idnits 2.17.1 draft-tenoever-hrpc-association-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 22, 2017) is 2471 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 759 -- Obsolete informational reference (is this intentional?): RFC 155 (Obsoleted by RFC 168) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft ARTICLE 19 4 Intended status: Informational G. Perez de Acha 5 Expires: December 24, 2017 Derechos Digitales 6 June 22, 2017 8 Freedom of Association on the Internet 9 draft-tenoever-hrpc-association-01 11 Abstract 13 This document aims to scope the relation between Internet protocols 14 and the rights to freedom of assembly and association. The Internet 15 increasingly mediates our lives and our ability to excercise human 16 rights. Since Internet protocols play a central role in the 17 management, development and use of the Internet, the relation between 18 the mentioned rights should be documented and adverse impacts should 19 be mitigated. As there have been methods of protest on the Internet 20 -a form of freedom of assembly- that have proven to be harmful to 21 connectivity and infrastructure, such as DDoS attacks, this text aims 22 to document forms of protest, association and assembly that do not 23 have a negative impact on the Internet infrastructure. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on December 24, 2017. 42 Copyright Notice 44 Copyright (c) 2017 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 2. Vocabulary used . . . . . . . . . . . . . . . . . . . . . . . 4 61 3. Research questions . . . . . . . . . . . . . . . . . . . . . 5 62 4. Cases and examples . . . . . . . . . . . . . . . . . . . . . 5 63 4.1. Communicating . . . . . . . . . . . . . . . . . . . . . . 5 64 4.1.1. Mailinglists . . . . . . . . . . . . . . . . . . . . 6 65 4.1.2. Multi party video conferencing and risks . . . . . . 6 66 4.2. Peer-to-peer networks and systems . . . . . . . . . . . . 7 67 4.2.1. Peer-to-peer system achitectures . . . . . . . . . . 7 68 4.2.2. Version control . . . . . . . . . . . . . . . . . . . 8 69 4.3. Reaching out . . . . . . . . . . . . . . . . . . . . . . 9 70 4.3.1. Spam, filter bubbles, and unrequested messaging . . . 9 71 4.3.2. Distributed Denial of Service Attacks . . . . . . . . 10 72 4.4. Grouping together (identities) . . . . . . . . . . . . . 11 73 4.4.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . 11 74 4.4.2. ISPs . . . . . . . . . . . . . . . . . . . . . . . . 11 75 5. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 12 76 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 77 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 78 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 79 9. Research Group Information . . . . . . . . . . . . . . . . . 12 80 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 81 10.1. Informative References . . . . . . . . . . . . . . . . . 13 82 10.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 16 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 85 1. Introduction 87 Freedom of assembly and freedom of association are two human rights 88 that protect and enable collective action and expression [UDHR] 89 [ICCPR]. Both rights ensure everyone in a society has the 90 opportunity to express the opinions they hold in common with others, 91 which in turn facilitates dialogue among citizens, as well as between 92 them and political leaders or government [OSCE]. This is important 93 in the process of democratic delibration because causes and opinions 94 are more widely heard when a group of people come together behind the 95 same cause or issue [Tocqueville]. The rights to freedom of assembly 96 and association thus protect any collective, gathered either 97 permanently or temporarily for peaceful purposes. It is indeed a 98 "freedom" because it is voluntary and uncoerced: anyone can join or 99 leave a group of choice, which in turn means not to be forced to 100 either stay or leave. 102 The difference between freedom of assembly and freedom of association 103 is merely gradual one: the former tends to have an informal and 104 ephemeral nature, whereas the latter refers to established and 105 permanent bodies with specific objectives. Nonetheless, one and the 106 other are protected to the same degree. 108 An assembly is an intentional and temporary gathering of a collective 109 in a private or public space for a specific purpose: demonstrations, 110 inside meetings, strikes, processions, rallies or even sits-in 111 [UNHRC]. It is essentially a gathering. The right to protest is 112 encompassed by this right, and it coincides with the right to freedom 113 of expression and the right to hold an opinion. Nonetheless protest, 114 unlike assembly, involves an element of dissent that can be exercised 115 individually whereas assembly always has a collective component 116 [ARTICLE19]. Association on the other hand has a more formal and 117 established nature. It refers to a group of individuals or legal 118 entities brought together in order to collectively act, express, 119 pursue or defend a field of common interests [UNGA]. Within this 120 category we can think about civil society organizations, clubs, 121 cooperatives, NGOs, religious associations, political parties, trade 122 unions or foundations. 