idnits 2.17.1 draft-tenoever-hrpc-association-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 12, 2017) is 2599 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 530 -- Obsolete informational reference (is this intentional?): RFC 155 (Obsoleted by RFC 168) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft ARTICLE 19 4 Intended status: Informational G. Perez de Acha 5 Expires: September 13, 2017 Derechos Digitales 6 March 12, 2017 8 Freedom of Association on the Internet 9 draft-tenoever-hrpc-association-00 11 Abstract 13 This documents aims to document the relation between Internet 14 protocols and the right to freedom of assembly and association. The 15 Internet increasingly mediates our lives and thus the ability to 16 excercise human rights. Since Internet protocols play a central role 17 in the management, development and use of the Internet the relation 18 between the two should be documented and adverse impacts on this 19 human right should be mitigated. On the other hand there have also 20 been methods of protest, a form of freedom of assembly, on the 21 Internet that have been harmful to Internet connectivity and the 22 Internet infrastructure, such as DDoS attacks. This document aims to 23 document forms of protest, association and assembly that do not have 24 a negative impact on the Internet infrastructure. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on September 13, 2017. 43 Copyright Notice 45 Copyright (c) 2017 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Vocabulary used . . . . . . . . . . . . . . . . . . . . . . . 4 62 3. Research questions . . . . . . . . . . . . . . . . . . . . . 5 63 4. Cases and examples . . . . . . . . . . . . . . . . . . . . . 5 64 4.1. Communicating . . . . . . . . . . . . . . . . . . . . . . 5 65 4.1.1. Mailinglists . . . . . . . . . . . . . . . . . . . . 5 66 4.1.2. Multi party video conferencing and risks . . . . . . 5 67 4.1.3. Reaching out . . . . . . . . . . . . . . . . . . . . 6 68 4.2. Working together (peer production) . . . . . . . . . . . 7 69 4.2.1. Version control . . . . . . . . . . . . . . . . . . . 8 70 4.3. Grouping together (identities) . . . . . . . . . . . . . 8 71 4.3.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 4.3.2. ISPs . . . . . . . . . . . . . . . . . . . . . . . . 8 73 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 74 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 75 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 76 8. Research Group Information . . . . . . . . . . . . . . . . . 8 77 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 78 9.1. Informative References . . . . . . . . . . . . . . . . . 9 79 9.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 12 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 82 1. Introduction 84 Freedom of assembly and freedom of association are two human rights 85 that protect and enable collective action and expression [UDHR] 86 [ICCPR]. This is important because causes and opinions take more 87 force within a group of people that come together for the same means 88 [Tocqueville]. 90 The difference between the freedom of assembly and the freedom of 91 associotiation is merely gradual one. An assembly is an intentional 92 and temporary gathering of a collective in a private or public space 93 for a specific purpose: demonstrations, inside meetings, strikes, 94 processions, rallies or even sits-in [UNHRC]. The right to protest 95 is one of the rights encompassed by freedom of assembly, but also 96 exercised along with freedom of expression and the right to hold an 97 opinion. Nonetheless, protest unlike assembly, implies an element of 98 dissent that can be exercised individually, where as assembly always 99 has a collective component [ARTICLE19]. 101 Association on the other hand has a more formal nature. It refers to 102 a group of individuals or any legal entities brought together in 103 order to collectively act, express, promote, pursue or defend a field 104 of common interests [UNGA]. This means civil society organizations, 105 clubs, cooperatives, NGOs, religious associations, political parties, 106 trade unions, foundations or even online associations as the Internet 107 has been instrumental, for instance, in 'facilitating active citizen 108 participation in building democratic societies' [UNHRC]. 110 In less democratic or authoritarian countries, online association and 111 assembly has been crucial to mobilise groups and people, where 112 physical gatherings have been impossible or dangerous [APC]. Both 113 rights protect the right to join or leave a group of choice. Thus 114 any collective, gathered for peaceful purposes, is protected by these 115 rights. 117 In draft-irtf-hrpc-research the relationship between human rights and 118 Internet protocols has been shown, and guidelines for considerations 119 of human rights impact in protocol design have been provided. 121 Further research is needed to understand the exact shape, extend and 122 form of Internet protocols on human rights. This document aims to 123 break down the relationship between Internet protocols and the right 124 to freedom of assembly and association. 126 The right to privacy and the right to freedom of expression are the 127 most discussed human rights when it comes to the Internet. Still we 128 must recognize that communities, collaboration and joint action lie 129 at the heart of the Internet. 131 Even at at linguistical level, the words "networks" and 132 "associations" are close synonyms. Both interconnected groups and 133 association of persons depend on "links" and "relationships" [Swire]. 