's statement is problematic. I suspect that the real issue relates
>>> to the results of that scanning being shared with a third party
>>> without the knowledge of the user rather than the scanning per se.
>> The statement is about *mandatory* scanning, which clearly implies
>> that an official third party is involved.
>> IMHO, it should be my choice whether my email agent is set up to
>> detect occurrences of "Scunthorpe" in incoming email. Alternatively,
>> it should be my choice whether my mail service provider performs that
>> check for me. But none of this is a protocol issue, or a protocol
>> security issue, so however bad one believes the societal harm to be,
>> I'm at a loss to see why it's an IETF issue.
> I just came back here to address the scanning, too. This line that
> client-side scanning "isn't well defined" or "means too many things" is
> just utter smoke and mirrors. Quite the opposite-- because there are so
> many ways to violate a person's civil liberties by breaking into their
> agents and devices means that *all* of them are to be rejected, early
> and often, despite their inner workings.
> -Mallory
>> The IAB statement is about the effect of specific government
>> requirements that "undermine end-to-end encryption", and that *is* a
>> protocol security issue, so it's a legitimate topic for the IAB and
>> the IETF.
>>      Brian
>> _______________________________________________
>> Architecture-discuss mailing list

Mallory Knodel
CTO :: Center for Democracy and Technology
newsletter ::