124 Rights to assembly and association are crucial for the Internet, even 125 if privacy and freedom of expression are the most discussed human 126 rights when it comes to the online world. It is undeniable that 127 communities, collaboration and joint action lie at the heart of the 128 Internet. Even at at linguistical level, the words "networks" and 129 "associations" are close synonyms. Both interconnected groups and 130 assemblies of people depend on "links" and "relationships" [Swire]. 131 One could even argue that as a whole, the networked internet 132 constitutes a big collective, and thus an assembly and an 133 association. 135 IETF itself, defined as a 'open global community' of network 136 designers, operators, vendors, and researchers, is also protected by 137 freedom of assembly and association [RFC3233]. Discussions, comments 138 and consensus around RFCs are possible because of the collective 139 expression that freedom of association and assembly allow. The very 140 word "protocol" found its way into the language of computer 141 networking based on the need for collective agreement among network 142 users [HafnerandLyon]. 144 In less democratic or authoritarian countries, online association and 145 assembly have been crucial to mobilise groups and people where 146 physical gatherings have been impossible or dangerous [APC]. 147 Throughout the world -from the Arab Spring to Latin American student 148 movements- the Internet has also played a crucial role by providing a 149 means for the fast dissemination of information that was otherwise 150 mediated by broadcast media, or even forbidden by the government 151 [Pensado]. According to Hussain and Howard the Internet helped to 152 'build solidarity networks and identification of collective 153 identities and goals', facilitate protest, 'extend the range of local 154 coverage to international broadcast networks' and as platform for 155 contestation for the future of 'the future of civil society and 156 information infrastructure' [HussainHoward]. 158 Some of these examples go beyond the use of Internet protocols and 159 flow over into the applications layer or examples in the offline 160 world whereas the purpose of the following document is to break down 161 the relationship between Internet protocols and the right to freedom 162 of assembly and association. We do recognize however that in some 163 cases the line between protocols, applications, implementations, 164 policies, and the offline world are often blurry and hard (if not 165 impossible) to differentiate, since protocols are a part of the 166 socio-technical ordering of the world. 168 In draft-irtf-hrpc-research the relationship between human rights and 169 Internet protocols has been shown, and guidelines for considerations 170 of human rights impact in protocol design have been provided. 171 Further research is needed to understand the exact impact of Internet 172 protocols on human rights, including assembly and association given 173 their importance for the Internet, in order to mitigate (potential) 174 negative impacts. This is the aim of this document. 176 2. Vocabulary used 178 Anonymity The condition of an identity being unknown or concealed. 179 [RFC4949] 181 Censorship resistance Methods and measures to mitigate Internet 182 censorship. 184 Connectivity The extent to which a device or network is able to 185 reach other devices or networks to exchange data. The Internet is 186 the tool for providing global connectivity [RFC1958]. Different 187 types of connectivity are further specified in [RFC4084]. The 188 combination of the end-to-end principle, interoperability, 189 distributed architecture, resilience, reliability and robustness 190 are the enabling factors that result in connectivity to and on the 191 Internet. 193 Decentralization Implementation or deployment of standards, 194 protocols or systems without one single point of control. 196 Pseudonymity The ability to disguise one's identity online with a 197 different name than the "real" one, allowing for diverse degrees 198 of disguised identity and privacy. It is strengthened when less 199 personal data can be linked to the pseudonym; when the same 200 pseudonym is used less often and across fewer contexts; and when 201 independently chosen pseudonyms are more frequently used for new 202 actions (making them, from an observer's or attacker's 203 perspective, unlinkable)." [RFC6973] 205 3. Research questions 207 How does the internet architecture enables and/or inhibits freedom of 208 association and assembly. 