idnits 2.17.1 draft-irtf-hrpc-association-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 02, 2020) is 1265 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 1391 -- Looks like a reference, but probably isn't: '2' on line 1393 -- Looks like a reference, but probably isn't: '3' on line 1395 -- Obsolete informational reference (is this intentional?): RFC 155 (Obsoleted by RFC 168) -- Obsolete informational reference (is this intentional?): RFC 1771 (Obsoleted by RFC 4271) -- Obsolete informational reference (is this intentional?): RFC 5751 (Obsoleted by RFC 8551) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft Univeristy of Amsterdam & Texas A&M University 4 Intended status: Informational G. Perez de Acha 5 Expires: May 6, 2021 Derechos Digitales 6 S. Couture 7 University de Montreal 8 M. Knodel 9 Center for Democracy & Technology 10 November 02, 2020 12 Freedom of Association on the Internet 13 draft-irtf-hrpc-association-06 15 Abstract 17 This document discusses the relationships between the Internet 18 architecture and the ability of people to exercise their right to 19 freedom of assembly and association online. The Internet 20 increasingly mediates our lives, our relationships, and our ability 21 to exercise our human rights. As a global forum, the Internet 22 provides a public space, yet it is predominantly built on private 23 infrastructure. Since Internet protocols play a central role in the 24 management, development, and use of the Internet, we analyze the 25 relation between protocols and the rights to assemble and associate 26 to mitigate infringements on those rights. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on May 6, 2021. 45 Copyright Notice 47 Copyright (c) 2020 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Vocabulary used . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Research question . . . . . . . . . . . . . . . . . . . . . . 5 65 4. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 5. Literature Review . . . . . . . . . . . . . . . . . . . . . . 5 67 5.1. FAA definition and core treaties . . . . . . . . . . . . 5 68 5.2. FAA in the digital era . . . . . . . . . . . . . . . . . 8 69 5.3. Specific questions raised from the literature review . . 12 70 6. Cases and examples . . . . . . . . . . . . . . . . . . . . . 12 71 6.1. Got No Peace: Spam and DDoS . . . . . . . . . . . . . . . 13 72 6.1.1. Spam . . . . . . . . . . . . . . . . . . . . . . . . 14 73 6.1.2. DDoS . . . . . . . . . . . . . . . . . . . . . . . . 14 74 6.2. Holistic Agency: Mailing Lists and Spam . . . . . . . . . 15 75 6.2.1. Mailing lists . . . . . . . . . . . . . . . . . . . . 15 76 6.2.2. Spam . . . . . . . . . . . . . . . . . . . . . . . . 15 77 6.3. Civics in Cyberspace: Messaging, Conferencing, and 78 Networking . . . . . . . . . . . . . . . . . . . . . . . 16 79 6.3.1. Email . . . . . . . . . . . . . . . . . . . . . . . . 16 80 6.3.2. Mailing lists . . . . . . . . . . . . . . . . . . . . 16 81 6.3.3. IRC . . . . . . . . . . . . . . . . . . . . . . . . . 17 82 6.3.4. WebRTC . . . . . . . . . . . . . . . . . . . . . . . 17 83 6.3.5. Peer-to-peer networking . . . . . . . . . . . . . . . 18 84 6.4. Universal Access: The Web . . . . . . . . . . . . . . . . 19 85 6.5. Block Together Now: IRC and Refusals . . . . . . . . . . 20 86 7. Conclusions: Can we learn anything from the previous case 87 studies? . . . . . . . . . . . . . . . . . . . . . . . . . . 21 88 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 91 11. Research Group Information . . . . . . . . . . . . . . . . . 23 92 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 93 12.1. Informative References . . . . . . . . . . . . . . . . . 23 94 12.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 30 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 97 1. Introduction 99 "In the digital age, the exercise of the rights of peaceful assembly 100 and association has become largely dependent on business enterprises, 101 whose legal obligations, policies, technical standards, financial 102 models and algorithms can affect these freedoms". 104 - Annual Report to the UN Human Rights Council by the Special Rapporteur 105 on the rights to freedom of peaceful assembly and of association (2019). 107 We shape our tools and, thereafter, our tools shape us.  108 - John Culkin (1967) 110 The current draft continues the work started in "Research into Human 111 Rights Protocol Considerations" [RFC8280] by investigating the impact 112 of Internet protocols on a specific set of human rights, namely the 113 right to freedom of assembly and association. Taking into 114 consideration the international human rights framework regarding the 115 human right to freedom of assembly and association, the present 116 document seeks to deepen the relationship between this human right 117 and Internet architecture, protocols, and standards. In that way, we 118 continue the work of the Human Rights Protocol Consideration Research 119 Group, as laid out in its charter, where one of the research aims is 120 "to expose the relation between protocols and human rights, with a 121 focus on the rights to freedom of expression and freedom of assembly" 122 [HRPC-charter]. The conclusions may inform the development of new 123 guidelines for protocol developers in draft-irtf-hrpc-guidelines. 125 The research question of this document is: what are the protocol 126 development considerations for freedom of assembly and association? 128 2. Vocabulary used 130 Architecture The design of a structure 132 Autonomous System (AS) Autonomous Systems are the unit of routing 133 policy in the modern world of exterior routing [RFC1930]. 135 Within the Internet, an autonomous system (AS) is a collection of 136 connected Internet Protocol (IP) routing prefixes under the 137 control of one or more network operators on behalf of a single 138 administrative entity or domain that presents a common, clearly 139 defined routing policy to the Internet [RFC1930]. 141 The classic definition of an Autonomous System is a set of routers 142 under a single technical administration, using an interior gateway 143 protocol and common metrics to route packets within the AS, and 144 using an exterior gateway protocol to route packets to other ASs 145 [RFC1771]. 147 Border Gateway Protocol (BGP) An inter-Autonomous System routing 148 protocol [RFC4271]. 150 Connectivity The extent to which a device or network is able to 151 reach other devices or networks to exchange data. The Internet is 152 the tool for providing global connectivity [RFC1958]. Different 153 types of connectivity are further specified in [RFC4084]. The 154 combination of the end-to-end principle, interoperability, 155 distributed architecture, resilience, reliability and robustness 156 are the enabling factors that result in connectivity to and on the 157 Internet. 159 Decentralization Implementation or deployment of standards, 160 protocols or systems without one single point of control. 162 Distributed system A system with multiple components that have their 163 behavior co-ordinated via message passing. These components are 164 usually spatially separated and communicate using a network, and 165 may be managed by a single root of trust or authority. 166 [Troncosoetal] 168 Infrastructure Underlying basis or structure for a functioning 169 society, organization or community. Because infrastructure is a 170 precondition for other activities it has a procedural, rather than 171 static, nature due to its social and cultural embeddedness 172 [PipekWulf] [Bloketal]. This means that infrastructure is always 173 relational: infrastructure always develops in relation to 174 something or someone [Bowker]. 176 Internet The Network of networks, that consists of Autonomous 177 Systems that are connected through the Internet Protocol (IP). 179 A persistent socio-technical system over which services are 180 delivered [Mainwaringetal], 182 A techno-social assemblage of devices, users, sensors, networks, 183 routers, governance, administrators, operators and protocols 185 An emergent-process-driven thing that is born from the collections 186 of the ASes that happen to be gathered together at any given time. 187 The fact that they tend to interact at any given time means it is 188 an emergent property that happens because they use the protocols 189 defined at IETF. 191 3. Research question 193 The research question of this document is: what are the protocol 194 development considerations for freedom of assembly and association? 