idnits 2.17.1 draft-irtf-hrpc-association-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 22, 2021) is 1152 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 1468 -- Looks like a reference, but probably isn't: '2' on line 1470 -- Looks like a reference, but probably isn't: '3' on line 1472 == Unused Reference: 'UNRSFAA2012' is defined on line 1433, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 155 (Obsoleted by RFC 168) -- Obsolete informational reference (is this intentional?): RFC 1771 (Obsoleted by RFC 4271) -- Obsolete informational reference (is this intentional?): RFC 5751 (Obsoleted by RFC 8551) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft Univeristy of Amsterdam 4 Intended status: Informational G. Perez de Acha 5 Expires: August 26, 2021 Derechos Digitales 6 S. Couture 7 University de Montreal 8 M. Knodel 9 Center for Democracy & Technology 10 February 22, 2021 12 Freedom of Association on the Internet 13 draft-irtf-hrpc-association-07 15 Abstract 17 This document discusses the relationships between the Internet 18 architecture and the ability of people to exercise their right to 19 freedom of assembly and the right to association online. The 20 Internet increasingly mediates our lives, our relationships, and our 21 ability to exercise our human rights. As a global forum, the 22 Internet provides a public space, yet it is predominantly built on 23 private infrastructure. Since Internet protocols play a central role 24 in the management, development, and use of the Internet, we analyze 25 the relation between protocols and the rights to assemble and 26 associate to mitigate infringements on those rights. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on August 26, 2021. 45 Copyright Notice 47 Copyright (c) 2021 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Vocabulary used . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Research question . . . . . . . . . . . . . . . . . . . . . . 5 65 4. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 5. Literature Review . . . . . . . . . . . . . . . . . . . . . . 6 67 5.1. FAA definition and core treaties . . . . . . . . . . . . 6 68 5.2. FAA in the digital era . . . . . . . . . . . . . . . . . 9 69 5.3. Specific questions raised from the literature review . . 13 70 6. Cases and examples . . . . . . . . . . . . . . . . . . . . . 13 71 6.1. Got No Peace: Spam and DDoS . . . . . . . . . . . . . . . 14 72 6.1.1. Spam . . . . . . . . . . . . . . . . . . . . . . . . 15 73 6.1.2. DDoS . . . . . . . . . . . . . . . . . . . . . . . . 15 74 6.2. Holistic Agency: Mailing Lists and Spam . . . . . . . . . 16 75 6.2.1. Mailing lists . . . . . . . . . . . . . . . . . . . . 16 76 6.2.2. Spam . . . . . . . . . . . . . . . . . . . . . . . . 17 77 6.3. Civics in Cyberspace: Messaging, Conferencing, and 78 Networking . . . . . . . . . . . . . . . . . . . . . . . 17 79 6.3.1. Email . . . . . . . . . . . . . . . . . . . . . . . . 17 80 6.3.2. Mailing lists . . . . . . . . . . . . . . . . . . . . 17 81 6.3.3. IRC . . . . . . . . . . . . . . . . . . . . . . . . . 18 82 6.3.4. WebRTC . . . . . . . . . . . . . . . . . . . . . . . 18 83 6.3.5. Peer-to-peer networking . . . . . . . . . . . . . . . 19 84 6.4. Universal Access: The Web . . . . . . . . . . . . . . . . 21 85 6.5. Block Together Now: IRC and Refusals . . . . . . . . . . 22 86 7. Conclusions: Can we learn anything from the previous case 87 studies? . . . . . . . . . . . . . . . . . . . . . . . . . . 22 88 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 91 11. Research Group Information . . . . . . . . . . . . . . . . . 24 92 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 93 12.1. Informative References . . . . . . . . . . . . . . . . . 24 94 12.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 32 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 97 1. Introduction 99 We shape our tools and, thereafter, our tools shape us.  100 - John Culkin (1967) 102 Article 21 of the Covenant protects peaceful assemblies wherever they 103 take place: outdoors, indoors and online; in public and private spaces; 104 or a combination thereof. 105 - General Comment 37 of the Human Rights Committee (2020) 107 In the digital age, the exercise of the rights of peaceful assembly and 108 association has become largely dependent on business enterprises, 109 whose legal obligations, policies, technical standards, financial models 110 and algorithms can affect these freedoms. 112 - Annual Report to the UN Human Rights Council by the Special 113 Rapporteur on the rights to freedom of peaceful assembly and 114 of association (2019). 116 The current draft continues the work started in "Research into Human 117 Rights Protocol Considerations" [RFC8280] by investigating the impact 118 of Internet protocols on a specific set of human rights, namely the 119 right to freedom of assembly and association. Taking into 120 consideration the international human rights framework regarding the 121 human right to freedom of assembly and association, the present 122 document seeks to deepen the relationship between this human right 123 and Internet architecture, protocols, and standards. In that way, we 124 continue the work of the Human Rights Protocol Consideration Research 125 Group, as laid out in its charter, where one of the research aims is 126 "to expose the relation between protocols and human rights, with a 127 focus on the rights to freedom of expression and freedom of assembly" 128 [HRPC-charter]. The conclusions may inform the development of new 129 guidelines for protocol developers in draft-irtf-hrpc-guidelines. 131 The research question of this document is: what are the protocol 132 development considerations for freedom of assembly and association? 134 2. Vocabulary used 136 Architecture The design of a structure 138 Autonomous System (AS) Autonomous Systems are the unit of routing 139 policy in the modern world of exterior routing [RFC1930]. 141 Within the Internet, an autonomous system (AS) is a collection of 142 connected Internet Protocol (IP) routing prefixes under the 143 control of one or more network operators on behalf of a single 144 administrative entity or domain that presents a common, clearly 145 defined routing policy to the Internet [RFC1930]. 147 The classic definition of an Autonomous System is a set of routers 148 under a single technical administration, using an interior gateway 149 protocol and common metrics to route packets within the AS, and 150 using an exterior gateway protocol to route packets to other ASs 151 [RFC1771]. 153 Border Gateway Protocol (BGP) An inter-Autonomous System routing 154 protocol [RFC4271]. 156 Connectivity The extent to which a device or network is able to 157 reach other devices or networks to exchange data. The Internet is 158 the tool for providing global connectivity [RFC1958]. Different 159 types of connectivity are further specified in [RFC4084]. The 160 combination of the end-to-end principle, interoperability, 161 distributed architecture, resilience, reliability and robustness 162 are the enabling factors that result in connectivity to and on the 163 Internet. 165 Decentralization Implementation or deployment of standards, 166 protocols or systems without one single point of control. 168 Distributed system A system with multiple components that have their 169 behavior co-ordinated via message passing. These components are 170 usually spatially separated and communicate using a network, and 171 may be managed by a single root of trust or authority. 172 [Troncosoetal] 174 Infrastructure Underlying basis or structure for a functioning 175 society, organization or community. Because infrastructure is a 176 precondition for other activities it has a procedural, rather than 177 static, nature due to its social and cultural embeddedness 178 [PipekWulf] [Bloketal]. This means that infrastructure is always 179 relational: infrastructure always develops in relation to 180 something or someone [Bowker]. 182 Internet The Network of networks, that consists of Autonomous 183 Systems that are connected through the Internet Protocol (IP). 185 A persistent socio-technical system over which services are 186 delivered [Mainwaringetal], 187 A techno-social assemblage of devices, users, sensors, networks, 188 routers, governance, administrators, operators and protocols 190 An emergent-process-driven thing that is born from the collections 191 of the ASes that happen to be gathered together at any given time. 192 The fact that they tend to interact at any given time means it is 193 an emergent property that happens because they use the protocols 194 defined at IETF. 196 3. Research question 198 The research question of this document is: what are the protocol 199 development considerations for freedom of assembly and association? 