210 4. Cases and examples 212 Whereas rights to freedom of assembly and association protect 213 collective expression, systems and protocols than enable comunal 214 communication between people or between servers allow these rights to 215 prosper. The Internet itself was originally designed as "a medium 216 for communication for machines that share resources with each other 217 as equals" [NelsonHedlun]. In this sense, decentralized 218 architectures that protect anonimity and privacy, assure a resilient 219 network of speakers and recipients or receivers and thus ensure 220 better conditions for the exercise of such freedoms in the online 221 environment. At the same time, centralized solutions have enabled 222 people to group together in recognizable places and helped the 223 visbility of groups. Here we will discuss different cases to bring 224 out the affordances of different protocols, technologies and 225 architectual features. This issue is particularly timely since an 226 increasing trend of centralization and consolidation on the Internet 227 can be observed. This is trend can be parallely observed on the 228 application level, among Content Distribution Networks, hosting 229 providers, as well as Internet access providers. Through the 230 discussion of specific case we will try to further understand how 231 this impact freedom of assembly, freedom of association as well as 232 the distributed nature of the Internet [RFC1287]. 234 4.1. Communicating 236 The ability to produce, receive and spread information is an 237 essential pre-requisite for discussing and organizing. Protocols 238 that enable private, open, collaborative and non-excluding 239 communication models are the best fitted to foster and enable 240 assembly and association rights. 242 4.1.1. Mailinglists 244 Since the beginning of the Internet mailing lists have been a key 245 site of assembly and association [RFC0155] [RFC1211]. In fact, 246 mailing lists were one of the Internet's first functionalities 247 [HafnerandLyon]. 249 In 1971, four years after the invention of email, the first mailing 250 list was created to talk about the idea of using Arpanet for 251 discussion. By this time, what had initially propelled the Arpanet 252 project forward as a resource sharing platform was gradually replaced 253 by the idea of a network as a means of bringing people together 254 [Abbate]. More than 45 years after, mailing lists are pervasive and 255 help communities to engage, have discussion, share information, ask 256 questions, and build ties. Even as social media and discussion 257 forums grew, mailing lists continue to be widely used 258 [AckermannKargerZhang]. They are a crucial tool to organise groups 259 and individuals around themes and causes [APC]. 261 4.1.2. Multi party video conferencing and risks 263 Multi party video conferencing protocols such as webRTC [RFC6176] 264 [RFC7118] allow for robust, bandwidth-adaptive, wideband and super- 265 wideband video and audio discussions in groups. 'The WebRTC protocol 266 was designed to enable responsive real-time communications over the 267 Internet, and is instrumental in allowing streaming video and 268 conferencing applications to run in the browser. In order to easily 269 facilitate direct connections between computers (bypassing the need 270 for a central server to act as a gatekeeper), WebRTC provides 271 functionality to automatically collect the local and public IP 272 addresses of Internet users (ICE or STUN). These functions do not 273 require consent from the user, and can be instantiated by sites that 274 a user visits without their awareness. The potential privacy 275 implications of this aspect of WebRTC are well documented, and 276 certain browsers have provided options to limit its behavior.' 277 [AndersonGuarnieri]. 279 'The disclosure of network addresses presents a specific risk to 280 individuals that use privacy tools to conceal their real IP address 281 to sites that they visit. Typically, when a user browses the 282 Internet over a VPN, the only address that should be recorded by 283 sites they visit would be that of the VPN provider itself. Using the 284 WebRTC STUN function allows a site to additionally enumerate the 285 addresses that are associated with the computer that the visitor is 286 using - rather than those of intermediaries. This means that if a 287 user is browsing the Internet on an ADSL connection over a VPN, a 288 malicious site they visit could potentially surreptitious record the 289 home address of the user.' [AndersonGuarnieri]. 291 While facilitating freedom of assembly and association multi party 292 video conferencing tools might pose concrete risks for those who use 293 them. One the one hand webRTC is providing a resilient channels of 294 communications, but on the other hand it also exposed information 295 about those who are using the tool which might lead to increased 296 surveillance, identification and the consequences that might be 297 derived from that. The risk of surveillance is also true in an 298 offline space, but this is generally easy to analyze for the end- 299 user. Security and privacy expectations of the end-user could be 300 made more clear to the user (or improved) which would result in a 301 more secure and/or private excercise or the right of freedom of 302 assembly or association. 