196 4. Methodology 198 The point of departure of the present work [RFC8280] is an initial 199 effort to expose the relationship between human rights and the 200 Internet architecture, specifically protocols and standards. As 201 such, [RFC8280] was inductive and explorative in nature. The 202 methodology in this previous work was based on the discourse analysis 203 of RFCs, interviews with members of the IETF community, and 204 participant observation in IETF working groups, with the goal to 205 identify technical concepts that relate to human rights. This work 206 resulted in the proposal of guidelines to describe a relationship 207 between the right to freedom of assembly and association and 208 connectivity, security, censorship resistance, anonymity, 209 pseudonymity, accessibility, decentralization, adaptability, and 210 outcome transparency. 212 In this document, we deepen our exploration of human rights and 213 protocols by assessing one specific set of human rights: freedom of 214 association and assembly, abbreviated here as FAA. Our methodology 215 for doing so is the following: first, we provide a brief twofold 216 literature review addressing the philosophical and legal definitions 217 of FAA and how this right has already been interpreted or analyzed 218 concerning the digital. This literature review is not exhaustive nor 219 systematic but aims at providing some lines of questioning that could 220 later be used for protocol development. The second part of our 221 methodology looks at some cases of Internet protocols that are 222 relevant to the sub-questions highlighted in the literature review, 223 and analyze how these protocols facilitate and inhibit the right to 224 assembly and association. 226 5. Literature Review 228 5.1. FAA definition and core treaties 230 The rights to freedom of association and assembly are defined and 231 guaranteed in national law and international treaties. Article 20 of 232 the Universal Declaration of Human Rights [UDHR] states for instance 233 that "Everyone has the right to freedom of peaceful assembly and 234 association" and that "No one may be compelled to belong to an 235 association". Article 23 further guarantees that "Everyone has the 236 right to form and to join trade unions for the protection of his 237 interests". In the International Covenant on Civil and Political 238 Rights, article 21 stipulates that "The right of peaceful assembly 239 shall be recognized" and that "No restrictions may be placed on the 240 exercise of this right other than those imposed in conformity with 241 the law and which are necessary in a democratic society in the 242 interests of national security or public safety, public order (ordre 243 public), the protection of public health or morals or the protection 244 of the rights and freedoms of others" while article 22 states that 245 "Everyone shall have the right to freedom of association with others, 246 including the right to form and join trade unions". Other treaties 247 are sometimes cited as the source and framework to the right to 248 freedom of association and assembly. The Australian government 249 [Australia] for instance refers to Article 5 of the Convention on the 250 Elimination of All Forms of Racial Discrimination [CERD] which 251 stipulates freedom of peaceful assembly and association should be 252 guaranteed "without discrimination as to race, colour, national or 253 ethnic origin"; Article 15 of the Convention on the Rights of the 254 Child [CRC] which recognises to child pending the restrictions cited 255 above; and Article 21 of the Convention on the Rights of Persons with 256 Disabilities [CRPD] which insist on usable and accessible formats and 257 technologies appropriate for persons with different kinds of 258 disabilities. 260 From a more philosophical perspective, Brownlee and Jenkins 261 [Stanford] make some interesting distinctions in particular regarding 262 the concepts of association, assembly and interaction. On one end, 263 "interaction" refers to any kind of interpersonal and often 264 incidental engagements in daily life, like encountering strangers on 265 a bus. Interaction is seen as a "prerequisite" for association. 266 Assembly on the other end, has a more political connotation and is 267 often used to refer to activists, protesters, or members of a group 268 in a deliberating event. In between the two, association refers to 269 more "persistent connections" that are not necessarily political in 270 nature. The authors thus distinguish between intimate associations, 271 like friendship, love, or family, and collective association like 272 trade unions, commercial business, or "expressive associations" like 273 civil rights organizations or LGBTQIA associations. For Brownlee and 274 Jenkins [Stanford], the right to association is linked to different 275 relative freedoms: permission (to associate or dissociate), claim- 276 right (to oppose others interfering with our conduct), power (to 277 alter the status of our association), immunity (from other people 278 interfering in our right). Freedom of association and assembly thus 279 refers both to the individual right to join or leave a group and to 280 the collective right to form or dissolve a group and to organize 281 itself. These rights, however, are relative and not absolute. 282 Parents, for instance, have limited rights to exclude their underage 283 child from family households. Excluding someone from an association 284 based on its sex, race or other individual characteristic is also 285 often contentious if not illegal. Restrictions on freedom of 286 association can be imposed by states, but only if this is lawful and 287 proportionate. States must document how these limitations are 288 necessary in the interests of national security or public safety, 289 public order, the protection of public health or morals, or the 290 protection of the rights and freedoms of others. Finally, states 291 must also protect participants against possible abuses by non-State 292 actors. 294 In international law, the right to freedom of assembly and 295 association protects any collective, gathered either permanently or 296 temporarily for "peaceful" purposes. It is important to underline 297 the property of "freedom" because the right to freedom of association 298 and assembly is voluntary and uncoerced: anyone can join or leave a 299 group of choice, which in turn means one should not be forced to 300 either join, stay or leave. The difference between freedom of 301 assembly and freedom of association is merely a gradual one: the 302 former tends to have an informal and ephemeral nature, whereas the 303 latter refers to established and permanent bodies with specific 304 objectives. Nonetheless, both are protected to the same degree. 305 Where an assembly is an intentional and temporary gathering of a 306 collective in a private or public space for a specific purpose: 307 demonstrations, indoor meetings, strikes, processions, rallies, or 308 even sits-in [UNHRC]; association has a more formal and established 309 nature. It refers to a group of individuals or legal entities 310 brought together in order to collectively act, express, pursue, or 311 defend a field of common interests [UNGA]. Think about civil society 312 organizations, clubs, cooperatives, NGOs, religious associations, 313 political parties, trade unions, or foundations. 