201 4. Methodology 203 The point of departure of the present work [RFC8280] is an initial 204 effort to expose the relationship between human rights and the 205 Internet architecture, specifically protocols and standards. As 206 such, [RFC8280] was inductive and explorative in nature. The 207 methodology in this previous work was based on the discourse analysis 208 of RFCs, interviews with members of the IETF community, and 209 participant observation in IETF working groups, with the goal to 210 identify technical concepts that relate to human rights. This work 211 resulted in the proposal of guidelines to describe a relationship 212 between the right to freedom of assembly and association and 213 connectivity, security, censorship resistance, anonymity, 214 pseudonymity, accessibility, decentralization, adaptability, and 215 outcome transparency. 217 In this document, we deepen our exploration of human rights and 218 protocols by assessing one specific set of human rights: freedom of 219 association and assembly, abbreviated here as FAA. Our methodology 220 for doing so is the following: first, we provide a brief twofold 221 literature review addressing the philosophical and legal definitions 222 of FAA and how this right has already been interpreted or analyzed 223 concerning the digital. This literature review is not exhaustive nor 224 systematic but aims at providing some lines of questioning that could 225 later be used for protocol development. The second part of our 226 methodology looks at some cases of Internet protocols that are 227 relevant to the sub-questions highlighted in the literature review, 228 and analyze how these protocols facilitate and inhibit the right to 229 assembly and association. 231 5. Literature Review 233 5.1. FAA definition and core treaties 235 The rights to freedom of association and assembly are defined and 236 guaranteed in national law and international treaties. Article 20 of 237 the Universal Declaration of Human Rights [UDHR] states for instance 238 that "Everyone has the right to freedom of peaceful assembly and 239 association" and that "No one may be compelled to belong to an 240 association". Article 23 further guarantees that "Everyone has the 241 right to form and to join trade unions for the protection of his 242 interests". In the International Covenant on Civil and Political 243 Rights [ICCPR], article 21 stipulates that "The right of peaceful 244 assembly shall be recognized" and that "No restrictions may be placed 245 on the exercise of this right other than those imposed in conformity 246 with the law and which are necessary in a democratic society in the 247 interests of national security or public safety, public order (ordre 248 public), the protection of public health or morals or the protection 249 of the rights and freedoms of others" while article 22 states that 250 "Everyone shall have the right to freedom of association with others, 251 including the right to form and join trade unions". 253 General Comment No. 37 on the right of peaceful assembly by the 254 United Nations Human Rights Committee affirms that the right of 255 peaceful assembly protects non-violent online gatherings: "associated 256 activities that happen online or otherwise rely upon digital services 257 [...] are also protected" [UNGC37]. Interference with emerging 258 communications technologies that offer the opportunity to assemble 259 either wholly or partly online or play an integral role in 260 organizing, participating in and monitoring physical gatherings are 261 assumed to impede assemblies which are protected by this right. 262 Moreover, any restriction on the 'operation of information 263 dissemination systems' must conform with the tests for restrictions 264 on freedom of expression (see below). 266 Other treaties are sometimes cited as the source and framework to the 267 right to freedom of association and assembly. Such as Article 5 of 268 the International Convention on the Elimination of All Forms of 269 Racial Discrimination [CERD] which stipulates freedom of peaceful 270 assembly and association should be guaranteed "without discrimination 271 as to race, colour, national or ethnic origin"; Article 15 of the 272 Convention on the Rights of the Child [CRC] which recognises to child 273 pending the restrictions cited above; and Article 21 of the 274 Convention on the Rights of Persons with Disabilities [CRPD] which 275 insist on usable and accessible formats and technologies appropriate 276 for persons with different kinds of disabilities. The freedoms of 277 peaceful assembly and association are also protected under regional 278 human rights treaties: article 11 of the European Convention on Human 279 Rights, articles 15 and 16 of the American Convention on Human 280 Rights, article 10 and 11 of the African Charter on Human and 281 Peoples' Rights. 283 From a more philosophical perspective, Brownlee and Jenkins 284 [Stanford] make some interesting distinctions in particular regarding 285 the concepts of association, assembly and interaction, deviating 286 somewhat from what is established in interpretations of international 287 human rights law. "Interaction" refers to any kind of interpersonal 288 and often incidental engagements in daily life, like encountering 289 strangers on a bus. Interaction is seen as a "prerequisite" for 290 association. Assembly, according to Brownlee and Jenkins has a more 291 political connotation and is often used to refer to activists, 292 protesters, or members of a group in a deliberating event. The 293 authors refer to association as more "persistent connections" and 294 distinguish between intimate associations, like friendship, love, or 295 family, and collective association like trade unions, commercial 296 business, or "expressive associations" like civil rights 297 organizations or LGBTQIA associations. For Brownlee and Jenkins 298 [Stanford], the right to association is linked to different relative 299 freedoms: permission (to associate or dissociate), claim-right (to 300 oppose others interfering with our conduct), power (to alter the 301 status of our association), immunity (from other people interfering 302 in our right). Freedom of association thus refers both to the 303 individual right to join or leave a group and to the collective right 304 to form or dissolve a group. 306 Freedoms of association and peaceful assembly, however, are relative 307 and not absolute. Excluding someone from an association based on its 308 sex, race or other individual characteristic is also often 309 contentious if not illegal. As mentioned above, international human 310 rights law provides the framework for legitimate restrictions on 311 these rights, as well as the right to privacy and the right to 312 freedom of expression and opinion. Restrictions can be imposed by 313 states, but only if this is lawful and proportionate. States must 314 document how these limitations are necessary in the interests of 315 national security or public safety, public order, the protection of 316 public health or morals, or the protection of the rights and freedoms 317 of others. Finally, states must also protect participants against 318 possible abuses by non-state actors. 320 The Human Rights Committee explores a few restrictions related to 321 associated activities online or reliant upon digital services, that 322 are also protected under article 21, and stipulates that "States 323 parties must not, for example, block or hinder Internet connectivity 324 in relation to peaceful assemblies. The same applies to geotargeted 325 or technology-specific interference with connectivity or access to 326 content.". Additionally, "States should ensure that the activities 327 of Internet service providers and intermediaries do not unduly 328 restrict assemblies or the privacy of assembly participants." 329 [UNGC37]. 331 Interpreting international law, the right to freedom of peaceful 332 assembly and the right to freedom of association protects any 333 collective, gathered either permanently or temporarily for "peaceful" 334 purposes, online and offline. It is important to underline the 335 property of "freedom" because the right to freedom of association and 336 assembly is voluntary and uncoerced: anyone can join or leave a group 337 of choice, which in turn means one should not be forced to either 338 join, stay or leave. An assembly is an "intentional and temporary 339 gathering of a collective in a private or public space for a specific 340 purpose: demonstrations, indoor meetings, strikes, processions, 341 rallies, or even sits-in" [UNGA]. Association has a more formal and 342 established nature and refer to a group of individuals or legal 343 entities brought together in order to collectively act, express, 344 promote, pursue, or defend a field of common interests 345 [UNSRFOAA2012]. Think about civil society organizations, clubs, 346 cooperatives, NGOs, religious associations, political parties, trade 347 unions, or foundations. 