304 4.2. Peer-to-peer networks and systems 306 4.2.1. Peer-to-peer system achitectures 308 Peer-to-peer (P2P) is esentially a model of how people interact in 309 real life because "we deal directly with one another whenever we wish 310 to" [Vu]. Usually if we need something we ask our peers, who in turn 311 refer us to other peers. In this sense, the ideal definition of P2P 312 is that "nodes are able to directly exchange resources and services 313 between themselves without the need for centralized servers" and 314 where each participating node typically acts both as a server and as 315 a client [Vu]. In RFC 5694 it has been defined that peers or nodes 316 should be able to communicate directly between themselves without 317 passing intermediaries, and that the system should be self organizing 318 and have decentralized control [RFC5694]. With this in mind, the 319 ultimate model of P2P is a completely decentralized system, which is 320 more resistant to censorship, immune to single points of failure and 321 have a higher performance and scalability. Nonetheless, in practice 322 some P2P systems are supported by centralized servers and some others 323 have hybrid models where nodes are organized into two layers: the 324 upper tier servers and the lower tier common nodes [Vu]. 326 Since the ARPANET project, the original idea behind the Internet was 327 conceived as what we would now call a peer-to-peer system [RFC0001]. 328 Over time it has increasingly shifted towards a client/server model 329 with "millions of consumer clients communicating with a relatively 330 priviledged set of servers" [NelsonHedlun]. Whether for resource 331 sharing or data sharing, P2P systems are a form of enabling freedom 332 of assembly and association. Not only they allow for effective 333 dissemination of information, but they also because leverage 334 computing resources by diminishing costs allowing for the formation 335 of open collectives at the network level. At the same time, in 336 completely descentralized systems the nodes are autonomous and can 337 join or leave the network as they want also makes the system 338 unpredicable: a resource might be only sometimes available, and some 339 others it might be missing or incomplete [Vu]. Lack of information 340 might in turn make association or assembly more difficult. 342 Additionally, when one architecturally asseses the role of P2P 343 systems on can say that: "The main advantage of centralized P2P 344 systems is that they are able to provide a quick and reliable 345 resource locating. Their limitation, however, is that the 346 scalability of the systems is affected by the use of servers. While 347 decentralized P2P systems are better than centralized P2P systems in 348 this aspect, they require a longer time in resource locating. As a 349 result, hybrid P2P systems have been introduced to take ad- vantages 350 of both centralized and decentralized architectures. Basically, to 351 maintain the scalability, similar to decentralized P2P systems, there 352 are no servers in hybrid P2P systems. However, peer nodes that are 353 more powerful than others can be se- lected to act as servers to 354 serve others. These nodes are often called super peers. In this 355 way, resource locating can be done by both decentralized search 356 techniques and centralized search techniques (asking super peers), 357 and hence the systems benefit from the search techniques of 358 centralized P2P systems." {Vu}} 360 4.2.2. Version control 362 At the organizational level, peer production is one of the most 363 relevant innovations from Internet mediated social practices. 364 According to [Benkler], it implies 'open collaborative innovation and 365 creation, performed by diverse, decentralized groups organized 366 principally by neither price signals nor organizational hierarchy, 367 harnessing heterogeneous motivations, and governed and managed based 368 on principles other than the residual authority of ownership 369 implemented through contract.' [Benkler]. 371 In his book The Wealth of Networks, Benkler significantly expands on 372 his definition of commons-based peer production. According to 373 Benkler, what distinguishes commons-based production is that it 374 doesn't rely upon or propagate proprietary knowledge: "The inputs and 375 outputs of the process are shared, freely or conditionally, in an 376 institutional form that leaves them equally available for all to use 377 as they choose at their individual discretion." To ensure that the 378 knowledge generated is available for free use, commons-based projects 379 are often shared under an open license. 381 Ever since developers needed to collaboratively write, maintain and 382 discuss large code basis for the Internet there have been different 383 approaches of doing so. One approach is discussing code through 384 mailing lists, but this has proven to be hard in case of maintaining 385 the most recent versions. There are many different versions and 386 characteristics of version control systems. 