315 When talking about the human right of freedom of association and 316 assembly, one should always take into account that 'all human rights 317 are indivisible, interrelated, unalienable, universal, and mutually 318 reinforcing' [ViennaDeclaration]. This means that in the analysis of 319 the impact of a certain variable on freedom of association and 320 assembly one should take other human rights into account too. When 321 devising an approach to mitigate a possible negative influence on 322 this right, one should also always take into account the possible 323 impact this might have on other rights. For example, the following 324 rights are often impacted in conjunction with freedom of association 325 and assembly: the right to political participation, the right to 326 (group) privacy, the right to freedom of expression, and access to 327 information. For instance, when the right to political participation 328 is hampered, this often happens in conjunction with a limitation of 329 the freedom of association and assembly because political 330 participation is often done collectively. When the right to privacy 331 is hampered, this privacy of particular groups is also impacted (so- 332 called 'group privacy' [Loi], which potentially has consequences for 333 the right to association and assembly. Where the freedom of 334 expression of a group is hampered, such as in protests or through 335 Internet shutdowns, this both hampers other people's ability to 336 receive the information of the group, and impact the right to 337 assembly of the people who seek to express themselves as a group 338 [Nyokabi]. 340 Finally, if the right to association and assembly is limited by 341 national law, this does not mean it is consistent with international 342 human rights law. In such a case, the national law would therefore 343 not be legitimate [Glasius]. 345 5.2. FAA in the digital era 347 Before discussion freedom of association and assembly as it pertains 348 to digital environments, we must first recognize that the United 349 Nations Human Rights Council adopted Resolution 20/8 2012, which was 350 later adopted by the United Nations General Assembly [UNHRC2016], 351 which affirms "... that the same rights that people have offline must 352 also be protected online ...". Therefore the digital environment is 353 no exception to application of this right by any means. The 354 questions that remain, however, are how these rights should be 355 conceptualized and implemented in different parts and levels of 356 digital environments. 358 The right to freedom of assembly and association is the subject of 359 increasing discussions and analysis. In 2016, the Council of Europe 360 published a report, "Report by the Committee of experts on cross- 361 border flow of Internet traffic and Internet freedom on Freedom of 362 assembly and association on the Internet" [CoE] which noted that 363 while the Internet and technologies are not explicitly mentioned in 364 international treaties, these treaties nevertheless apply to "the 365 online environment". The report argue the "Internet is the public 366 sphere of the 21st century", something demonstrated by the fact that 367 informal associations can be gathered at scale in a matter of hours 368 on the Internet, and that digital communication tools often serve to 369 facilitate, publicize or otherwise enable presential associations or 370 assemblies, like a protest or demonstration. They note, on the other 371 hand, the negative ways in which the Internet can also be used to 372 promote or facilitate terrorism, urban violence and hate speech, thus 373 insisting on the "extremely important and urgent" need to fight 374 online terrorist activities such as recruitment or mobilization, 375 while at the same time respecting the right to peaceful assembly and 376 association of other users. The report mentions the following use 377 cases that could be help further our reflection: 379 - Instances of network shutdowns in the Arab Spring, to prevent 380 people from organising themselves or assembling 382 - California's Bay Area Rapid Transit (BART) shutdown of mobile 383 phone service, to avoid protester violence and disruption of 384 service 386 - The wholesale blocking of Google as a violation of freedom of 387 expression 389 - Telus, a telecom company which blocked customers' access to 390 websites critical of Telus during a Telecommunications Workers 391 Union strike against it 393 - The targeting of social media users who call for or organise 394 protests though the Internet in Turkey's Gezi Park protests 396 - Mass surveillance or other interferences with privacy in the 397 context of law enforcement and national security 399 - Use of VPNs (Virtual Private Networks) to the TOR network to 400 ensure anonymity 402 - Distributed Denial of Service attacks (DDoS) as civil 403 disobedience. 405 More recently, the 2019 Annual Report addressed to the UN Human 406 Rights Council by the Special Rapporteur on the rights to freedom of 407 peaceful assembly and of association, also notes the opportunities 408 and challenges posed by digital networks to the rights to freedom of 409 peaceful assembly and of association. The report recommends that 410 international human rights norms and principles should also be used 411 as a framework "that guides digital technology companies' design, 412 control and governance of digital technologies". The report states 413 that "technical standards" in particular can affect the freedom of 414 association and assembly, and makes some recommendations on which the 415 following could be relevant to our discussion here: 417 - "[Undertake] human rights impact assessments which incorporate the 418 rights to freedom of peaceful assembly and of association when 419 developing or modifying their products and services," 421 - "increase the quality of participation in and implementation of 422 existing multi-stakeholder initiatives," 424 - "collaborate with governments and civil society to develop 425 technology that promotes and strengthens human rights," 427 - "support the research and development of appropriate technological 428 solutions to online harassment, disinformation and propaganda, 429 including tools to detect and identify State-linked accounts and 430 bots," and 432 - "adopt monitoring indicators that include specific concerns 433 related to freedom of peaceful assembly and association." 435 In one of their "training kits" [APCtraining], the Association of 436 Progressive Communications addressed different impacts of the 437 internet on association and assembly and raised three particular 438 issues worthy to note here: 440 1. Organization of protests. Internet and social media are enablers 441 of protests, such as it was seen in the "Arab Spring". Some of 442 these protests - like online petitions or campaigns - are similar 443 to offline association and assembly, but other protest forms are 444 inherent to the Internet capacity like hacking, DDOS and are 445 subject to controversy within the Internet community, some people 446 finding it legitimate, and others not. 448 2. Surveillance. While the Internet facilitates association, the 449 association in turn leaves a lot of traces that can be used in 450 turn for law enforcement but also for repressing political 451 dissents. As they note, even the threat of surveillance can have 452 deter facilitation. 454 3. Anonymity and pseudonymity can be useful protection mechanism for 455 those who'd like to attend legitimate association without facing 456 retribution. On the other hand, anonymity can be used to harm 457 society, such as in online fraud or sexual predation. 459 Online association and assembly are the starting point of group to 460 mobilization in modern democracies, and even more so where physical 461 gatherings have been impossible or dangerous [APC]. Throughout the 462 world -from the Arab Spring to Latin American student movements and 463 the #WomensMarch- the Internet has played a crucial role by providing 464 means for the fast dissemination of information otherwise mediated by 465 the press, or even forbidden by the government [Pensado]. According 466 to Hussain and Howard the Internet helped to "build solidarity 467 networks and identification of collective identities and goals, 468 extend the range of local coverage to international broadcast 469 networks" and as platform for contestation for "the future of civil 470 society and information infrastructure" [HussainHoward]. The IETF 471 itself, defined as an 'open global community' of network designers, 472 operators, vendors, and researchers [RFC3233] is also protected by 473 freedom of assembly and association . Discussions, comments and 474 consensus around RFCs are possible because of the collective 475 expression that freedom of association and assembly allow. The very 476 word "protocol" found its way into the language of computer 477 networking based on the need for collective agreement among a group 478 of assembled network users [HafnerandLyon]. 