349 When talking about the human right of freedom of association and 350 assembly, one should always take into account that 'all human rights 351 are indivisible, interrelated, unalienable, universal, and mutually 352 reinforcing' [ViennaDeclaration]. This means that in the analysis of 353 the impact of a certain variable on freedom of association and 354 assembly one should take other human rights into account too. When 355 devising an approach to mitigate a possible negative influence on 356 this right, one should also always take into account the possible 357 impact this might have on other rights. For example, the following 358 rights are often impacted in conjunction with freedom of association 359 and assembly: the right to political participation, the right to 360 (group) privacy, the right to freedom of expression, and access to 361 information. For instance, when the right to political participation 362 is hampered, this often happens in conjunction with a limitation of 363 the freedom of association and assembly because political 364 participation is often done collectively. When the right to privacy 365 is hampered, this privacy of particular groups is also impacted (so- 366 called 'group privacy' [Loi], which potentially has consequences for 367 the right to association and assembly. Where the freedom of 368 expression of a group is hampered, such as in protests or through 369 Internet shutdowns, this both hampers other people's ability to 370 receive the information of the group, and impact the right to 371 assembly of the people who seek to express themselves as a group 372 [Nyokabi]. 374 Finally, if the right to association and assembly is limited by 375 national law, this does not mean it is consistent with international 376 human rights law. In such a case, the national law would therefore 377 not be legitimate [Glasius]. 379 5.2. FAA in the digital era 381 Before discussing freedom of association and assembly as it pertains 382 to digital environments, we must first recognize that the United 383 Nations Human Rights Council adopted resolutions on the promotion, 384 protection and enjoyment of human rights on the Internet in 2012, 385 2014, 2016 and 2018, affirming and reaffirming "... that the same 386 rights that people have offline must also be protected online ..." 387 [UNHRC2018]. Therefore the digital environment is no exception to 388 application of this right by any means. Various other resolutions 389 and report have established the online applicability of the freedoms 390 of association and assembly, most recently and authoritatively by the 391 Human Rights Committee in General Comment 37 (2020)[UNGC37]. The 392 questions that remain, however, are how these rights should be 393 conceptualized and implemented in different parts and levels of 394 digital environments. 396 The right to freedom of assembly and association online is the 397 subject of increasing discussions and analysis. Especially since 398 social media played an important role in several revolutions in 2011, 399 which has led to increasing and ever more sophisticated attacks by 400 autocratic governments on online communities and other associational 401 activities occurring on the Internet [RutzenZenn]. In 2016, the 402 Council of Europe published a report, "Report by the Committee of 403 experts on cross-border flow of Internet traffic and Internet freedom 404 on Freedom of assembly and association on the Internet" [CoE] which 405 noted that while the Internet and technologies are not explicitly 406 mentioned in international treaties, these treaties nevertheless 407 apply to "the online environment". The report argue the "Internet is 408 the public sphere of the 21st century", something demonstrated by the 409 fact that informal associations can be gathered at scale in a matter 410 of hours on the Internet, and that digital communication tools often 411 serve to facilitate, publicize or otherwise enable presential 412 associations or assemblies, like a protest or demonstration. They 413 note, on the other hand, the negative ways in which the Internet can 414 also be used to promote or facilitate terrorism, urban violence and 415 hate speech, thus insisting on the "extremely important and urgent" 416 need to fight online terrorist activities such as recruitment or 417 mobilization, while at the same time respecting the right to peaceful 418 assembly and association of other users. The report mentions the 419 following use cases that could be help further our reflection: 421 - Instances of network shutdowns in the Arab Spring, to prevent 422 people from organising themselves or assembling 424 - California's Bay Area Rapid Transit (BART) shutdown of mobile 425 phone service, to avoid protester violence and disruption of 426 service 428 - The wholesale blocking of Google as a violation of freedom of 429 expression 431 - Telus, a telecom company which blocked customers' access to 432 websites critical of Telus during a Telecommunications Workers 433 Union strike against it 435 - The targeting of social media users who call for or organise 436 protests though the Internet in Turkey's Gezi Park protests 438 - Mass surveillance or other interferences with privacy in the 439 context of law enforcement and national security 441 - Use of VPNs (Virtual Private Networks) to the TOR network to 442 ensure anonymity 444 - Distributed Denial of Service attacks (DDoS) as civil 445 disobedience. 447 In 2019 the UN Special Rapporteur on the rights to freedom of 448 peaceful assembly and of association, notes the opportunities and 449 challenges posed by digital networks to the rights to freedom of 450 peaceful assembly and of association [UNSRFAA2019]. The report 451 recommends that international human rights norms and principles 452 should also be used as a framework "that guides digital technology 453 companies' design, control and governance of digital technologies". 454 The report states that "technical standards" in particular can affect 455 the freedom of association and assembly, and makes some 456 recommendations on which the following could be relevant to our 457 discussion here: 459 - "[Undertake] human rights impact assessments which incorporate the 460 rights to freedom of peaceful assembly and of association when 461 developing or modifying their products and services," 463 - "increase the quality of participation in and implementation of 464 existing multi-stakeholder initiatives," 466 - "collaborate with governments and civil society to develop 467 technology that promotes and strengthens human rights," 469 - "support the research and development of appropriate technological 470 solutions to online harassment, disinformation and propaganda, 471 including tools to detect and identify State-linked accounts and 472 bots," and 474 - "adopt monitoring indicators that include specific concerns 475 related to freedom of peaceful assembly and association." 477 In one of their "training kits" [APCtraining], the Association of 478 Progressive Communications addressed different impacts of the 479 internet on association and assembly and raised three particular 480 issues worthy to note here: 482 1. Organization of protests. Internet and social media are enablers 483 of protests, such as it was seen in the "Arab Spring". Some of 484 these protests - like online petitions or campaigns - are similar 485 to offline association and assembly, but other protest forms are 486 inherent to the Internet capacity like hacking, DDOS and are 487 subject to controversy within the Internet community, some people 488 finding it legitimate, and others not. 490 2. Surveillance. While the Internet facilitates association, the 491 association in turn leaves a lot of traces that can be used in 492 turn for law enforcement but also for repressing political 493 dissents. As they note, even the threat of surveillance can have 494 deter facilitation. 496 3. Anonymity and pseudonymity can be useful protection mechanism for 497 those who'd like to attend legitimate association without facing 498 retribution. On the other hand, anonymity can be used to harm 499 society, such as in online fraud or sexual predation. 