134 One could even argue that as a whole, the networked internet 135 constitutes a big collective, and thus an assembly and an 136 association. 138 On the other hand, IETF itself, defined as a 'open global community' 139 of network designers, operators, vendors, and researchers, is also 140 protected by freedom of assembly and association [RFC3233]. 141 Discussion, comments and consensus around RFCs are possible because 142 of the collective expression that freedom of association and assembly 143 allow. The very word "protocol" found its way into the language of 144 computer networking based on the need for collective agreement among 145 network users [HafnerandLyon]. 147 Throughtout the world -from the Arab Spring to Latin American student 148 movements- the Internet has also played a crucial role by providing a 149 means for the fast dissemination of information that was otherwise 150 mediated by broadcast media, or even forbidden by the government 151 [Pensado]. According to Hussain and Howard the Internet helped to 152 'build solidarity networks and identification of collective 153 identities and goals', facilitate protest, 'extend the range of local 154 coverage to international broadcast networks' and as platform for 155 contestation for the future of 'the future of civil society and 156 information infrastructure' [HussainHoward]. 158 However, some of these examples go beyond the use of Internet 159 protocols and flow over into the applications layer or association in 160 the offline world, whereas we'll focus on the Internet protocols and 161 architecture. 163 This can be contrasted with the example of association on the 164 infrastructure level (albeit one can contest wether this is 165 'peaceful') of Distributed Denial of Service Attacks (DDoS) in which 166 the infrastructure of the Internet is used to express discontent with 167 a specific cause [Abibil] [GreenMovement]. Unfortunately more of 168 than not DDoS are used to stifle freedom of expression, complicate 169 the ability of independent media and human rights organizations to 170 exercise their right to (online) freedom of association, while 171 facilitating the ability of governments to censor dissent. This is 172 one of the reasons protocols should seek to mitigate DDoS attacks 173 [BCP72]. 175 This document will further seek to map how the internet architecture 176 impacts freedom of association and assembly. 178 2. Vocabulary used 180 Anonymity The condition of an identity being unknown or concealed. 181 [RFC4949] 183 Censorship resistance Methods and measures to mitigate Internet 184 censorship. 186 Connectivity The extent to which a device or network is able to 187 reach other devices or networks to exchange data. The Internet is 188 the tool for providing global connectivity [RFC1958]. Different 189 types of connectivity are further specified in [RFC4084]. The 190 combination of the end-to-end principle, interoperability, 191 distributed architecture, resilience, reliability and robustness 192 are the enabling factors that result in connectivity to and on the 193 Internet. 195 Decentralization Implementation or deployment of standards, 196 protocols or systems without one single point of control. 198 Pseudonymity The ability to disguise one's identity online with a 199 different name than the "real" one, allowing for diverse degrees 200 of disguised identity and privacy. It is strengthened when less 201 personal data can be linked to the pseudonym; when the same 202 pseudonym is used less often and across fewer contexts; and when 203 independently chosen pseudonyms are more frequently used for new 204 actions (making them, from an observer's or attacker's 205 perspective, unlinkable)." [RFC6973] 207 3. Research questions 209 How does the internet architecture enables and/or inhibits freedom of 210 association and assembly. 212 4. Cases and examples 214 4.1. Communicating 216 4.1.1. Mailinglists 218 Since the beginning of the Internet mailing lists have been a key 219 site of assembly and association [RFC0155] [RFC1211]. In fact, 220 mailing lists were one of the Internet's first functionalities 221 [HafnerandLyon]. 223 In 1971, four years after the invention of email, the first mailing 224 list was created to discuss the idea of using Arpanet for discussion. 225 By this time, what had initially propelled the Arpanet project 226 forward as a resource sharing platform was gradually replaced by the 227 idea of a network as a means of bringing people together [Abbate]. 228 More than 45 years after, mailing lists are pervasive and help 229 communities to engage, have discussion, share information, ask 230 questions, and build ties. Even as social media and discussion 231 forums grew, mailing lists continue to be widely used 232 [AckermannKargerZhang]. They are a crucial tool to organise groups 233 and individuals around themes and causes [APC]. 235 4.1.2. Multi party video conferencing and risks 237 'Beginning in early 2008, Iranian security entities have engaged in 238 operations to identify and arrest administrators of "illicit" 239 websites and social media groups. In recent years, the detention and 240 interrogation of members of online communities has been publicized by 241 state media for propaganda purposes. However, the heavy-handedness 242 of the government has also inadvertently created a situation where 243 Iranian users are better positioned than others to avoid some 244 surveillance activities - increasing the burden of finding 245 pseudonymous users.' [AndersonGuarnieri]. 