480 [RFC8280] is a paper by the Human Rights Protocol Consideration 481 Resarch Group in the Internet Research Taskforce on internet 482 protocols and human rights that discusses issues of FAA, 483 specifically: 485 - The expansion of DNS for generic namespace as an enabler of 486 association for minorities. The paper argues that specifically 487 the expansion of the DNS to allow for new generic Top Level 488 Domains (gTLDs) can have negative impacts on freedom of 489 association because of restrictive policies by some registries and 490 registrars, on the other hand could gTLDs also enable communities 491 to build clearly identifiable spaces for association (such as 492 .gay). 494 - The impact of Distributed Denial of Service attacks on freedom of 495 association. Whereas DDoS has been used as a tool for protest, in 496 many cases this is infringing on other parties freedom of 497 expression. Furthermore, often devices (such as IoT devices and 498 routers) are inscribed in such DDoS attacks whereas the owner or 499 user did not consent to this. Thus they do not have the 500 possibility to exit this assembly. Therefore the draft concluded 501 that that IETF "should try to ensure that their protocols cannot 502 be used for DDoS attacks" 504 - The impact of middleboxes on the ability of users to connect to 505 the Internet and therefore their ability to exercise their right 506 to freedom of association and assembly. The lack of connectivity 507 can significantly impact freedom of assembly and association of a 508 user. Especially if this is done in a way that is not knowable 509 for the user and if there is no possibility to for the user to 510 have access to due process to dispute the lack of (secure or 511 private) connectivity in general or to a specific service. 513 In the 2020 report by the United Nations Special Rapporteur on Human 514 Rights [UN44-24] it is concluded that technologies can be enablers of 515 FAA, but technology is also significantly used to interfere with the 516 ability of people to exercise their right to freedom association and 517 assembly. Specifically, the report mentions network shutdowns, the 518 usage of technology to surveil protests and users. This includes 519 facial recognition, and the uses of other ways to violate the (group) 520 privacy of people engaged in an assembly or association. The report 521 makes it explicit that companies play a significant role enabling, 522 for instance by developing, providing or selling the technology, but 523 also by directly exercising these violations. 525 5.3. Specific questions raised from the literature review 527 Here are some questions raised from the literature review that can 528 have implications for protocol design: 530 1. Should protocols be designed to enable legitimate limitations on 531 association in the interests of "national security or public 532 safety, public order (ordre public), the protection of public 533 health or morals or the protection of the rights and freedoms of 534 others", as stated in the ICCPR article 21 [ICCPR]? Where in the 535 stack do we care for FAS? 537 2. Can protocols facilitate agency of membership in associations, 538 assemblies and interactions? 540 3. What are the features of protocols that enable freedom of 541 association and assembly? 543 4. Does protocol development sufficiently consider usable and 544 accessible formats and technologies appropriate for all persons, 545 including those with different kinds of disabilities? 547 5. Can a protocol be designed to legitimately exclude someone from 548 an association? 550 In the following sections we attempt to answer these questions with 551 specific examples of standardized protocols in the IETF. 553 6. Cases and examples 555 As the Internet mediates collective action and collaboration, it 556 impacts on freedom of association and assembly. To answer our 557 research question regarding how internet architecture enable and/or 558 inhibits such human right, we researched several independent and 559 typical cases related to protocols that have been either adopted by 560 the IETF, or are widely used on the Internet. Our goal is to figure 561 out whether they facilitate freedom of assembly and association, or 562 whether they inhibit it through their design or implementation. 564 We are aware that some of the following examples go beyond the use of 565 Internet protocols and flow over into the application layer or 566 examples in the offline world whereas the purpose of the current 567 document is to break down the relationship between Internet protocols 568 and the right to freedom of assembly and association. Nonetheless, 569 we do recognize that in some cases the line between them and 570 applications, implementations, policies and offline realities are 571 often blurred and hard -if not impossible- to differentiate. 573 We use the literature review to guide our process of inquiry for each 574 case, and to dive deeper in what can be found interesting about each 575 case as it relates to freedom of association. 577 6.1. Got No Peace: Spam and DDoS 579 Should protocols be designed to enable legitimate limitations on 580 association in the interests of "national security or public safety, 581 public order (ordre public), the protection of public health or morals 582 or the protection of the rights and freedoms of others", as stated in 583 the ICCPR article 21{ICCPR}}? Where in the stack do we care for FAA? 585 The 2020 report by the United Nations Special Rapporteur on Human 586 Rights [UN44-24] described how technology is often used to limit 587 freedom of assembly and association, such as for instance through 588 network shutdowns and the surveillance of groups. Because access to 589 the Internet is crucial not only for freedom of association and 590 assembly, but also for the right to development, and the right to 591 freedom of expression and information [Nyokabi], the United Nation 592 Special Rapporteur argues that: 594 (b) Avoid resorting to disruptions and shutdowns of Internet or 595 telecommunications networks at all times and particularly during 596 assemblies, including those taking place in electoral contexts 597 and during times of unrest; 599 Whereas the states have the obligation to protect human rights, there 600 has been an increasing call for non-state actors, such as companies, 601 to respect human rights [UNGP]. This includes a chain-responsibility 602 of actors, which means that not just the company's own processes 603 should not negatively impact human rights, but they should also 604 engage in due diligence processes, such as human rights impact 605 assessments. This includes an assessment of whether the products 606 that are sold, or the services that are provided, can be used to 607 engage in human rights violations, or whether human rights violations 608 occur in any stage of the supply chain of the company. If this is 609 the case, measures should be taken to mitigate this. 611 In the case of dual-use technologies, this means that technology 612 could be used for legitimate purposes, but could also be used to 613 limit freedom of association or assembly, it might mean that 614 producers or sellers should limit the parties they sell to, or even 615 better, ensure that the illegitimate use of the technology is not 616 technically possible anymore, or made more difficult. 618 6.1.1. Spam 620 In the 1990s as the internet became more and more commercial, spam 621 came to be defined as irrelevant or unsolicited messages that were 622 posted many times to multiple news groups or mailing lists {Marcus}}. 623 Here the question of consent, but also harm, are crucial. In the 624 2000s a large part of the discussion revolved around the fact that 625 certain corporations. protected by the right to freedom of 626 association, considered spam to be a form of "commercial speech", 627 thus encompassed by free expression rights [Marcus]. Yet spam can be 628 not only a nuisance, but a threat to systems and users. 