388 4.3. Reaching out 390 4.3.1. Spam, filter bubbles, and unrequested messaging 392 In the 1990s as the internet became more and more commercial, spam 393 came to be defined as irrelevant or unsolicited messages that were 394 porsted many times to multiple news groups or mailing lists [Marcus]. 395 Here the question of consent is crucial. In the 2000s a large part 396 of the discussion revolved around the fact that certain corporations 397 -protected by the right to freedom of association- considered spam to 398 be a form of "comercial speech", thus encompassed by free expression 399 rights [Marcus]. Nonetheless, if we consider that the rights to 400 assembly and association also mean that "no one may be compelled to 401 belong to an association" [UDHR], spam infringes both rights if an 402 op-out mechanism is not provided and people are obliged to receive 403 unwanted information, or be reached by people they do not know. 405 This leaves us with an interesting case: spam is currently handled 406 mostly by mailproviders on behalf of the user, next to that countries 407 are increasingly adopting opt-in regimes for mailinglists and 408 commercial e-mail, with a possibility of serious fines in case of 409 violation. 411 This protects the user from being confronted with unwanted messages, 412 but it also makes it legally and technically very difficult to 413 communicate a message to someone who did not explicitly ask for this. 414 In public offline spaces we regularly get exposed to flyers, 415 invitations or demonstrations where our opinions get challenged, or 416 we are invited to consider different viewpoints. There is no 417 equivalent on the Internet with the technical and legal regime that 418 currently operates in it. In other words, it is nearly impossible to 419 provide information, in a proportionate manner, that someone is not 420 explicility expecting or asking for. This reinforces a concept that 421 is regularly discussed on the application level, called 'filter 422 bubble': "The proponents of personalization offer a vision of a 423 custom-tailored world, every facet of which fits us perfectly. It's 424 a cozy place, populated by our favorite people and things and ideas." 425 [Pariser]. "The filter bubble's costs are both personal and 426 cultural. There are direct consequences for those of us who use 427 personalized filters. And then there are societal consequences, 428 which emerge when masses of people begin to live a filter bubbled- 429 life (...). Left to their own devices, personalization filters serve 430 up a kind of invisible autopropaganda, indoctrinating us with our own 431 ideas, amplifying our desire for things that are familiar and leaving 432 us oblivious to the dangers lurking in the dark territory of the 433 uknown." [Pariser]. It seem that the 'filter bubble'-effect can 434 also be observed at the infrastructure level, which actually 435 strenghtens the impact and thus hampers the effect of collective 436 expression. 438 This could be interpretated as an argument for the injection of 439 unrequested messages, spam or other unrequested notifications. But 440 the big difference between the proliferation of such messages offline 441 and online is the investment that is needed. It is not hard for a 442 single person to message a lot of people, whereas if that person 443 needed to go house by house the scale and impact of their actions 444 would be much smaller. 446 4.3.2. Distributed Denial of Service Attacks 448 One of the most common examples of association at the infrastructure 449 level are Distributed Denial of Service Attacks (DDoS) in which the 450 infrastructure of the Internet is used to express discontent with a 451 specific cause [Abibil] [GreenMovement]. Unfortunately DDoS are 452 often used to stifle freedom of expression as they complicate the 453 ability of independent media and human rights organizations to 454 exercise their right to (online) freedom of association, while 455 facilitating the ability of governments to censor dissent. This is 456 one of the reasons protocols should seek to mitigate DDoS attacks 457 [BCP72]. As described in draft-irtf-hrpc-research: "Uses of DDoS 458 might or might not be legitimate for political reasons, but the IETF 459 has no means or methods to assess this, and in general enabling DDoS 460 would mean a deterioration of the network and thus freedom of 461 expression". This is argued from the vector of freedom of 462 expression, but if we would analyze it from the perspective of 463 freedom of association the argument could be as follows: If the 464 Internet is an association, any attack should be prevented and 465 mitigated because it prevents the possibility of exercising a right 466 to collective expression, which is consistent with [BCP72]. 