501 Online association and assembly are the starting point of group to 502 mobilization in modern democracies, and even more so where physical 503 gatherings have been impossible or dangerous [APC]. Throughout the 504 world -from the Arab Spring to Latin American student movements and 505 the #WomensMarch- the Internet has played a crucial role by providing 506 means for the fast dissemination of information otherwise mediated by 507 the press, or even forbidden by the government [Pensado]. According 508 to Hussain and Howard the Internet helped to "build solidarity 509 networks and identification of collective identities and goals, 510 extend the range of local coverage to international broadcast 511 networks" and as platform for contestation for "the future of civil 512 society and information infrastructure" [HussainHoward]. The IETF 513 itself, defined as an 'open global community' of network designers, 514 operators, vendors, and researchers [RFC3233] is also protected by 515 freedom of assembly and association . Discussions, comments and 516 consensus around RFCs are possible because of the collective 517 expression that freedom of association and assembly allow. The very 518 word "protocol" found its way into the language of computer 519 networking based on the need for collective agreement among a group 520 of assembled network users [HafnerandLyon]. 522 [RFC8280] is a paper by the Human Rights Protocol Consideration 523 Resarch Group in the Internet Research Taskforce on internet 524 protocols and human rights that discusses issues of FAA, 525 specifically: 527 - The expansion of DNS for generic namespace as an enabler of 528 association for minorities. The paper argues that specifically 529 the expansion of the DNS to allow for new generic Top Level 530 Domains (gTLDs) can have negative impacts on freedom of 531 association because of restrictive policies by some registries and 532 registrars, on the other hand could gTLDs also enable communities 533 to build clearly identifiable spaces for association (such as 534 .gay). 536 - The impact of Distributed Denial of Service attacks on freedom of 537 association. Whereas DDoS has been used as a tool for protest, in 538 many cases this is infringing on other parties freedom of 539 expression. Furthermore, often devices (such as IoT devices and 540 routers) are inscribed in such DDoS attacks whereas the owner or 541 user did not consent to this. Thus they do not have the 542 possibility to exit this assembly. Therefore the draft concluded 543 that that IETF "should try to ensure that their protocols cannot 544 be used for DDoS attacks" 546 - The impact of middleboxes on the ability of users to connect to 547 the Internet and therefore their ability to exercise their right 548 to freedom of association and assembly. The lack of connectivity 549 can significantly impact freedom of assembly and association of a 550 user. Especially if this is done in a way that is not knowable 551 for the user and if there is no possibility to for the user to 552 have access to due process to dispute the lack of (secure or 553 private) connectivity in general or to a specific service. 555 In June 2020, the United Nations High Commissioner for Human Rights 556 concluded that technologies can be enablers of the excercise of FAA, 557 but technology is also significantly used to interfere with the 558 ability of people to exercise their right to freedom of association 559 and assembly. Specifically, the report mentions network shutdowns, 560 the usage of technology to surveil or crack down on protesters, 561 leading to human rights violations. This includes facial recognition 562 technology, and the uses of other ways to violate the (group) privacy 563 of people engaged in an assembly or association. The report makes it 564 explicit that companies play a significant role enabling, for 565 instance by developing, providing or selling the technology, but also 566 by directly exercising these violations [UNHRC2020]. 568 5.3. Specific questions raised from the literature review 570 Here are some questions raised from the literature review that can 571 have implications for protocol design: 573 1. Should protocols be designed to enable legitimate limitations on 574 association in the interests of "national security or public 575 safety, public order (ordre public), the protection of public 576 health or morals or the protection of the rights and freedoms of 577 others", as stated in the ICCPR article 21 [ICCPR]? Where in the 578 stack do we care for FAA? 580 2. Can protocols facilitate agency of membership in associations, 581 assemblies and interactions? 583 3. What are the features of protocols that enable freedom of 584 association and assembly? 586 4. Does protocol development sufficiently consider usable and 587 accessible formats and technologies appropriate for all persons, 588 including those with different kinds of disabilities? 590 5. Can a protocol be designed to legitimately exclude someone from 591 an association? 593 In the following sections we attempt to answer these questions with 594 specific examples of standardized protocols in the IETF. 596 6. Cases and examples 598 As the Internet mediates collective action and collaboration, it 599 impacts on freedom of association and assembly. To answer our 600 research question regarding how internet architecture enable and/or 601 inhibits such human right, we researched several independent and 602 typical cases related to protocols that have been either adopted by 603 the IETF, or are widely used on the Internet. Our goal is to figure 604 out whether they facilitate freedom of assembly and association, or 605 whether they inhibit it through their design or implementation. 607 We are aware that some of the following examples go beyond the use of 608 Internet protocols and flow over into the application layer or 609 examples in the offline world whereas the purpose of the current 610 document is to break down the relationship between Internet protocols 611 and the right to freedom of assembly and association. Nonetheless, 612 we do recognize that in some cases the line between them and 613 applications, implementations, policies and offline realities are 614 often blurred and hard -if not impossible- to differentiate. 616 We use the literature review to guide our process of inquiry for each 617 case, and to dive deeper in what can be found interesting about each 618 case as it relates to freedom of association. 620 6.1. Got No Peace: Spam and DDoS 622 Should protocols be designed to enable legitimate limitations on 623 association in the interests of "national security or public safety, 624 public order (ordre public), the protection of public health or morals 625 or the protection of the rights and freedoms of others", as stated in 626 the ICCPR article 21 {{ICCPR}}? Where in the stack do we care for FAA? 628 The 2020 report by the United Nations Special Rapporteur on Human 629 Rights [UNHRC2020] described how technology is often used to limit 630 freedom of assembly and association, such as for instance through 631 network shutdowns and the surveillance of groups. Because access to 632 the Internet is crucial not only for freedom of association and 633 assembly, but also for the right to development, and the right to 634 freedom of expression and information [Nyokabi], the United Nation 635 Special Rapporteur argues that: 637 (b) Avoid resorting to disruptions and shutdowns of Internet or 638 telecommunications networks at all times and particularly during 639 assemblies, including those taking place in electoral contexts 640 and during times of unrest; 642 Whereas the states have the obligation to protect human rights, there 643 has been an increasing call for non-state actors, such as companies, 644 to respect human rights [UNGPBHR]. The UN adopted guiding principles 645 on business and human rights [UNGPBHR] and talks within the HRC are 646 ongoing about an international legally binding instrument to regulate 647 the activities of transnational corporations and other business 648 enterprises. This includes a chain-responsibility of actors, which 649 means that not just the company's own processes should not negatively 650 impact human rights, but they should also engage in due diligence 651 processes, such as human rights impact assessments. This includes an 652 assessment of whether the products that are sold, or the services 653 that are provided, can be used to engage in human rights violations, 654 or whether human rights violations occur in any stage of the supply 655 chain of the company. If this is the case, measures should be taken 656 to mitigate this. 658 In the case of dual-use technologies, this means that technology 659 could be used for legitimate purposes, but could also be used to 660 limit freedom of association or assembly, it might mean that 661 producers or sellers should limit the parties they sell to, or even 662 better, ensure that the illegitimate use of the technology is not 663 technically possible anymore, or made more difficult. 665 6.1.1. Spam 667 In the 1990s as the internet became more and more commercial, spam 668 came to be defined as irrelevant or unsolicited messages that were 669 posted many times to multiple news groups or mailing lists [Marcus]. 