247 'The WebRTC protocol was designed to enable responsive real-time 248 communications over the Internet, and is instrumental in allowing 249 streaming video and conferencing applications to run in the browser. 250 In order to easily facilitate direct connections between computers 251 (bypassing the need for a central server to act as a gatekeeper), 252 WebRTC provides functionality to automatically collect the local and 253 public IP addresses of Internet users (ICE or STUN). These functions 254 do not require consent from the user, and can be instantiated by 255 sites that a user visits without their awareness. The potential 256 privacy implications of this aspect of WebRTC are well documented, 257 and certain browsers have provided options to limit its behavior.' 258 [AndersonGuarnieri]. 260 'The disclosure of network addresses presents a specific risk to 261 individuals that use privacy tools to conceal their real IP address 262 to sites that they visit. Typically, when a user browses the 263 Internet over a VPN, the only address that should be recorded by 264 sites they visit would be that of the VPN provider itself. Using the 265 WebRTC STUN function allows a site to additionally enumerate the 266 addresses that are associated with the computer that the visitor is 267 using - rather than those of intermediaries. This means that if a 268 user is browsing the Internet on an ADSL connection over a VPN, a 269 malicious site they visit could potentially surreptitious record the 270 home address of the user.' [AndersonGuarnieri]. 272 4.1.3. Reaching out 274 In the 1990s as the internet became more and more commercial, spam 275 came to be defined as irrelevant or unsolicited messages that were 276 porsted many times to multiple news groups or mailing lists [Marcus]. 277 Here the question of consent is crucial. In the 2000s a large part 278 of the discussion revolved around the fact that certain corporations 279 -protected by the right to freedom of association- considered spam to 280 be a form of "comercial speech", thus encompassed by free expression 281 rights [Marcus]. Nonetheless, if we consider that the rights to 282 assembly and association also mean that "no one may be compelled to 283 belong to an association" [UDHR], spam infringes both rights if an 284 op-out mechanism is not provided and people are obliged to receive 285 unwanted information, or be reached by people they do not know. 287 This leaves us with an interesting case: spam is currently handled 288 mostly by mailproviders on behalf of the user, next to that countries 289 are increasingly adopting opt-in regimes for mailinglists and 290 commercial e-mail, with a possibility of serious fines in case of 291 violation. 293 This protects the user from being confronted with unwanted messages, 294 but it also makes it legally and technically very difficult to 295 communite a message to someone who did not explicitly ask for this. 296 In the public offline spaces we regularly get exposed to flyers, 297 invitations or demonstrations where our opinions get challenged, or 298 we are invited to consider different viewpoints. There is no 299 equivalent on the Internet with the technical and legal regime that 300 currently operates in it. In other words, it is nearly impossible 301 impossibility to provide information, in a proportionate manner, that 302 someone is not explicility expecting or asking for. This reinforces 303 a concept that is regularly discussed on the application level, 304 called 'filter bubble': "The proponents of personalization offer a 305 vision of a custom-tailored world, every facet of which fits us 306 perfectly. It's a cozy place, populated by our favorite people and 307 things and ideas." [Pariser]. "The filter bubble's costs are both 308 personal and cultural. There are direct consequences for those of us 309 who use personalized filters. And then there are societal 310 consequences, which emerge when masses of people begin to live a 311 filter bubbled-life (...). Left to their own devices, 312 personalization filters serve up a kind of invisible autopropaganda, 313 indoctrinating us with our own ideas, amplifying our desire for 314 things that are familiar and leaving us oblivious to the dangers 315 lurking in the dark territory of the uknown." [Pariser]. It seem 316 that the 'filter bubble'-effect can also be observed at the 317 infrastructure level, which actually strenghtens the impact and thus 318 hampers the effect of collective expression. 320 There have been creative alternative for this problem, such as when a 321 message was distributed to the server logs of millons of servers 322 through the 'masscan'-tool [Cox]. 324 4.2. Working together (peer production) 326 At the organizational level, peer production is one of the most 327 relevant innovations from Internet mediated social practices. 328 According to Benkler, it implies 'open collaborative innovation and 329 creation, performed by diverse, decentralized groups organized 330 principally by neither price signals nor organizational hierarchy, 331 harnessing heterogeneous motivations, and governed and managed based 332 on principles other than the residual authority of ownership 333 implemented through contract.' [Benkler]. 