468 On the other hand, it must be taken into consideration that DDoS 469 attacks are a form of forced assembly when done without the agreement 470 -or even knowledge- of the involved parts. This point was also 471 described in draft-irtf-hrpc-research: "When it comes to comparing 472 DDoS attacks to protests in offline life, it is important to remember 473 that only a limited number of DDoS attacks involved solely willing 474 participants. In most cases, the clients are hacked computers of 475 unrelated parties that have not consented to being part of a DDoS 476 (for exceptions see Operation Abibil [Abibil] or the Iranian Green 477 Movement DDoS [GreenMovement])."" 479 4.4. Grouping together (identities) 481 Collective identities are also protected by freedom of association 482 and assembly rights. Acording to Melucci these are 'shared 483 definitions produced by several interacting individuals who are 484 concerned with the orientation of their action as well as the field 485 of opportunities and constraints in which their action takes place.' 486 [Melucci] In this sense, assemblies and associations are an important 487 base in the maintenance and development of culture, as well as 488 preservation of minority identities [OSCE]. 490 4.4.1. DNS 492 Domain names allow hosts to be identified by human parsable 493 information. Whereas an IP address might not be the expression of an 494 identity, a domain name can be, and often is. On the other hand the 495 grouping of a certain identity under a specific domain, or even a Top 496 Level Domain, also brings about risks because connecting an identity 497 to a hierarchically structured identifier systems also bring risks 498 about. Risks could be surveillance of the services running on the 499 domain, domain based censorship, or impersonation of the domain 500 through DNS cache poisoning. Several technologies have been 501 developed in the IETF to mitigated these risks such as DNS over TLS 502 [RFC7858], DNSSEC, and TLS. 504 The structuring of DNS as a hierarchical authority structure also 505 brings about specific characteristic, namely the possibility of 506 centralized policy making on the management and operation of domain 507 names, which is what (in part) happens at ICANN. The impact of ICANN 508 processes on human rights will not be discussed here. 510 4.4.2. ISPs 512 In order for edge-users to connect to the Internet, a user needs to 513 be connected to a network. This means that in the process of 514 accessing the Internet the edge-user needs to accept the policies and 515 practices of the edge network that provides them access to the other 516 networks. This means that in order to users to be able to join the 517 assembly of a 'network of networks', they always need to connect 518 through an intermediary. 520 While access the Internet through an intermediary, the user is forced 521 to accept the policies, practices and principles of a network. This 522 could impede the rights of the edge-user, depending on the 523 implemented policies and practices on the network and how (if at all) 524 they are communicated to the end-user. In terms of rights infringing 525 habits one could think of filtering, blocking, extensive logging or 526 other invasive practices that are not clearly communicated to the 527 user. 529 In some cases it also means that there is no other way for the edge- 530 user to connect to the network of networks, and is thus forced into 531 accepting the policies of a specific network, because it is not 532 trivial for an edge-user to operate its own Autonomous System. This 533 design, combined with the increased importance of the Internet to 534 make use of basic services, forces edge-user to engage in association 535 with a specific network eventhough the user does not consent with the 536 policies of the network. 538 5. Conclusions 540 - Internet has impact for on the ability for people to excercise 541 their right to freedom of association and assembly. 543 - The Internet itself is a form of an associtation and assembly, and 544 should thus be protected. 546 - To get access to the Internet one could argued on is caught in a 547 forced assembly with the access network. 549 - It need to be further researched which level of the network is 550 responsible for these impacts, and considerations could be 551 developed for this. 553 6. Acknowledgements 555 7. Security Considerations 557 As this draft concerns a research document, there are no security 558 considerations. 560 8. IANA Considerations 562 This document has no actions for IANA. 564 9. Research Group Information 566 The discussion list for the IRTF Human Rights Protocol Considerations 567 Research Group is located at the e-mail address hrpc@ietf.org [1]. 568 Information on the group and information on how to subscribe to the 569 list is at https://www.irtf.org/mailman/listinfo/hrpc 571 Archives of the list can be found at: https://www.irtf.org/mail- 572 archive/web/hrpc/current/index.html 574 10. References 576 10.1. Informative References 578 [Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT 579 Press (2013): 11. , 2013, . 582 [Abibil] Danchev, D., "Dissecting 'Operation Ababil' - an OSINT 583 Analysis", 2012, . 586 [AckermannKargerZhang] 587 Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists: 588 Why Are They Still Here, What's Wrong With Them, and How 589 Can We Fix Them?", Mit. edu (2017): 1. , 2017, 590 . 