630 This leaves us with an interesting case: spam is currently handled 631 mostly by mail providers on behalf of the user, next to that 632 countries are increasingly adopting opt-in regimes for mailing lists 633 and commercial e-mail, with a possibility of serious fines in case of 634 violation. Yet many ask is spam not the equivalent of the fliers and 635 handbills ever present in our offline world? The big difference 636 between the proliferation of such messages offline and online is the 637 scale. It is not hard for a single person to message a lot of 638 people, whereas if that person needed to go house by house the scale 639 and impact of their actions would be much smaller. Inversely if it 640 were a common practice to expose people to unwanted messages online, 641 users would be drowned in such messages, and no expression would be 642 possible anymore. Allowing illimited sending of unsolicited messages 643 would be a blow against freedom of speech: when everyone talks, 644 nobody listens. 646 Here the argument is very similar to DDoS attacks, considered next: 647 Legitimate uses of online campaigning, or online protesting, are 648 drowned out by a malicious use which constitutes an attack on the 649 internet infrastructure and thus the assembly or association itself. 651 6.1.2. DDoS 653 Distributed Denial of Service attacks are leveled against a server or 654 service by a controller of a host or multiple hosts by overloading 655 the server or service's bandwidth or resources (volume-based floods) 656 or exploit protocol behaviours (protocol attacks). DDoS attacks can 657 thus stifle and complicate the rights to assemble online for media 658 and human rights organisations whose websites are the target of DDoS. 659 At the same time there are comparisons made between DDoS attacks and 660 sit-in protests [Sauter]. However the main distinction is 661 significant: only a small fragment of "participants" (from 662 controllers to compromised device owners) in DDoS attacks are aware 663 or willing [RFC8280]. Notably DDoS attacks are increasingly used to 664 commit crimes such as extortion, which infringe on others' human 665 rights. 667 Because of the interrelation of technologies, it cannot be said that 668 there is one point in the technical stack that there are 669 characteristics of "peaceful" or "non-peaceful" association visible 670 to protocol developers. As we can see from the cases of spam 671 blocking and DDoS mitigation that "peaceful or non-peaceful" is not a 672 meaningful heuristic, or even characteristic, of problematic content. 673 If anything, their commonality is scale and volume. 675 6.2. Holistic Agency: Mailing Lists and Spam 677 Can protocols facilitate agency of membership in associations, 678 assemblies and interactions? 680 6.2.1. Mailing lists 682 Since the beginning of the Internet mailing lists have been a key 683 site of assembly and association [RFC0155] [RFC1211]. In fact, 684 mailing lists were one of the Internet's first functionalities 685 [HafnerandLyon]. 687 In 1971 four years after the invention of email, the first mailing 688 list was created to talk about the idea of using Arpanet for 689 discussion. What had initially propelled the Arpanet project forward 690 as a resource sharing platform was gradually replaced by the idea of 691 a network as a means of bringing people together [Abbate]. More than 692 45 years after, mailing lists are pervasive and help communities to 693 engage, have discussions, share information, ask questions, and build 694 ties. Even as social media and discussion forums grow, mailing lists 695 continue to be widely used [AckermannKargerZhang] and are still a 696 crucial tool to organise groups and individuals around themes and 697 causes [APC3]. 699 Mailing lists' pervasive use are partly explained because they allow 700 for "free" association: people subscribe (join) and unsubscribe 701 (leave) as they please. Mailing lists also allow for association of 702 specific groups on closed lists. This free association online 703 enables agency of membership, a key component of freedom of 704 association and assembly. 706 6.2.2. Spam 708 As we mentioned before, there are interesting implications for 709 freedom of association and assembly when looking at spam mitigation. 710 Here we want to specifically note that if we consider that the rights 711 to assembly and association also mean that "no one may be compelled 712 to belong to an association" [UDHR], spam infringes both rights if an 713 op-out mechanism is not provided and people are obliged to receive 714 unwanted information, or be reached by people they do not know. 716 6.3. Civics in Cyberspace: Messaging, Conferencing, and Networking 718 What are the features of protocols that enable freedom of 719 association and assembly? 721 Civic participation is often expressed as the freedom to associate 722 and assemble, along with a whole other set of enabling rights such as 723 freedom of expression and the right to privacy. UN Special 724 Rapporteur David Kaye established a strong relationship between 725 technology that allows anonymity and uses encryption have positive 726 effects on freedom of expression [Kaye]. Here we look at messaging, 727 such as email, mailing lists and internet relay chat; video 728 conferencing and peer-to-peer networking protocols to investigate the 729 common features that enable freedom of association and assembly 730 online. 732 6.3.1. Email 734 Similarly to freedom of expression's enabling and universal right to 735 impart one's ideas openly, "the right to whisper", or 736 confidentiality, is the ability to limit to whom one imparts one's 737 ideas. An encrypted email project, the LEAP Encryption Access 738 Project, says, "like free speech, the right to whisper is a necessary 739 precondition for a free society. Without it, civil society 740 languishes and political freedoms are curtailed. As the importance 741 of digital communication for civic participation increases, so too 742 does the importance of the ability to digitally whisper." [LEAP] 744 6.3.2. Mailing lists 746 Not only are mailing lists a good example of how protocols can 747 facilitate the necessary ingredient of agency in freedom of 748 association, mailing lists are an example of messaging technology 749 that has other features that enable freedom of association and 750 assembly. 752 The archival function of mailing lists allows for posterior 753 accountability and analysis. The ubiquity and interoperability of 754 email, and by extension email lists, provides a low barrier to entry 755 to an inclusive medium. 757 Association and assembly online can be undermined when right to 758 privacy is at risk. And one of the downsides of mailing lists are 759 similar to the privacy and security concerns generally associated 760 with email. At least with email, end-to-end encryption such as 761 OpenPGP [RFC4880] and S/MIME [RFC5751] can keep user communications 762 authenticated and confidential. With mailing lists, this protection 763 is not as possible because with many lists the final recipients are 764 typically too many for . There have been experimental solutions to 765 address this issue such as Schleuder [Schleuder], but this has not 766 been standardized or widely deployed. 768 6.3.3. IRC 770 Internet Relay Chat (IRC) is an application layer protocol that 771 enables communication in the form of text through a client/server 772 networking model [RFC2810]. In other words, a chat service. IRC 773 clients are computer programs that a user can install on their 774 system. These clients communicate with chat servers to transfer 775 messages to other clients. Features of IRC include: federated 776 design, transport encryption, one-to-many routing, creation of topic- 777 based "channels", and spam or abuse moderation. 779 For the purposes of civic participation and freedom of association 780 and assembly in particular it is critical that IRC's federated design 781 allows many interoperable, yet customisable, instances and basic 782 assurance of confidentiality through transport encryption. We 783 investigate the particular aspect of agency in membership through 784 moderation in the section 'Block Together Now: IRC and Refusals' 785 below. 787 6.3.4. WebRTC 789 Multi-party video conferencing protocols like WebRTC [RFC6176] 790 [RFC7118] allow for robust, bandwidth-adaptive, wideband and super- 791 wideband video and audio discussions in groups. 