670 Here the question of consent, but also harm, are crucial. In the 671 2000s a large part of the discussion revolved around the fact that 672 certain corporations. protected by the right to freedom of 673 association, considered spam to be a form of "commercial speech", 674 thus encompassed by free expression rights [Marcus]. Yet spam can be 675 not only a nuisance, but a threat to systems and users. 677 This leaves us with an interesting case around spam mitigation: spam 678 is currently handled mostly by mail providers on behalf of the user, 679 next to that countries are increasingly adopting opt-in regimes for 680 mailing lists and commercial e-mail, with a possibility of serious 681 fines in case of violation. Yet many ask is spam not the equivalent 682 of the fliers and handbills ever present in our offline world? The 683 big difference between the proliferation of such messages offline and 684 online is the scale. It is not hard for a single person to message a 685 lot of people online, whereas if that person needed to go house by 686 house the scale and impact of their actions would be much smaller. 687 Inversely if it were a common practice to expose people to unlimited 688 unwanted messages online, users would be drowned in such messages. 689 This puts a large burden on filtering, and in both filtering and 690 sifting through many message, other expressions would be drowned out 691 and would be severely hampered. Allowing illimited sending of 692 unsolicited messages would be a blow against freedom of speech: when 693 everyone talks, nobody listens. 695 Here the argument is very similar to DDoS attacks, considered next: 696 Legitimate uses of online campaigning, or online protesting, are 697 drowned out by a malicious use which constitutes an attack on the 698 internet infrastructure and thus the assembly or association itself. 700 6.1.2. DDoS 702 Distributed Denial of Service attacks are leveled against a server or 703 service by a controller of a host or multiple hosts by overloading 704 the server or service's bandwidth or resources (volume-based floods) 705 or exploit protocol behaviours (protocol attacks). DDoS attacks can 706 thus stifle and complicate the rights to assemble online for media 707 and human rights organisations whose websites are the target of DDoS. 708 At the same time there are comparisons made between DDoS attacks and 709 sit-in protests [Sauter]. However the main distinction is 710 significant: only a small fragment of "participants" (from 711 controllers to compromised device owners) in DDoS attacks are aware 712 or willing [RFC8280]. Notably DDoS attacks are increasingly used to 713 commit crimes such as extortion, which infringe on others' human 714 rights. 716 Because of the interrelation of technologies, it cannot be said that 717 there is one point in the technical stack that there are 718 characteristics of "peaceful" or "non-peaceful" association visible 719 to protocol developers. As we can see from the cases of spam 720 blocking and DDoS mitigation that "peaceful or non-peaceful" is not a 721 meaningful heuristic, or even characteristic, of problematic content. 722 If anything, their commonality is scale and volume. 724 6.2. Holistic Agency: Mailing Lists and Spam 726 Can protocols facilitate agency of membership in associations, 727 assemblies and interactions? 729 6.2.1. Mailing lists 731 Since the beginning of the Internet mailing lists have been a key 732 site of assembly and association [RFC0155] [RFC1211]. In fact, 733 mailing lists were one of the Internet's first functionalities 734 [HafnerandLyon]. 736 In 1971 four years after the invention of email, the first mailing 737 list was created to talk about the idea of using Arpanet for 738 discussion. What had initially propelled the Arpanet project forward 739 as a resource sharing platform was gradually replaced by the idea of 740 a network as a means of bringing people together [Abbate]. More than 741 45 years after, mailing lists are pervasive and help communities to 742 engage, have discussions, share information, ask questions, and build 743 ties. Even as social media and discussion forums grow, mailing lists 744 continue to be widely used [AckermannKargerZhang] and are still a 745 crucial tool to organise groups and individuals around themes and 746 causes [APC3]. 748 Mailing lists' pervasive use are partly explained because they allow 749 for "free" association: people subscribe (join) and unsubscribe 750 (leave) as they please. Mailing lists also allow for association of 751 specific groups on closed lists. This free association online 752 enables agency of membership, a key component of freedom of 753 association and assembly. 755 6.2.2. Spam 757 As we mentioned before, there are interesting implications for 758 freedom of association and assembly when looking at spam mitigation. 759 Here we want to specifically note that if we consider that the rights 760 to assembly and association also mean that "no one may be compelled 761 to belong to an association" [UDHR], spam infringes both rights if an 762 op-out mechanism is not provided and people are obliged to receive 763 unwanted information, or be reached by people they do not know. 765 6.3. Civics in Cyberspace: Messaging, Conferencing, and Networking 767 What are the features of protocols that enable freedom of 768 association and assembly? 770 Civic participation is often expressed as the freedom to associate 771 and assemble, along with a whole other set of enabling rights such as 772 freedom of expression and the right to privacy. Former UN Special 773 Rapporteur David Kaye established a strong relationship between 774 technology that allows anonymity and uses encryption have positive 775 effects on freedom of expression [Kaye]. Here we look at messaging, 776 such as email, mailing lists and internet relay chat; video 777 conferencing and peer-to-peer networking protocols to investigate the 778 common features that enable freedom of association and assembly 779 online. 781 6.3.1. Email 783 Similarly to freedom of expression's enabling and universal right to 784 impart one's ideas openly, "the right to whisper", or 785 confidentiality, is the ability to limit to whom one imparts one's 786 ideas. An encrypted email project, the LEAP Encryption Access 787 Project, says, "like free speech, the right to whisper is a necessary 788 precondition for a free society. Without it, civil society 789 languishes and political freedoms are curtailed. As the importance 790 of digital communication for civic participation increases, so too 791 does the importance of the ability to digitally whisper." [LEAP] 793 6.3.2. Mailing lists 795 Not only are mailing lists a good example of how protocols can 796 facilitate the necessary ingredient of agency in freedom of 797 association, mailing lists are an example of messaging technology 798 that has other features that enable freedom of association and 799 assembly. 801 The archival function of mailing lists allows for posterior 802 accountability and analysis. The ubiquity and interoperability of 803 email, and by extension email lists, provides a low barrier to entry 804 to an inclusive medium. 806 Association and assembly online can be undermined when right to 807 privacy is at risk. And one of the downsides of mailing lists are 808 similar to the privacy and security concerns generally associated 809 with email. At least with email, end-to-end encryption such as 810 OpenPGP [RFC4880] and S/MIME [RFC5751] can keep user communications 811 authenticated and confidential. With mailing lists, this protection 812 is not as possible because with many lists the final recipients are 813 typically too many for . There have been experimental solutions to 814 address this issue such as Schleuder [Schleuder], but this has not 815 been standardized or widely deployed. 817 6.3.3. IRC 819 Internet Relay Chat (IRC) is an application layer protocol that 820 enables communication in the form of text through a client/server 821 networking model [RFC2810]. In other words, a chat service. IRC 822 clients are computer programs that a user can install on their 823 system. These clients communicate with chat servers to transfer 824 messages to other clients. Features of IRC include: federated 825 design, transport encryption, one-to-many routing, creation of topic- 826 based "channels", and spam or abuse moderation. 828 For the purposes of civic participation and freedom of association 829 and assembly in particular it is critical that IRC's federated design 830 allows many interoperable, yet customisable, instances and basic 831 assurance of confidentiality through transport encryption. We 832 investigate the particular aspect of agency in membership through 833 moderation in the section 'Block Together Now: IRC and Refusals' 834 below. 