Human Rights Protocol Consideration RG A. Doria (ed) Internet-Draft Technicalities Intended status: Informational October 18, 2015 Expires: April 20, 2016 Human Rights Protocol Considerations - Report draft-doria-hrpc-report-00 Abstract This document present an overview of the project to map engineering concepts at the protocol level that may be related to promotion and protection of the freedom of expression and association. This first draft is intended to provide the framework for reporting on the study, initial results and basic considerations. At a later stage it will fold in the work being done in the Methodology and Glossary drafts as well as the work being done in the case studies. It also folds in some of the text included in the original proposal for the HRPC. Discussion on this draft at: hrpc@irtf.org // https://www.irtf.org/mailman/admindb/hrpc Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 20, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. Doria (ed) Expires April 20, 2016 [Page 1] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Link between protocols and human rights . . . . . . . . . . . 4 3.1. Discussion of Universal Declaration of Human Rights (UDHR) and Internet Architecture . . . . . . . . . . . . 5 3.2. Theory . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3. Other relevant research . . . . . . . . . . . . . . . . . 6 4. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Case Studies . . . . . . . . . . . . . . . . . . . . . . . . 6 5.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.2. IP . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.3. HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.4. XMPP . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.5. P2P . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Possible areas for protocol considerations . . . . . . . . . 7 7. Next Steps . . . . . . . . . . . . . . . . . . . . . . . . . 8 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 8 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 11. Informative References . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 1. Background The recognition that human rights have a role in Internet policies has become part of the general discourse. Several reports from former United Nations (UN) Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, have made such relation explicit, which lead to the approval of the landmark resolution "on the promotion, protection and enjoyment of human rights on the Internet" at the UN Human Rights Council (HRC). And, more recently, to the resolution "The right to privacy in the digital age" at the UN General Assembly. The NETmundial outcome document affirms that human rights, as reflected in the Universal Declaration of Human Rights [UDHR], should underpin Internet governance principles. Recently the UNESCO report: Doria (ed) Expires April 20, 2016 [Page 2] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 Keystones to foster inclusive Knowledge Societies [UNESCO] focused on the importance of developing the Internet on the basis of human rights principles. Nevertheless, the direct relation between Internet Standards and human rights is still something to be explored and more clearly demonstrated. Concerns for freedom of expression and association were a strong part of the world-view of the community involved in developing the first Internet protocols. Apparently, by intention or by coincidence, the Internet was designed with freedom and openness of communications as core values. But as the scale and the commercialization of the Internet has grown, the influence of such world-views had to compete with other values, such as ease of development and cost. The purpose of this research is to discover and document the consideration involved in taking human rights into account when creating protocols. In a manner similar to the work done for RFC 6973 [RFC6973] on Privacy Consideration Guidelines, the premise of this research is that some standards and protocols can solidify, enable or threaten human rights. As stated in RFC 1958 [RFC1958], the Internet aims to be the global network of networks that provides unfettered connectivity to all users at all times and for any content. Open, secure and reliable connectivity is essential for rights such as freedom of expression and freedom of association, as defined in the Universal Declaration of Human Rights [UDHR]. Therefore, considering connectivity as the ultimate objective of the Internet, this makes a clear case that the Internet is not only an enabler of human rights, but that human rights lie at the basis of, and are ingrained in, the architecture of the network. An essential part of maintaining the Internet as a tool for communication and connectivity is security. Indeed, "development of security mechanisms is seen as a key factor in the future growth of the Internet as a motor for international commerce and communication" RFC 1984 [RFC1984] and according to the Danvers Doctrine RFC 3365 [RFC3365], there is an overwhelming consensus in the IETF that the best security should be used and standardized. In RFC 1984 [RFC1984], the Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG), the bodies which oversee architecture and standards for the Internet, expressed: "concern by the need for increased protection of international commercial transactions on the Internet, and by the need to offer all Internet users an adequate degree of privacy." Indeed, the IETF has been Doria (ed) Expires April 20, 2016 [Page 3] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 doing a significant job in this area [RFC6973] [RFC7258], considering privacy concerns as a subset of security concerns. [RFC6973] Besides privacy, it should be possible to highlight other aspects of connectivity embedded in standards and protocols that can have human rights considerations. This report focuses on freedom of expression and the right to association and assembly online. 