'The WebRTC protocol 792 was designed to enable responsive real-time communications over the 793 Internet, and is instrumental in allowing streaming video and 794 conferencing applications to run in the browser. In order to easily 795 facilitate direct connections between computers (bypassing the need 796 for a central server to act as a gatekeeper), WebRTC provides 797 functionality to automatically collect the local and public IP 798 addresses of Internet users (ICE or STUN). These functions do not 799 require consent from the user, and can be instantiated by sites that 800 a user visits without their awareness. The potential privacy 801 implications of this aspect of WebRTC are well documented, and 802 certain browsers have provided options to limit its behavior.' 803 [AndersonGuarnieri]. 805 Even though some multi-party video conferencing tools facilitate 806 freedom of assembly and association, their own configuration might 807 might pose concrete risks for those who use them. One the one hand 808 WebRTC is providing resilient channels of communications, but on the 809 other hand it also exposes information about those who are using the 810 tool which might lead to increased surveillance, identification and 811 the consequences that might be derived from that. This is especially 812 concerning because the usage of a VPN does not protect against the 813 exposure of IP addresses [Crawford]. 815 The risk of surveillance is also true in an offline space, but this 816 is generally easy to analyze for the end-user. Security and privacy 817 expectations of the end-user could be either improved or made 818 explicit. This in turn would result in a more secure and/or private 819 exercise of the right to freedom of assembly or association. 821 6.3.5. Peer-to-peer networking 823 At the organizational level, peer production is one of the most 824 relevant innovations from Internet mediated social practices. 825 According to [Benkler] these networks imply 'open collaborative 826 innovation and creation, performed by diverse, decentralized groups 827 organized principally by neither price signals nor organizational 828 hierarchy, harnessing heterogeneous motivations, and governed and 829 managed based on principles other than the residual authority of 830 ownership implemented through contract.' [Benkler]. 832 In his book The Wealth of Networks, [Benkler2] significantly expands 833 on his definition of commons-based peer production. In his view, 834 what distinguishes commons-based production is that it doesn't rely 835 upon or propagate proprietary knowledge: "The inputs and outputs of 836 the process are shared, freely or conditionally, in an institutional 837 form that leaves them equally available for all to use as they choose 838 at their individual discretion." [Benkler2]. To ensure that the 839 knowledge generated is available for free use, commons-based projects 840 are often shared under an open license 842 Peer-to-peer (P2P) is essentially a model of how people interact in 843 real life because "we deal directly with one another whenever we wish 844 to" [Vu]. Usually if we need something we ask our peers, who in turn 845 refer us to other peers. In this sense, the ideal definition of P2P 846 is that "nodes are able to directly exchange resources and services 847 between themselves without the need for centralized servers" where 848 each participating node typically acts both as a server and as a 849 client [Vu]. [RFC5694] has defined it as peers or nodes that should 850 be able to communicate directly between themselves without passing 851 intermediaries, and that the system should be self-organizing and 852 have decentralized control [RFC5694]. With this in mind, the 853 ultimate model of P2P is a completely decentralized system, which is 854 more resistant to speech regulation, immune to single points of 855 failure and has a higher performance and scalability. Nonetheless, 856 in practice some P2P systems are supported by centralized servers and 857 some others have hybrid models where nodes are organized into two 858 layers: the upper tier servers and the lower tier common nodes [Vu]. 860 Since the ARPANET project, the original idea behind the Internet was 861 conceived as what we would now call a peer-to-peer system [RFC0001]. 862 Over time it has increasingly shifted towards a client/server model 863 with "millions of consumer clients communicating with a relatively 864 privileged set of servers" [NelsonHedlun]. 866 Whether for resource sharing or data sharing, P2P systems are 867 enabling freedom of assembly and association. Not only do they allow 868 for effective dissemination of information, but they leverage 869 computing resources by diminishing costs allowing for the formation 870 of open collectives at the network level. At the same time, in 871 completely decentralized systems the nodes are autonomous and can 872 join or leave the network as they want -a characteristic that makes 873 the system unpredictable: a resource might be only sometimes 874 available, and some other resources might be missing or incomplete 875 [Vu]. Lack of information might in turn makes association or 876 assembly more difficult. 878 Additionally, when architecturally assessing the role of P2P systems 879 we could say that: "the main advantage of centralized P2P systems is 880 that they are able to provide a quick and reliable resource locating. 881 Their limitation, however, is that the scalability of the systems is 882 affected by the use of servers. While decentralized P2P systems are 883 better than centralized P2P systems in this aspect, they require a 884 longer time in resource locating. As a result, hybrid P2P systems 885 have been introduced to take advantage of both centralized and 886 decentralized architectures. Basically, to maintain the scalability, 887 similar to decentralized P2P systems, there are no servers in hybrid 888 P2P systems. However, peer nodes that are more powerful than others 889 can be selected to act as servers to serve others. These nodes are 890 often called super peers. In this way, resource locating can be done 891 by both decentralized search techniques and centralized search 892 techniques (asking super peers), and hence the systems benefit from 893 the search techniques of centralized P2P systems." [Vu]. 895 6.4. Universal Access: The Web 897 Does protocol development sufficiently consider usable and accessible 898 formats and technologies appropriate for persons with different kinds 899 of disabilities? 901 The W3C has done significant work to ensure that the Web is 902 accessible to people with diverse physical abilities [W3C]. The 903 implementation of these accesibility standards for instance help 904 people can't have issues with seeing or rendering an images to 905 understand what the image actually contains. 907 The IETF uses English as its primary working language, both in its 908 documentation and in its communication. This is also the case for 909 reference implementations. Whereas it is estimated that roughly 20% 910 of the Earth's population speaks English, whereas only 360 million 911 speak English as their first language. [RFC2277] describes that 912 '"Internationalization is for humans. This means that protocols are 913 not subject to internationalization; text strings are.", this implies 914 that protocol developers, as well as people that work with protocols, 915 are not people, or that protocol developers are all in command of the 916 English language. This means that it is significantly easier for 917 people who have a command of the English language to become a 918 protocol developer - and it might lead to the development of separate 919 protocols that are developed within large language communities that 920 are not using the English language or the Latin script. This makes 921 it harder for people who seek to shape their own space of association 922 and assembly on the Internet to do so. And is thus driving these 923 communities into, often proprietary and non-interoperable services 924 such as Facebook. 