335 4.2.1. Version control 337 Ever since developers needed to collaboratively write, maintain and 338 discuss large code basis for the Internet there have been different 339 approaches of doing so. One approach is discussing code through 340 mailing lists, but this has proven to be hard in case of maintaining 341 the most recent versions. There are many different versions and 342 characteristics of version control systems. 344 Centralization - differences (and gradients) between free (as in 345 beer) and free (as in freedom). Git vs Github. 347 4.3. Grouping together (identities) 349 Collective identities are also protected by freedom of association 350 and assembly rights. Acording to Melucci these are 'shared 351 definitions produced by several interacting individuals who are 352 concerned with the orientation of their action as well as the field 353 of opportunities and constraints in which their action takes place.' 354 [Melucci] 356 4.3.1. DNS 358 Advantages and disadvantages 360 4.3.2. ISPs 362 Access, diversity and forced association 364 5. Acknowledgements 366 6. Security Considerations 368 As this draft concerns a research document, there are no security 369 considerations. 371 7. IANA Considerations 373 This document has no actions for IANA. 375 8. Research Group Information 377 The discussion list for the IRTF Human Rights Protocol Considerations 378 Research Group is located at the e-mail address hrpc@ietf.org [1]. 379 Information on the group and information on how to subscribe to the 380 list is at https://www.irtf.org/mailman/listinfo/hrpc 381 Archives of the list can be found at: https://www.irtf.org/mail- 382 archive/web/hrpc/current/index.html 384 9. References 386 9.1. Informative References 388 [Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT 389 Press (2013): 11. , 2013, . 392 [Abibil] Danchev, D., "Dissecting 'Operation Ababil' - an OSINT 393 Analysis", 2012, . 396 [AckermannKargerZhang] 397 Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists: 398 Why Are They Still Here, What's Wrong With Them, and How 399 Can We Fix Them?", Mit. edu (2017): 1. , 2017, 400 . 403 [AndersonGuarnieri] 404 Anderson, C. and C. Guarnieri, "Fictitious Profiles and 405 webRTC's Privacy Leaks Used to Identify Iranian 406 Activists", 2016, 407 . 410 [APC] Association for Progressive Communications and . Gayathry 411 Venkiteswaran, "Freedom of assembly and association online 412 in India, Malaysia and Pakistan. Trends, challenges and 413 recommendations.", 2016, 414 . 417 [ARTICLE19] 418 ARTICLE 19, "The Right to Protest Principles: Background 419 Paper", 2016, 420 . 423 [BCP72] IETF, "Guidelines for Writing RFC Text on Security 424 Considerations", 2003, . 427 [Benkler] Benkler, Y., "Peer Production and Cooperation", 2009, 428 . 431 [Cox] Cox, J., "Chaos Communication Congress Hackers Invaded 432 Millions of Servers With a Poem", 2016, 433 . 437 [GreenMovement] 438 Villeneuve, N., "Iran DDoS", 2009, 439 . 441 [HafnerandLyon] 442 Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. 443 The Origins of the Internet", First Touchstone Edition 444 (1998): 93. , 1998, . 446 [HussainHoward] 447 Hussain, M. and P. Howard, "What Best Explains Successful 448 Protest Cascades? ICTs and the Fuzzy Causes of the Arab 449 Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013, 450 . 452 [ICCPR] United Nations General Assembly, "International Covenant 453 on Civil and Political Rights", 1976, 454 . 457 [Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and 458 the first amendment", 1998, . 461 [Melucci] Melucci, A., "The Process of Collective Identity", Temple 462 University Press, Philadelphia , 1995. 464 [Pariser] Pariser, E., "The Filter Bubble: How the New Personalized 465 Web Is Changing What We Read and How We Think", Peguin 466 Books, London. , 2012. 468 [Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", 469 ReVista. Harvard Review of Latin America (2012). , 2012, 470 . 472 [RFC0155] North, J., "ARPA Network mailing lists", RFC 155, 473 DOI 10.17487/RFC0155, May 1971, 474 . 476 [RFC1211] Westine, A. and J. Postel, "Problems with the maintenance 477 of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, 478 March 1991, . 480 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 481 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 482 . 484 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 485 RFC 3233, DOI 10.17487/RFC3233, February 2002, 486 . 488 [RFC4084] Klensin, J., "Terminology for Describing Internet 489 Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, 490 May 2005, . 492 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 493 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 494 . 496 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 497 Morris, J., Hansen, M., and R. Smith, "Privacy 498 Considerations for Internet Protocols", RFC 6973, 499 DOI 10.17487/RFC6973, July 2013, 500 . 502 [Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of 503 Association: Data Empowerment vs. Data Protection", North 504 Carolina Law Review (2012) 90 (1): 104. , 2012, 505 . 508 [Tocqueville] 509 de Tocqueville, A., "Democracy in America", n.d., . 514 [UDHR] United Nations General Assembly, "The Universal 515 Declaration of Human Rights", 1948, 516 . 518 [UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004, 519 . 522 [UNHRC] Maina Kiai, ., "Report of the Special Rapporteur on the 523 rights to freedom of peaceful assembly and of 524 association", A/HRC/20/27 , 2012, 525 . 528 9.2. URIs 530 [1] mailto:hrpc@ietf.org 532 Authors' Addresses 534 Niels ten Oever 535 ARTICLE 19 537 EMail: niels@article19.org 539 Gisela Perez de Acha 540 Derechos Digitales 542 EMail: gisela@derechosdigitales.org