2. Terminology Currently defined in draft-dkg-hrpc-glossary to be folded in at appropriate time. 3. Link between protocols and human rights - Include discussion of value laden engineering as discussed in [Cath]. This work discusses four basic architectural principles that are encoded in Internet Technology: - Openness, Permissionless Innovation, and Content Agnosticism - Interoperability - Redundancy and the Distributed Architecture - The End-to-End Principle The work by Cath explores the relationship of the architectural principles to the human right of freedom of expression and asks whether the IETF has an repsonsiblity toward human rights. The fact that there is documentation of normative principles among the body of work of the IETF, is an indication that ethics are sometimes seen as within the purview of IETF consideraitons. The research question asked by the work is: "Should the right to freedom of speech be instantiated in the protocls and standards of the Internet Engineering Task Force?" Becasue of the threat of fragmentation by countries that do not accept human rights, the answer given to the research question is negative: human rights should not be instantiated in the Interent in order to avoid fragmentation. Care must be taken to avoid making the protocols political targets. On the other hand the principles that are encoded in the Internet do make it better at enabling rights. This encourages work such as the work done for privacy considerations Doria (ed) Expires April 20, 2016 [Page 4] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 in the IETF and the research being done on protocol consideration for the freedoms of expression and association. - Include discussion of "Values and Networks" work by Roland Bless tbd - Include discussion of principles from NetMundial Multistakeholder Statement tbd 3.1. Discussion of Universal Declaration of Human Rights (UDHR) and Internet Architecture This project is focused on two rights defined in the UDHR [UDHR], Article 19 on Freedom of Expression and Article 20 of Freedom of Association. Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers. Article 20 1 Everyone has the right to freedom of peaceful assembly and association. 2 No one may be compelled to belong to an association. 3.2. Theory When looking at protocols the considerations can apply from several perspectives. - The protocol's direct effects on human rights on the Internet. - The protocol's direct effect on human rights in combination with other protocols - The effect of specific protocol elements, separately or in combination with other protocol elements on human rights on the Internet - The ability to determine when various effects are occurring, i.e. transparency - The effect of deployment or non deployment. While this may be may seem beyond the protocol itself, often the design of protocol, its Doria (ed) Expires April 20, 2016 [Page 5] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 difficulty in implementation and the degree to which it contains required elements, poison pills or other protocol artifacts that either encourage or discourse implementation or deployment can be significant in the overall human rights affect of a protocol. 3.3. Other relevant research TBD : Look at, and summarize some of the academic research on the topic including Ian Brown [Brown], Laura Denardis [Denardis], David Post [Post], Jonathan Zittrain [Zittrain] among others. 4. Methodology Currently defined in detail in draft-varon-hrpc-methodolgy to be folded in at appropriate time. this will largely be a reproduction of Section 3 of that document that focuses on the methodology Briefly methodology has included: - scoping the research problem - determining terminology to be use linking engineering and human rights concepts - establishing methodology - case studies on a set of protocols - derivation of possible considerations 5. Case Studies In each of the case studies, the behavior of the protocols is analysed for its positive and negative effects. In some case these effects are due to the design of the protocol itself, in others they are due to existing or absent features. Early versions of the analysis on the following protocols are currently being discussed on HRPC list. Once the discussions have matured those discussions will be folded in this section. 5.1. DNS Text being done by Will Scott on the HRPC list, current snapshot included in [HRPC-Method]. Doria (ed) Expires April 20, 2016 [Page 6] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 5.2. IP Text being done by Will Scott on HRPC list, current snapshot included in [HRPC-Method]. 5.3. HTTP Text being done by Nex / Claudio on HRPC list, current snapshot included in [HRPC-Method]. 5.4. XMPP Text being done by Will Scott on HRPC list, current snapshot included in [HRPC-Method]. 