926 When Ramsey Nasser developed the Arabic programming language 927 قلب (transliterated Qalb, Qlb and Alb) [Nasser] he 928 called it 'engineering performance art' instead of engineering, 929 because he knew that his language would not work. In part this is 930 because all modern programming tools are based on the ASCII character 931 set, which encodes Latin Characters and was originally based on the 932 English Language. This highlights cultural biases of computer 933 science and engineering. Despite long significant efforts, it is 934 still largely impossible to register an email address in a language 935 such as Devanagari, Arabic, or Chinese. Even if it is possible - it 936 is to be expected that there will be a significant failure rate in 937 sending and receiving emails with other services. This makes it 938 harder for people who do not speak English and/or don't use the 939 written Latin script to exercise their freedom of association and 940 assembly. 942 6.5. Block Together Now: IRC and Refusals 944 Can a protocol be designed to legitimately exclude someone 945 from an association? 947 Previously we spoke about the privacy protecting features of IRC that 948 enable freedom of association and assembly, including transport 949 security. But now we turn to the ability to block users and 950 effectively moderate discussions on IRC as a key feature of the 951 technology that enables agency in membership, a key aspect of freedom 952 of association and assembly. 954 For order to be kept within the IRC network, special classes of users 955 become "operators" and are allowed to perform general maintenance 956 functions on the network: basic network tasks such as disconnecting 957 (temporary or permanently) and reconnecting servers as needed 958 [RFC2812]. One of the most controversial power of operators is the 959 ability to remove a user from the connected network by 'force', i.e., 960 operators are able to close the connection between any client and 961 server [RFC2812]. 963 IRC servers may deploy different policies for the ability of users to 964 create their own channels or 'rooms', and for the delegation of 965 'operator'-rights in such spaces. Some IRC servers support SSL/TLS 966 connections for security purposes [RFC7194] which helps stop the use 967 of packet sniffer programs to obtain the passwords of IRC users, but 968 has little use beyond this scope due to the public nature of IRC 969 channels. TLS connections require both client and server support 970 (that may require the user to install TLS binaries and IRC client 971 specific patches or modules on their computers). Some networks also 972 use TLS for server to server connections, and provide a special 973 channel flag (such as +S) to only allow TLS-connected users on the 974 channel, while disallowing operator identification in clear text, to 975 better utilize the advantages that TLS provides. 977 7. Conclusions: Can we learn anything from the previous case studies? 979 Communities, collaboration and joint action lie at the heart of the 980 Internet. Even at at a linguistic level, the words "networks" and 981 "associations" are closely related. Both are groups and assemblies 982 of people depend on "links" and "relationships" [Swire]. Taking 983 legal definitions given in international human rights law 984 jurisprudence, we could assert that the right to freedom of assembly 985 and association protect collective expression. These rights protect 986 any collective, gathered either permanently or temporarily for 987 "peaceful" purposes. It is voluntary and uncoerced. 989 Given that the Internet itself was originally designed as a medium of 990 communication for machines that share resources with each other as 991 equals [RFC0903], the Internet is now one of the most basic 992 infrastructures for the right to freedom of assembly and association. 993 Since Internet protocols and the Internet architecture play a central 994 role in the management, development and use of the Internet, we 995 established the relation between some protocols and the right to 996 freedom of assembly and association. 998 After reviewing several cases representative of FAA considerations 999 inherent in protocols standardized at the IETF, we can conclude that 1000 the way in which infrastructure is designed and implemented impacts 1001 people's ability to exercise their freedom of assembly and 1002 association. This is because different technical designs come with 1003 different properties and characteristics. These properties and 1004 characteristics on the one hand enable people to assemble and 1005 associate, but on the other hand also adds limiting, or even 1006 potentially endangering, characteristics. More often than not, this 1007 depends on the context. A clearly identified group for open 1008 communications, where messages are sent in cleartext and where 1009 peoples persistent identities are visible, can help to facilitate an 1010 assembly and build trust, but in other contexts the same 1011 configuration could pose a significant danger. Endangering 1012 characteristics should be mitigated, or at least clearly communicated 1013 to the users of these technologies. 1015 Lastly, the increasing shift towards closed and non-interoperable 1016 platforms in chat and social media networks have a significant impact 1017 on the distributed and open nature of the Internet. Often these non- 1018 interoperable platforms are built on open-protocols but do not allow 1019 for interoperability or data-portability. The use of social-media 1020 platforms has enabled groups to associate, but it has also rendered 1021 users unable to change platforms, therefore leading to a sort of 1022 "forced association" that inhibits people to fully exercise their 1023 freedom of assembly and association. 1025 8. Acknowledgements 1027 - Fred Baker, Jefsey, and Andrew Sullivan for work on Internet 1028 definitions. 1030 - Stephane Bortzmeyer for several concrete text suggestions that 1031 found their way in this document (such as the AS filtering 1032 example). 1034 - Mark Perkins and Gurshabad for finding a lot of typos. 1036 - Gurshabad Grover and an anonymous reviewer for a full review. 1038 - The hrpc mailinglist at large for a very constructive discussion 1039 on a hard topic. 1041 9. Security Considerations 1043 As this draft concerns a research document, there are no security 1044 considerations. 1046 10. IANA Considerations 1048 This document has no actions for IANA. 1050 11. Research Group Information 1052 The discussion list for the IRTF Human Rights Protocol Considerations 1053 Research Group is located at the e-mail address hrpc@ietf.org [1]. 1054 Information on the group and information on how to subscribe to the 1055 list is at https://www.irtf.org/mailman/listinfo/hrpc [2] 1057 Archives of the list can be found at: https://www.irtf.org/mail- 1058 archive/web/hrpc/current/index.html [3] 1060 12. References 1062 12.1. Informative References 1064 [Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT 1065 Press (2013): 11. , 2013, 1066 . 1068 [AckermannKargerZhang] 1069 Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists: 1070 Why Are They Still Here, What's Wrong With Them, and How 1071 Can We Fix Them?", Mit. edu (2017): 1. , 2017, 1072 . 1075 [AndersonGuarnieri] 1076 Anderson, C. and C. Guarnieri, "Fictitious Profiles and 1077 WebRTC's Privacy Leaks Used to Identify Iranian 1078 Activists", 2016, 1079 . 1082 [APC] Association for Progressive Communications and . Gayathry 1083 Venkiteswaran, "Freedom of assembly and association online 1084 in India, Malaysia and Pakistan. Trends, challenges and 1085 recommendations.", 2016, 1086 . 1089 [APC3] Association for Progressive Communications, "Closer than 1090 ever", 2020, . 1092 [APCtraining] 1093 Sauter, D. and Association for Progressive Communications, 1094 "Multimedia training kit", 2013, 1095 . 1098 [Australia] 1099 Australian Government, Attorney-General's Department, 1100 "Right to freedom of assembly and association", 2020, 1101 . 1106 [Benkler] Benkler, Y., "Peer Production and Cooperation", 2009, 1107 . 1110 [Benkler2] 1111 Benkler, Y., "The wealth of Networks - How social 1112 production transforms markets and freedom", New Haven and 1113 London - Yale University Press , 2006, 1114 . 1116 [Bloketal] 1117 Blok, A., Nakazora, M., and B. Winthereik, 1118 "Infrastructuring Environments", Science as Culture 25:1, 1119 1-22. , 2016. 