836 6.3.4. WebRTC 838 Multi-party video conferencing protocols like WebRTC [RFC6176] 839 [RFC7118] allow for robust, bandwidth-adaptive, wideband and super- 840 wideband video and audio discussions in groups. 'The WebRTC protocol 841 was designed to enable responsive real-time communications over the 842 Internet, and is instrumental in allowing streaming video and 843 conferencing applications to run in the browser. In order to easily 844 facilitate direct connections between computers (bypassing the need 845 for a central server to act as a gatekeeper), WebRTC provides 846 functionality to automatically collect the local and public IP 847 addresses of Internet users (ICE or STUN). These functions do not 848 require consent from the user, and can be instantiated by sites that 849 a user visits without their awareness. The potential privacy 850 implications of this aspect of WebRTC are well documented, and 851 certain browsers have provided options to limit its behavior.' 852 [AndersonGuarnieri]. 854 Even though some multi-party video conferencing tools facilitate 855 freedom of assembly and association, their own configuration might 856 might pose concrete risks for those who use them. One the one hand 857 WebRTC is providing resilient channels of communications, but on the 858 other hand it also exposes information about those who are using the 859 tool which might lead to increased surveillance, identification and 860 the consequences that might be derived from that. This is especially 861 concerning because the usage of a VPN does not protect against the 862 exposure of IP addresses [Crawford]. 864 The risk of surveillance is also true in an offline space, but this 865 is generally easy to analyze for the end-user. Security and privacy 866 expectations of the end-user could be either improved or made 867 explicit. This in turn would result in a more secure and/or private 868 exercise of the right to freedom of assembly or association. 870 6.3.5. Peer-to-peer networking 872 At the organizational level, peer production is one of the most 873 relevant innovations from Internet mediated social practices. 874 According to [Benkler] these networks imply 'open collaborative 875 innovation and creation, performed by diverse, decentralized groups 876 organized principally by neither price signals nor organizational 877 hierarchy, harnessing heterogeneous motivations, and governed and 878 managed based on principles other than the residual authority of 879 ownership implemented through contract.' [Benkler]. 881 In his book The Wealth of Networks, [Benkler2] significantly expands 882 on his definition of commons-based peer production. In his view, 883 what distinguishes commons-based production is that it doesn't rely 884 upon or propagate proprietary knowledge: "The inputs and outputs of 885 the process are shared, freely or conditionally, in an institutional 886 form that leaves them equally available for all to use as they choose 887 at their individual discretion." [Benkler2]. To ensure that the 888 knowledge generated is available for free use, commons-based projects 889 are often shared under an open license 891 Peer-to-peer (P2P) is essentially a model of how people interact in 892 real life because "we deal directly with one another whenever we wish 893 to" [Vu]. Usually if we need something we ask our peers, who in turn 894 refer us to other peers. In this sense, the ideal definition of P2P 895 is that "nodes are able to directly exchange resources and services 896 between themselves without the need for centralized servers" where 897 each participating node typically acts both as a server and as a 898 client [Vu]. [RFC5694] has defined it as peers or nodes that should 899 be able to communicate directly between themselves without passing 900 intermediaries, and that the system should be self-organizing and 901 have decentralized control [RFC5694]. With this in mind, the 902 ultimate model of P2P is a completely decentralized system, which is 903 more resistant to speech regulation, immune to single points of 904 failure and has a higher performance and scalability. Nonetheless, 905 in practice some P2P systems are supported by centralized servers and 906 some others have hybrid models where nodes are organized into two 907 layers: the upper tier servers and the lower tier common nodes [Vu]. 909 Since the ARPANET project, the original idea behind the Internet was 910 conceived as what we would now call a peer-to-peer system [RFC0001]. 911 Over time it has increasingly shifted towards a client/server model 912 with "millions of consumer clients communicating with a relatively 913 privileged set of servers" [NelsonHedlun]. 915 Whether for resource sharing or data sharing, P2P systems are 916 enabling freedom of assembly and association. Not only do they allow 917 for effective dissemination of information, but they leverage 918 computing resources by diminishing costs allowing for the formation 919 of open collectives at the network level. At the same time, in 920 completely decentralized systems the nodes are autonomous and can 921 join or leave the network as they want -a characteristic that makes 922 the system unpredictable: a resource might be only sometimes 923 available, and some other resources might be missing or incomplete 924 [Vu]. Lack of information might in turn makes association or 925 assembly more difficult. 927 Additionally, when architecturally assessing the role of P2P systems 928 we could say that: "the main advantage of centralized P2P systems is 929 that they are able to provide a quick and reliable resource locating. 930 Their limitation, however, is that the scalability of the systems is 931 affected by the use of servers. While decentralized P2P systems are 932 better than centralized P2P systems in this aspect, they require a 933 longer time in resource locating. As a result, hybrid P2P systems 934 have been introduced to take advantage of both centralized and 935 decentralized architectures. Basically, to maintain the scalability, 936 similar to decentralized P2P systems, there are no servers in hybrid 937 P2P systems. However, peer nodes that are more powerful than others 938 can be selected to act as servers to serve others. These nodes are 939 often called super peers. In this way, resource locating can be done 940 by both decentralized search techniques and centralized search 941 techniques (asking super peers), and hence the systems benefit from 942 the search techniques of centralized P2P systems." [Vu]. 944 6.4. Universal Access: The Web 946 Does protocol development sufficiently consider usable and accessible 947 formats and technologies appropriate for persons with different kinds 948 of disabilities? 950 The W3C has done significant work to ensure that the Web is 951 accessible to people with diverse physical abilities [W3C]. The 952 implementation of these accessibility standards for instance help 953 people who have issues with seeing or rendering images to understand 954 what the image actually contains. Making the web more accessible for 955 people with diverse physical abilities enables them to excercise 956 their right to online assembly and association. 958 The IETF uses English as its primary working language, both in its 959 documentation and in its communication. This is also the case for 960 reference implementations. Whereas it is estimated that roughly 20% 961 of the Earth's population speaks English, whereas only 360 million 962 speak English as their first language. [RFC2277] describes that 963 '"Internationalization is for humans. This means that protocols are 964 not subject to internationalization; text strings are.", this implies 965 that protocol developers, as well as people that work with protocols, 966 are not people, or that protocol developers are all in command of the 967 English language. This means that it is significantly easier for 968 people who have a command of the English language to become a 969 protocol developer - and it might lead to the development of separate 970 protocols that are developed within large language communities that 971 are not using the English language or the Latin script. This makes 972 it harder for people who seek to shape their own space of association 973 and assembly on the Internet to do so. And is thus driving these 974 communities into, often proprietary and non-interoperable services 975 such as Facebook. 