2016-07-20 15:54:55+0200 ------------------------ HRPC IETF 96 Berlin # Agenda Bash # Context and objective # Context of research # Talk by Laura DeNardis Emerging Issues in Protocols and Human Rights ISOC Internet invariants: global reach general purpose permissionless innovation accessibility interoperability mutual agreement no permanent favorites Protocols are only one component of the human rights implications how can we address government interference/tampering with infrastructure? We must acknowledge that infrastructure can be a proxy for state power. As states consider this and try to exercise that power, how can we prevent that from being used as a force of social control? Eliot Lear: is the distinction between "governance of the infrastructure" vs "governance of the people" a meaningful distinction? DeNardis: I see internet governance as "how do we keep the Internet operable, and what are our policies around it? Corinne Cath: can you give examples of other bodies where HR/infrastructure intersect? DeNardis: government action. I just published "One Internet" An evidentiary basis around fragmentation and implementation. Also, we need to consider other SDOs where civil society can't even get in the door. Global Commission on Internet Governance has discussion and interest about this too. https://www.ourinternet.org/research/one-internet-evidentiary-basis-policy-making-internet-universality-and-fragmentation Andrew Sullivan: so what effect should these considerations have on what we're doing? Is there a distinction to make between cases where protocol design decisions will affect the outcome, and cases where we can't do anything about it. There isn't anything i can do in a protocol design about other SDOs bad inclusion policies. all i can do is write a better standard and hope that it will be deployed more widely. We invented DNSSEC precisely so that when people start tampering with it you can detect it so that people can detect it, and dns privacy it protect the leakage of this sensitive information. do you have practical recommendations? DeNardis: DNS Privacy is a perfect example of this, and strengthening encryption instead of weakening encryption. What are opportunities to expand into other areas of standardization that are currently at the margins of the internet protocols? can we make sure there is interoperability? can we make sure that people like Cath can participate in these discussions? Niels -- there will be followup to the list. David Kaye, UN special rapporteur for freedom of expression ============== audio, no video. topic: his mandate in the human rights council, ways to collaborate, what projects he's working on. Human Rights Council, which includes a focus on Article 19, which should apply to all individuals. right to hold an opinion without interference seek, receive, and distribute information and ideas of all kinds, through any media, and regardless of frontiers surveillance, encryption, anonymity are all within Kaye's mandate as ways to protect these rights, and this is a shared core value with the IETF. My current project maps how private ICT sector implicates freedom of expression. http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc need (but have not issued) guidance to private actors, whose decisions have implications for these rights. due diligence here is important. but we emphasis transparency - users understanding what happens to them gov't action is part of it, but parts are affected by private action. policy environment is developing recently under the framework of "cybersecurity" that has troubling implications for human rights that have been part of the internet for a long time. the UN isn't out to regulate IETF or other SDOs; multistakeholder approaches are the right approaches. core values of the IETF are likely to be challenged by governments, i hope you can maintain this work in the face of challenges to the protocols Niels: what can the IETF do for you? we're starting the process by focusing on telcos, ISPs, and NAPs. we could really use technologists who understand. i'll send a call for comments soon, Niels: i will make sure this call is visible within the IETF Ben Schwartz: what harbingers can we look for of the kind of interference you're warning about? Kaye: in the ITU, governments like Russia and China (and several others) are interested in imposing non-multistakeholder governance. Charles Neville: when should we as technologists stop trying to set policies for the rest of the world -- that perhaps this is something that societies may have the right to decide for themselves? when are these things universal? Kaye: this is what we work on: when do human rights apply or when do local or national customs apply? if we go the direction of local or national values, we're talking about walled-off internet, where individual rights are not respected. I hope to have an opportunity to meet with you in person in the future. I'm accessible by e-mail and twitter, and would like to hear from you. ------------- Alissa Cooper ------------- https://www.ietf.org/proceedings/96/slides/slides-96-hrpc-2.pdf Lessons from RFC 6973 Security considerations became more formalized and systematized over time Privacy considerations is a natural followup to this line of this work: there is some overlap, and some not. privacy considerations work started in 2010, but was published in the IAB stream in 2013. Q&A Pete Resnick: security and i18n i have a pretty straightforward way to map these to protocol levels. privacy not as much, but in some ways still similar. some of the HR goals seem hard to map directly to protocols, but if you switch language around it might be more useful. for example, censorship resistance seems to be at "layer 9", but "universal addressibility and accessibility" sounds like much more clearly a protocol level. Alissa: sounds good to me. Niels: cuts the lines, asks for next speaker Corinne Cath ============ discusses draft-tenoever-hrpc-research Shane Kerr ========== description of his interaction with the draft for his dns-over-http draft Giovane C.M. Moura ================== applied it to draft-francois-dots-ipv6-signal-option draft was technically improved by reviewing this document; not just an improvement for HR alone. Niels-- is the schedule to go gather comments for one more month and then start the RG last call for this draft ok for everyone?? Shane: In principle it seems OK, but it's summer, so you might want to stretch it out. Joe Hall: is the IRTF process different than IETF? Lars Eggert: IRTF is looser -- RGs can do what they like. Niels: we should stick with IETF standards Hum: audible, substantial in favor of 1 month until starting RG last call. a few weak voices in opposition.