1121 [Bowker] Bowker, G., "Information mythology and infrastructure", 1122 In: L. Bud (Ed.), Information Acumen: The Understanding 1123 and use of Knowledge in Modern 1124 Business,Routledge,London,1994,pp.231-247 , 1994. 1126 [CERD] United Nations, "Convention on the Elimination of all 1127 forms of Racial Discrimination", 1966, 1128 . 1131 [CoE] Council of Europe, "Freedom of assembly and association on 1132 the Internet", 2015, 1133 . 1137 [Crawford] 1138 Crawford, D., "The WebRTC VPN "Bug" and How to Fix", 2015, 1139 . 1142 [CRC] Wikipedia, ., "Lorum", 2000, 1143 . 1146 [CRPD] United Nations, "Convention on the Rights of Persons with 1147 Disabilities", 2007, 1148 . 1151 [Glasius] Glasius, M., Schalk, J., and M. De Lange, "Illiberal Norm 1152 Diffusion: How Do Governments Learn to Restrict 1153 Nongovernmental Organizations?", 2020, 1154 . 1156 [HafnerandLyon] 1157 Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. 1158 The Origins of the Internet", First Touchstone Edition 1159 (1998): 93. , 1998, . 1161 [HRPC-charter] 1162 Human Rights Protocol Consideration RG, ., "Charter for 1163 Research Group", 2015, 1164 . 1166 [HussainHoward] 1167 Hussain, M. and P. Howard, "What Best Explains Successful 1168 Protest Cascades? ICTs and the Fuzzy Causes of the Arab 1169 Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013, 1170 . 1172 [ICCPR] United Nations General Assembly, "International Covenant 1173 on Civil and Political Rights", 1966, 1174 . 1177 [Kaye] Kaye, D., "The use of encryption and anonymity in digital 1178 communications", 2015, 1179 . 1182 [LEAP] LEAP, "The Right to Whisper", 2020, 1183 . 1185 [Loi] Loi, M. and M. Christen, "Two Concepts of Group Privacy", 1186 2020, . 1189 [Mainwaringetal] 1190 Mainwaring, S., Chang, M., and K. Anderson, 1191 "Infrastructures and Their Discontents: Implications for 1192 Ubicomp", DBLP Conference: Conference: UbiComp 2004: 1193 Ubiquitous Computing: 6th International Conference, 1194 Nottingham, UK, September 7-10, 2004. Proceedings , 2004, 1195 . 1198 [Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and 1199 the first amendment", 1998, . 1202 [Nasser] Nasser, R., "قلب", 2013, 1203 . 1205 [NelsonHedlun] 1206 Minar, N. and M. Hedlun, "A Network of Peers: Models 1207 Through the History of the Internet", Peer to Peer: 1208 Harnessing the Power of Disruptive Technologies, ed: Andy 1209 Oram , 2001, . 1214 [Nyokabi] Nyokabi, D., Diallo, N., Ntesang, N., White, T., and T. 1215 Ilori, "The right to development and internet shutdowns: 1216 Assessing the role of information and communications 1217 technology in democratic development in Africa", 2019, 1218 . 1222 [Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", 1223 ReVista. Harvard Review of Latin America (2012). , 2012, 1224 . 1226 [PipekWulf] 1227 Pipek, V. and W. Wolf, "Infrastructuring: Towards an 1228 Integrated Perspective on the Design and Use of 1229 Information Technology", Journal of the Association for 1230 Information Systems (10) 5, pp. 306-332 , 2009. 1232 [RFC0001] Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001, 1233 April 1969, . 1235 [RFC0155] North, J., "ARPA Network mailing lists", RFC 155, 1236 DOI 10.17487/RFC0155, May 1971, 1237 . 1239 [RFC0903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A 1240 Reverse Address Resolution Protocol", STD 38, RFC 903, 1241 DOI 10.17487/RFC0903, June 1984, 1242 . 1244 [RFC1211] Westine, A. and J. Postel, "Problems with the maintenance 1245 of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, 1246 March 1991, . 1248 [RFC1771] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP- 1249 4)", RFC 1771, DOI 10.17487/RFC1771, March 1995, 1250 . 1252 [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, 1253 selection, and registration of an Autonomous System (AS)", 1254 BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996, 1255 . 1257 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 1258 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 1259 . 1261 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 1262 Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, 1263 January 1998, . 1265 [RFC2810] Kalt, C., "Internet Relay Chat: Architecture", RFC 2810, 1266 DOI 10.17487/RFC2810, April 2000, 1267 . 1269 [RFC2812] Kalt, C., "Internet Relay Chat: Client Protocol", 1270 RFC 2812, DOI 10.17487/RFC2812, April 2000, 1271 . 1273 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 1274 RFC 3233, DOI 10.17487/RFC3233, February 2002, 1275 . 1277 [RFC4084] Klensin, J., "Terminology for Describing Internet 1278 Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, 1279 May 2005, . 1281 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1282 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1283 DOI 10.17487/RFC4271, January 2006, 1284 . 1286 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. 1287 Thayer, "OpenPGP Message Format", RFC 4880, 1288 DOI 10.17487/RFC4880, November 2007, 1289 . 1291 [RFC5694] Camarillo, G., Ed. and IAB, "Peer-to-Peer (P2P) 1292 Architecture: Definition, Taxonomies, Examples, and 1293 Applicability", RFC 5694, DOI 10.17487/RFC5694, November 1294 2009, . 1296 [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 1297 Mail Extensions (S/MIME) Version 3.2 Message 1298 Specification", RFC 5751, DOI 10.17487/RFC5751, January 1299 2010, . 1301 [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer 1302 (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March 1303 2011, . 1305 [RFC7118] Baz Castillo, I., Millan Villegas, J., and V. Pascual, 1306 "The WebSocket Protocol as a Transport for the Session 1307 Initiation Protocol (SIP)", RFC 7118, 1308 DOI 10.17487/RFC7118, January 2014, 1309 . 1311 [RFC7194] Hartmann, R., "Default Port for Internet Relay Chat (IRC) 1312 via TLS/SSL", RFC 7194, DOI 10.17487/RFC7194, August 2014, 1313 . 1315 [RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights 1316 Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, 1317 October 2017, . 1319 [Sauter] Sauter, M., "The Coming Swarm", Bloomsbury , 2014. 1321 [Schleuder] 1322 Nadir, "Schleuder - A gpg-enabled mailinglist with 1323 remailing-capabilities.", 2017, 1324 . 1326 [Stanford] 1327 Brownlee, K. and D. Jenkins, "Freedom of Association", 1328 2019, 1329 . 1331 [Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of 1332 Association: Data Empowerment vs. Data Protection", North 1333 Carolina Law Review (2012) 90 (1): 104. , 2012, 1334 . 1337 [Troncosoetal] 1338 Troncoso, C., Isaakdis, M., Danezis, G., and H. Halpin, 1339 "Systematizing Decentralization and Privacy: Lessons from 1340 15 Years of Research and Deployments", Proceedings on 1341 Privacy Enhancing Technologies ; 2017 (4):307-329 , 2017, 1342 . 1345 [UDHR] United Nations General Assembly, "The Universal 1346 Declaration of Human Rights", 1948, 1347 . 1349 [UN44-24] Wikipedia, ., "Lorum", 2000, 1350 . 1353 [UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004, 1354 . 1357 [UNGP] United Nations, "Guiding Principles on Business and Human 1358 Rights", 2011, 1359 . 1362 [UNHRC] Maina Kiai, ., "Report of the Special Rapporteur on the 1363 rights to freedom of peaceful assembly and of 1364 association", A/HRC/20/27 , 2012, 1365 . 1368 [UNHRC2016] 1369 United Nations Human Rights Council, "UN Human Rights 1370 Council Resolution 'The promotion, protection and 1371 enjoyment of human rights on the Internet' (A/HRC/32/ 1372 L.20)", 2016, . 1376 [ViennaDeclaration] 1377 United Nations, "Vienna Declaration and Programme of 1378 Action", 1993, 1379 . 1382 [Vu] Vu, Quang Hieu, ., Lupu, Mihai, ., and . Ooi, Beng Chin, 1383 "Peer-to-Peer Computing: Principles and Applications", 1384 2010, . 1386 [W3C] W3C, "Accessibility", 2015, 1387 . 1389 12.2. URIs 1391 [1] mailto:hrpc@ietf.org 1393 [2] https://www.irtf.org/mailman/listinfo/hrpc 1395 [3] https://www.irtf.org/mail-archive/web/hrpc/current/index.html 1397 Authors' Addresses 1399 Niels ten Oever 1400 Univeristy of Amsterdam & Texas A&M University 1402 EMail: mail@nielstenoever.net 1404 Gisela Perez de Acha 1405 Derechos Digitales 1407 EMail: gisela@derechosdigitales.org 1409 Stephane Couture 1410 University de Montreal 1412 EMail: stephane.couture@umontreal.ca 1413 Mallory Knodel 1414 Center for Democracy & Technology 1416 EMail: mknodel@cdt.org