5.5. P2P Text being done by Nex on HRPC List, current snapshot included in [HRPC-Method]. 6. Possible areas for protocol considerations The case studies point to several areas of protocol behavior that may be appropriate for considerations: - Character encoding for internationalization - DNS Record o Distortion o Injection o Removal - Network Poisoning - Traffic o Interception o Manipulation o Throttling - User Identification o Source and Destination visibility Doria (ed) Expires April 20, 2016 [Page 7] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 o Tracking Additionally, discussion of the rights themselves and the evidence of these rights being implicit in the IETF design principles [Clark] and in some of the existing architecture and protocols, [Cath] and [Liddicoat] suggest other considerations. [Cath] recommends that adhereing to the four fundamental architectural principles discussed above is a first step. 7. Next Steps Once the first take at consideration are defined, what are the next steps for creating something that can be useabble for protocol designers and implementers in considering the human rights of freedom of expression and freedom of association in their work. 8. Acknowledgement tbd : A section that includes mention the many contributors of text as well as commenters and those who are assisitng this project in existing. 9. IANA considerations There shouldn't be any. 10. Security Considerations There shouldn't be any. 11. Informative References [Blumenthal] Blumenthal, M. and D. Clark, "Rethinking the design of the Internet The end-to-end arguments vs. the brave new world", ACM Transactions on Internet Technology, Vol. 1, No. 1, August 2001, pp 70-109. , 2001. [Brown] Brown, I. and C. Marsden, "Regulating Code Good Governance and Better Regulation in the Information Age", 2013. [Cath] Cath, C., "A case study of codeing rights", 2015. [Clark] Clark, D., "The Design Philosophy of the DARPA Internet Protocols", Proc SIGCOMM 88, ACM CCR Vol 18, Number 4, August 1988, pp. 106-114. , 1988. Doria (ed) Expires April 20, 2016 [Page 8] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 [Denardis] Denardis, L., "Protocol Politics", 2013. [Galloway] Alexander Galloway, ., "Protocol", 2006. [HRPC-GLOSSARY] ten Oever, N., Doria, A., and D. Gillmor, "Human Rights Protocol Considerations Glossary", 2015, . [HRPC-Method] Varon, J. and C. Cath, "Human Rights Protocol Considerations Methodology", 2015, . [Liddicoat] Liddicoat, J. and A. Doria, "Human Rights and Internet Protocols", n.d., . [Post] Post, D., "Internet Infrastructure and IP Censorship", 2015, . [RFC1958] Carpenter, B., Ed., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, . [RFC1984] IAB and , "IAB and IESG Statement on Cryptographic Technology and the Internet", BCP 200, RFC 1984, DOI 10.17487/RFC1984, August 1996, . [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, . [RFC2639] Hastings, T. and C. Manros, "Internet Printing Protocol/1.0: Implementer's Guide", RFC 2639, DOI 10.17487/RFC2639, July 1999, . [RFC2919] Chandhok, R. and G. Wenger, "List-Id: A Structured Field and Namespace for the Identification of Mailing Lists", RFC 2919, DOI 10.17487/RFC2919, March 2001, . Doria (ed) Expires April 20, 2016 [Page 9] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 [RFC3365] Schiller, J., "Strong Security Requirements for Internet Engineering Task Force Standard Protocols", BCP 61, RFC 3365, DOI 10.17487/RFC3365, August 2002, . [RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August 2010, . [RFC5891] Klensin, J., "Internationalized Domain Names in Applications (IDNA): Protocol", RFC 5891, DOI 10.17487/RFC5891, August 2010, . [RFC5892] Faltstrom, P., Ed., "The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)", RFC 5892, DOI 10.17487/RFC5892, August 2010, . [RFC5893] Alvestrand, H., Ed. and C. Karp, "Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)", RFC 5893, DOI 10.17487/RFC5893, August 2010, . [RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Asymmetric Key Package Content Type", RFC 6162, DOI 10.17487/RFC6162, April 2011, . [RFC6783] Levine, J. and R. Gellens, "Mailing Lists and Non-ASCII Addresses", RFC 6783, DOI 10.17487/RFC6783, November 2012, . [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, . Doria (ed) Expires April 20, 2016 [Page 10] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, . [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI 10.17487/RFC7232, June 2014, . [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", RFC 7234, DOI 10.17487/RFC7234, June 2014, . [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Authentication", RFC 7235, DOI 10.17487/RFC7235, June 2014, . [RFC7236] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations", RFC 7236, DOI 10.17487/RFC7236, June 2014, . [RFC7237] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Method Registrations", RFC 7237, DOI 10.17487/RFC7237, June 2014, . [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014, . [UDHR] United Nations General Assembly, "The Universal Declaration of Human Rights", 1948, . [UNESCO] "Keystones to foster inclusive Knowledge Societies", 2015. [Zittrain] Zittrain, J., "The Future of the Internet And How to Stop It", 2008. Author's Address Doria (ed) Expires April 20, 2016 [Page 11] Internet-DraftHuman Rights Protocol Considerations - Report October 2015 Avri Doria Technicalities EMail: avri@acm.org Doria (ed) Expires April 20, 2016 [Page 12]