593 [AndersonGuarnieri] 594 Anderson, C. and C. Guarnieri, "Fictitious Profiles and 595 webRTC's Privacy Leaks Used to Identify Iranian 596 Activists", 2016, 597 . 600 [APC] Association for Progressive Communications and . Gayathry 601 Venkiteswaran, "Freedom of assembly and association online 602 in India, Malaysia and Pakistan. Trends, challenges and 603 recommendations.", 2016, 604 . 607 [ARTICLE19] 608 ARTICLE 19, "The Right to Protest Principles: Background 609 Paper", 2016, 610 . 613 [BCP72] IETF, "Guidelines for Writing RFC Text on Security 614 Considerations", 2003, . 617 [Benkler] Benkler, Y., "Peer Production and Cooperation", 2009, 618 . 621 [GreenMovement] 622 Villeneuve, N., "Iran DDoS", 2009, 623 . 625 [HafnerandLyon] 626 Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. 627 The Origins of the Internet", First Touchstone Edition 628 (1998): 93. , 1998, . 630 [HussainHoward] 631 Hussain, M. and P. Howard, "What Best Explains Successful 632 Protest Cascades? ICTs and the Fuzzy Causes of the Arab 633 Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013, 634 . 636 [ICCPR] United Nations General Assembly, "International Covenant 637 on Civil and Political Rights", 1976, 638 . 641 [Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and 642 the first amendment", 1998, . 645 [Melucci] Melucci, A., "The Process of Collective Identity", Temple 646 University Press, Philadelphia , 1995. 648 [NelsonHedlun] 649 Minar, N. and M. Hedlun, "A Network of Peers: Models 650 Through the History of the Internet", Peer to Peer: 651 Harnessing the Power of Disruptive Technologies, ed: Andy 652 Oram , 2001, . 657 [OSCE] OSCE Office for Democratic Institutions and Human Rights, 658 "Guidelines on Freedom of Peaceful Assembly", page 24 , 659 2010, . 661 [Pariser] Pariser, E., "The Filter Bubble: How the New Personalized 662 Web Is Changing What We Read and How We Think", Peguin 663 Books, London. , 2012. 665 [Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", 666 ReVista. Harvard Review of Latin America (2012). , 2012, 667 . 669 [RFC0001] Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001, 670 April 1969, . 672 [RFC0155] North, J., "ARPA Network mailing lists", RFC 155, 673 DOI 10.17487/RFC0155, May 1971, 674 . 676 [RFC1211] Westine, A. and J. Postel, "Problems with the maintenance 677 of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, 678 March 1991, . 680 [RFC1287] Clark, D., Chapin, L., Cerf, V., Braden, R., and R. Hobby, 681 "Towards the Future Internet Architecture", RFC 1287, 682 DOI 10.17487/RFC1287, December 1991, 683 . 685 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 686 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 687 . 689 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 690 RFC 3233, DOI 10.17487/RFC3233, February 2002, 691 . 693 [RFC4084] Klensin, J., "Terminology for Describing Internet 694 Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, 695 May 2005, . 697 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 698 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 699 . 701 [RFC5694] Camarillo, G., Ed. and IAB, "Peer-to-Peer (P2P) 702 Architecture: Definition, Taxonomies, Examples, and 703 Applicability", RFC 5694, DOI 10.17487/RFC5694, November 704 2009, . 706 [RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer 707 (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March 708 2011, . 710 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 711 Morris, J., Hansen, M., and R. Smith, "Privacy 712 Considerations for Internet Protocols", RFC 6973, 713 DOI 10.17487/RFC6973, July 2013, 714 . 716 [RFC7118] Baz Castillo, I., Millan Villegas, J., and V. Pascual, 717 "The WebSocket Protocol as a Transport for the Session 718 Initiation Protocol (SIP)", RFC 7118, 719 DOI 10.17487/RFC7118, January 2014, 720 . 722 [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., 723 and P. Hoffman, "Specification for DNS over Transport 724 Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 725 2016, . 727 [Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of 728 Association: Data Empowerment vs. Data Protection", North 729 Carolina Law Review (2012) 90 (1): 104. , 2012, 730 . 733 [Tocqueville] 734 de Tocqueville, A., "Democracy in America", n.d., . 739 [UDHR] United Nations General Assembly, "The Universal 740 Declaration of Human Rights", 1948, 741 . 743 [UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004, 744 . 747 [UNHRC] Maina Kiai, ., "Report of the Special Rapporteur on the 748 rights to freedom of peaceful assembly and of 749 association", A/HRC/20/27 , 2012, 750 . 753 [Vu] Vu, Quang Hieu, ., Lupu, Mihai, ., and . Ooi, Beng Chin, 754 "Peer-to-Peer Computing: Principles and Applications", 755 2010, . 757 10.2. URIs 759 [1] mailto:hrpc@ietf.org 761 Authors' Addresses 763 Niels ten Oever 764 ARTICLE 19 766 EMail: niels@article19.org 768 Gisela Perez de Acha 769 Derechos Digitales 771 EMail: gisela@derechosdigitales.org