977 When Ramsey Nasser developed the Arabic programming language 978 قلب (transliterated Qalb, Qlb and Alb) [Nasser] he 979 called it 'engineering performance art' instead of engineering, 980 because he knew that his language would not work. In part this is 981 because all modern programming tools are based on the ASCII character 982 set, which encodes Latin Characters and was originally based on the 983 English Language. This highlights cultural biases of computer 984 science and engineering. Despite long significant efforts, it is 985 still largely impossible to register an email address in a language 986 such as Devanagari, Arabic, or Chinese. Even if it is possible - it 987 is to be expected that there will be a significant failure rate in 988 sending and receiving emails with other services. This makes it 989 harder for people who do not speak English and/or don't use the 990 written Latin script to exercise their freedom of association and 991 assembly. 993 6.5. Block Together Now: IRC and Refusals 995 Can a protocol be designed to legitimately exclude someone 996 from an association? 998 Previously we spoke about the privacy protecting features of IRC that 999 enable freedom of association and assembly, including transport 1000 security. But now we turn to the ability to block users and 1001 effectively moderate discussions on IRC as a key feature of the 1002 technology that enables agency in membership, a key aspect of freedom 1003 of association and assembly. 1005 For order to be kept within the IRC network, special classes of users 1006 become "operators" and are allowed to perform general maintenance 1007 functions on the network: basic network tasks such as disconnecting 1008 (temporary or permanently) and reconnecting servers as needed 1009 [RFC2812]. One of the most controversial power of operators is the 1010 ability to remove a user from the connected network by 'force', i.e., 1011 operators are able to close the connection between any client and 1012 server [RFC2812]. 1014 IRC servers may deploy different policies for the ability of users to 1015 create their own channels or 'rooms', and for the delegation of 1016 'operator'-rights in such spaces. Some IRC servers support SSL/TLS 1017 connections for security purposes [RFC7194] which helps stop the use 1018 of packet sniffer programs to obtain the passwords of IRC users, but 1019 has little use beyond this scope due to the public nature of IRC 1020 channels. TLS connections require both client and server support 1021 (that may require the user to install TLS binaries and IRC client 1022 specific patches or modules on their computers). Some networks also 1023 use TLS for server to server connections, and provide a special 1024 channel flag (such as +S) to only allow TLS-connected users on the 1025 channel, while disallowing operator identification in clear text, to 1026 better utilize the advantages that TLS provides. 1028 7. Conclusions: Can we learn anything from the previous case studies? 1030 Communities, collaboration and joint action lie at the heart of the 1031 Internet. Even at a linguistic level, the words "networks" and 1032 "associations" are closely related. Both are groups and assemblies 1033 of people who depend on "links" and "relationships" [Swire]. Taking 1034 legal definitions given in international human rights law and related 1035 normative documents, we could assert that the rights to freedom of 1036 assembly and association protect collective activity online. These 1037 rights protect gatherings by persons for a specific purpose and 1038 groups with a defined aim over time for a variety of peaceful, 1039 expressive and non-expressive, purposes,. It is voluntary and 1040 uncoerced. 1042 Given that the Internet itself was originally designed as a medium of 1043 communication for machines that share resources with each other as 1044 equals [RFC0903], the Internet is now one of the most basic 1045 infrastructures for the right to freedom of assembly and association. 1046 Since Internet protocols and the Internet architecture play a central 1047 role in the management, development and use of the Internet, we 1048 established the relation between some protocols and the right to 1049 freedom of assembly and association. 1051 After reviewing several cases representative of FAA considerations 1052 inherent in protocols standardized at the IETF, we can conclude that 1053 the way in which infrastructure is designed and implemented impacts 1054 people's ability to exercise their freedom of assembly and 1055 association. This is because different technical designs come with 1056 different properties and characteristics. These properties and 1057 characteristics on the one hand enable people to assemble and 1058 associate, but on the other hand also add limiting, or even 1059 potentially endangering, characteristics. More often than not, this 1060 depends on the context. A clearly identified group for open 1061 communications, where messages are sent in cleartext and where 1062 peoples persistent identities are visible, can help to facilitate an 1063 assembly and build trust, but in other contexts the same 1064 configuration could pose a significant danger. Endangering 1065 characteristics should be mitigated, or at least clearly communicated 1066 to the users of these technologies. It is therefore recommended that 1067 the the potential impacts of Internet technologies should be 1068 assessed, reflecting recommendations of various UN bodies and norms. 1070 Lastly, the increasing shift towards closed and non-interoperable 1071 platforms in chat and social media networks have a significant impact 1072 on the distributed and open nature of the Internet. Often these non- 1073 interoperable platforms are built on open-protocols but do not allow 1074 for interoperability or data-portability. The use of social-media 1075 platforms has enabled groups to associate, but it has also rendered 1076 users unable to change platforms, therefore leading to a sort of 1077 "forced association" that inhibits people to fully exercise their 1078 freedom of assembly and association. 1080 8. Acknowledgements 1082 - Fred Baker, Jefsey, and Andrew Sullivan for work on Internet 1083 definitions. 1085 - Stephane Bortzmeyer, ICNL, and Lisa Vermeer for several concrete 1086 text suggestions that found their way in this document. 1088 - Mark Perkins and Gurshabad for finding a lot of typos. 1090 - Gurshabad Grover, an anonymous reviewer, ICNL, Lisa Vermeer, and 1091 Sandra Braman for full review. 1093 - The hrpc mailinglist at large for a very constructive discussion 1094 on a hard topic. 1096 9. Security Considerations 1098 As this draft concerns a research document, there are no security 1099 considerations. 1101 10. IANA Considerations 1103 This document has no actions for IANA. 1105 11. Research Group Information 1107 The discussion list for the IRTF Human Rights Protocol Considerations 1108 Research Group is located at the e-mail address hrpc@ietf.org [1]. 1109 Information on the group and information on how to subscribe to the 1110 list is at https://www.irtf.org/mailman/listinfo/hrpc [2] 1112 Archives of the list can be found at: https://www.irtf.org/mail- 1113 archive/web/hrpc/current/index.html [3] 1115 12. References 1117 12.1. Informative References 1119 [Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT 1120 Press (2013): 11. , 2013, 1121 . 1123 [AckermannKargerZhang] 1124 Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists: 1125 Why Are They Still Here, What's Wrong With Them, and How 1126 Can We Fix Them?", Mit. edu (2017): 1. , 2017, 1127 . 1130 [AndersonGuarnieri] 1131 Anderson, C. and C. Guarnieri, "Fictitious Profiles and 1132 WebRTC's Privacy Leaks Used to Identify Iranian 1133 Activists", 2016, 1134 . 1137 [APC] Association for Progressive Communications and . Gayathry 1138 Venkiteswaran, "Freedom of assembly and association online 1139 in India, Malaysia and Pakistan. Trends, challenges and 1140 recommendations.", 2016, 1141 . 1144 [APC3] Association for Progressive Communications, "Closer than 1145 ever", 2020, . 1147 [APCtraining] 1148 Sauter, D. and Association for Progressive Communications, 1149 "Multimedia training kit", 2013, 1150 . 1153 [Benkler] Benkler, Y., "Peer Production and Cooperation", 2009, 1154 . 1157 [Benkler2] 1158 Benkler, Y., "The wealth of Networks - How social 1159 production transforms markets and freedom", New Haven and 1160 London - Yale University Press , 2006, 1161 . 1163 [Bloketal] 1164 Blok, A., Nakazora, M., and B. Winthereik, 1165 "Infrastructuring Environments", Science as Culture 25:1, 1166 1-22. , 2016. 1168 [Bowker] Bowker, G., "Information mythology and infrastructure", 1169 In: L. Bud (Ed.), Information Acumen: The Understanding 1170 and use of Knowledge in Modern 1171 Business,Routledge,London,1994,pp.231-247 , 1994. 1173 [CERD] United Nations, "Convention on the Elimination of all 1174 forms of Racial Discrimination", 1966, 1175 . 1178 [CoE] Council of Europe, "Freedom of assembly and association on 1179 the Internet", 2015, 1180 . 1184 [Crawford] 1185 Crawford, D., "The WebRTC VPN "Bug" and How to Fix", 2015, 1186 . 1189 [CRC] Wikipedia, ., "Lorum", 2000, 1190 . 1193 [CRPD] United Nations, "Convention on the Rights of Persons with 1194 Disabilities", 2007, 1195 . 1198 [Glasius] Glasius, M., Schalk, J., and M. De Lange, "Illiberal Norm 1199 Diffusion: How Do Governments Learn to Restrict 1200 Nongovernmental Organizations?", 2020, 1201 . 1203 [HafnerandLyon] 1204 Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. 1205 The Origins of the Internet", First Touchstone Edition 1206 (1998): 93. , 1998, . 1208 [HRPC-charter] 1209 Human Rights Protocol Consideration RG, ., "Charter for 1210 Research Group", 2015, 1211 . 1213 [HussainHoward] 1214 Hussain, M. and P. Howard, "What Best Explains Successful 1215 Protest Cascades? ICTs and the Fuzzy Causes of the Arab 1216 Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013, 1217 . 1219 [ICCPR] United Nations General Assembly, "International Covenant 1220 on Civil and Political Rights", 1966, 1221 . 1224 [Kaye] Kaye, D., "The use of encryption and anonymity in digital 1225 communications", 2015, 1226 . 1229 [LEAP] LEAP, "The Right to Whisper", 2020, 1230 . 1232 [Loi] Loi, M. and M. Christen, "Two Concepts of Group Privacy", 1233 2020, . 1236 [Mainwaringetal] 1237 Mainwaring, S., Chang, M., and K. Anderson, 1238 "Infrastructures and Their Discontents: Implications for 1239 Ubicomp", DBLP Conference: Conference: UbiComp 2004: 1240 Ubiquitous Computing: 6th International Conference, 1241 Nottingham, UK, September 7-10, 2004. Proceedings , 2004, 1242 . 1245 [Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and 1246 the first amendment", 1998, . 1249 [Nasser] Nasser, R., "قلب", 2013, 1250 . 1252 [NelsonHedlun] 1253 Minar, N. and M. Hedlun, "A Network of Peers: Models 1254 Through the History of the Internet", Peer to Peer: 1255 Harnessing the Power of Disruptive Technologies, ed: Andy 1256 Oram , 2001, . 1261 [Nyokabi] Nyokabi, D., Diallo, N., Ntesang, N., White, T., and T. 1262 Ilori, "The right to development and internet shutdowns: 1263 Assessing the role of information and communications 1264 technology in democratic development in Africa", 2019, 1265 . 1269 [Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", 1270 ReVista. Harvard Review of Latin America (2012). , 2012, 1271 . 1273 [PipekWulf] 1274 Pipek, V. and W. Wolf, "Infrastructuring: Towards an 1275 Integrated Perspective on the Design and Use of 1276 Information Technology", Journal of the Association for 1277 Information Systems (10) 5, pp. 306-332 , 2009. 1279 [RFC0001] Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001, 1280 April 1969, . 1282 [RFC0155] North, J., "ARPA Network mailing lists", RFC 155, 1283 DOI 10.17487/RFC0155, May 1971, 1284 . 1286 [RFC0903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A 1287 Reverse Address Resolution Protocol", STD 38, RFC 903, 1288 DOI 10.17487/RFC0903, June 1984, 1289 . 1291 [RFC1211] Westine, A. and J. Postel, "Problems with the maintenance 1292 of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, 1293 March 1991, . 1295 [RFC1771] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP- 1296 4)", RFC 1771, DOI 10.17487/RFC1771, March 1995, 1297 . 1299 [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, 1300 selection, and registration of an Autonomous System (AS)", 1301 BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996, 1302 . 1304 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 1305 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 1306 . 1308 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 1309 Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, 1310 January 1998, . 1312 [RFC2810] Kalt, C., "Internet Relay Chat: Architecture", RFC 2810, 1313 DOI 10.17487/RFC2810, April 2000, 1314 . 1316 [RFC2812] Kalt, C., "Internet Relay Chat: Client Protocol", 1317 RFC 2812, DOI 10.17487/RFC2812, April 2000, 1318 . 1320 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 1321 RFC 3233, DOI 10.17487/RFC3233, February 2002, 1322 . 1324 [RFC4084] Klensin, J., "Terminology for Describing Internet 1325 Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, 1326 May 2005, . 1328 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 1329 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 1330 DOI 10.17487/RFC4271, January 2006, 1331 . 1333 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. 1334 Thayer, "OpenPGP Message Format", RFC 4880, 1335 DOI 10.17487/RFC4880, November 2007, 1336 . 1338 [RFC5694] Camarillo, G., Ed. and IAB, "Peer-to-Peer (P2P) 1339 Architecture: Definition, Taxonomies, Examples, and 1340 Applicability", RFC 5694, DOI 10.17487/RFC5694, November 1341 2009, . 1343 [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 1344 Mail Extensions (S/MIME) Version 3.2 Message 1345 Specification", RFC 5751, DOI 10.17487/RFC5751, January 1346 2010, . 1348 [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer 1349 (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March 1350 2011, . 1352 [RFC7118] Baz Castillo, I., Millan Villegas, J., and V. Pascual, 1353 "The WebSocket Protocol as a Transport for the Session 1354 Initiation Protocol (SIP)", RFC 7118, 1355 DOI 10.17487/RFC7118, January 2014, 1356 . 1358 [RFC7194] Hartmann, R., "Default Port for Internet Relay Chat (IRC) 1359 via TLS/SSL", RFC 7194, DOI 10.17487/RFC7194, August 2014, 1360 . 1362 [RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights 1363 Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, 1364 October 2017, . 1366 [RutzenZenn] 1367 Rutzen, D. and J. Zenn, "Association and Assembly in the 1368 Digital Age", The International Journal of Not-for-Profit 1369 Law, Volume 13, Issue 4 , December 2011. 1371 [Sauter] Sauter, M., "The Coming Swarm", Bloomsbury , 2014. 1373 [Schleuder] 1374 Nadir, "Schleuder - A gpg-enabled mailinglist with 1375 remailing-capabilities.", 2017, 1376 . 1378 [Stanford] 1379 Brownlee, K. and D. Jenkins, "Freedom of Association", 1380 2019, 1381 . 1383 [Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of 1384 Association: Data Empowerment vs. Data Protection", North 1385 Carolina Law Review (2012) 90 (1): 104. , 2012, 1386 . 1389 [Troncosoetal] 1390 Troncoso, C., Isaakdis, M., Danezis, G., and H. Halpin, 1391 "Systematizing Decentralization and Privacy: Lessons from 1392 15 Years of Research and Deployments", Proceedings on 1393 Privacy Enhancing Technologies ; 2017 (4):307-329 , 2017, 1394 . 1397 [UDHR] United Nations General Assembly, "The Universal 1398 Declaration of Human Rights", 1948, 1399 . 1401 [UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004, 1402 . 1405 [UNGC37] United Nations Human Rights Committee, "Human Rights 1406 Committee "General comment No. 37 (2020) on the right of 1407 peaceful assembly (article 21)", CCPR/C/GC/3", 2020, 1408 . 1412 [UNGPBHR] United Nations, "Guiding Principles on Business and Human 1413 Rights", 2011, 1414 . 1417 [UNHRC2018] 1418 United Nations Human Rights Council, "UN Human Rights 1419 Council Resolution 'The promotion, protection and 1420 enjoyment of human rights on the Internet' (A/HRC/32/ 1421 L.20)", 2016, 1422 . 1424 [UNHRC2020] 1425 Michelle Bachelet, . and United Nations, "Impact of new 1426 technologies on the promotion and protection of human 1427 rights in the context of assemblies, including peaceful 1428 protests. Report of the United Nations High Commissioner 1429 for Human Rights A/HRC/44/24, 2020", 2000, 1430 . 1433 [UNRSFAA2012] 1434 Maina Kiai, ., "Report of the Special Rapporteur on the 1435 rights to freedom of peaceful assembly and of 1436 association", A/HRC/20/27 , 2012, 1437 . 1440 [UNSRFAA2019] 1441 Clement Voule, . and United Nations, "Report of the 1442 Special Rapporteur on the rights to freedom of peaceful 1443 assembly and of association", 2019, 1444 . 1446 [UNSRFOAA2012] 1447 Maina Kiai, . and United Nations, "Report of the Special 1448 Rapporteur on the rights to freedom of peaceful assembly 1449 and of association", A/HRC/20/27", 2012, 1450 . 1453 [ViennaDeclaration] 1454 United Nations, "Vienna Declaration and Programme of 1455 Action", 1993, 1456 . 1459 [Vu] Vu, Quang Hieu, ., Lupu, Mihai, ., and . Ooi, Beng Chin, 1460 "Peer-to-Peer Computing: Principles and Applications", 1461 2010, . 1463 [W3C] W3C, "Accessibility", 2015, 1464 . 1466 12.2. URIs 1468 [1] mailto:hrpc@ietf.org 1470 [2] https://www.irtf.org/mailman/listinfo/hrpc 1472 [3] https://www.irtf.org/mail-archive/web/hrpc/current/index.html 1474 Authors' Addresses 1476 Niels ten Oever 1477 Univeristy of Amsterdam 1479 EMail: mail@nielstenoever.net 1481 Gisela Perez de Acha 1482 Derechos Digitales 1484 EMail: gisela@derechosdigitales.org 1486 Stephane Couture 1487 University de Montreal 1489 EMail: stephane.couture@umontreal.ca 1491 Mallory Knodel 1492 Center for Democracy & Technology 1494 EMail: mknodel@cdt.org