Human Rights Protocol Considerations Research Group A. Doria (ed)
Internet-Draft APC
Intended status: Informational March 21, 2016
Expires: September 22, 2016

HRPC - Report


This document presents an overview snapshot of the HRPC project to map engineering concepts at the protocol level that may be related to human rights, with a focus on the promotion and protection of the freedom of expression and of association.

It provides a framework while reporting on the study including: theoretical background, results and basic considerations. It will reference the detailed work being done on terminlogy and case studies documented in the research draft. It also folds in discussions from the research literature. The documents, [HRPC-Research] and this document, form an interrelated set that may later be combined into a single document.

This draft is still in very early stages and welcomes further contribution. Text is solicited.

Discussion on this draft at: //

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on September 22, 2016.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Background

Several reports from former United Nations (UN) Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, have made the relationship between the Internet and human rights explicit and led to the approval of the resolution “on the promotion, protection and enjoyment of human rights on the Internet” at the UN Human Rights Council (HRC). More recently, it led to the resolution “The right to privacy in the digital age” at the UN General Assembly. The NETmundial outcome document [Netmundial] affirms that human rights, as reflected in the Universal Declaration of Human Rights [UDHR], should underpin Internet governance principles.

Although the application of human rights to Internet policy consideratons has a firm rights’ basis, a direct relation between Internet architecture and protocols and human rights needs to be established and requires both exploration and description. As the full range of the interdependent and interrelated human rights would be challenging as a starting place for discussions, the research group has decided to start with the the rights of freedom of expression and freedom of association and assembly.

An additional challenge in bringing the discussion of human rights into Internet engineering discussions is the absence of an agreed upon vocabulary for such discussions. Developing a vocabulary for this discussion is a first requirement for the HRPC research effort.

It has been argued in [Liddicoat] that concerns for freedom of expression and association were a strong part of the world-view of the community involved in developing the first Internet protocols. Whether by intention or by historical coincidence, the Internet was designed with freedom and openness of communications as core values. But as the scale, as well as internationalization and commercialization of the Internet have grown, the influence of such world-views has had to compete with other values, such as ease and cost of development as well as the costs and difficulties in maintaining and upgrading the network and network elements. The purpose of this research is to discover and to document possible considerations, that is issues to be considered, involved in taking human rights into account when creating protocols.

Following the lead of work done for RFC 6973 [RFC6973] on Privacy Consideration Guidelines, the premise of this research is that some standards and protocols can either enable or threaten human rights on the Internet.

As stated in RFC 1958 [RFC1958], the Internet aims to be the global network of networks that provides unfettered connectivity to all users at all times and for any content. Open, secure and reliable connectivity is essential for rights such as freedom of expression and freedom of association, as defined in the Universal Declaration of Human Rights [UDHR]. Therefore, considering connectivity as the ultimate objective of the Internet makes a case that human rights are core values of the architecture of the network.

The IETF has determined that an essential part of maintaining the Internet as a tool for communication and connectivity is security. Indeed, “development of security mechanisms is seen as a key factor in the future growth of the Internet as a motor for international commerce and communication” RFC 1984 [RFC1984] and according to the Danvers Doctrine RFC 3365 [RFC3365], there is an overwhelming consensus in the IETF that the best security should be used and standardized.

In RFC 1984 [RFC1984], the Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG), the bodies which oversee architecture and standards for the Internet, expressed: “concern by the need for increased protection of international commercial transactions on the Internet, and by the need to offer all Internet users an adequate degree of privacy.” Indeed, the IETF has been doing a significant job in this area [RFC6973] and [RFC7258], considering privacy concerns as a subset of security concerns. [RFC6973]

The premise of this work is that it is possible to establish human rights consideratons for other human rights, beyond just privacy. This research builds on the the idea that protecting all rights is as much a security concern in the Internet as is the protection of privacy. The research also intends to document other bases for consideration of human rights as core values in Internet architectures and protocols.

This first phase of research focuses on freedom of expression and the right to association and assembly online. In doing so, given the interrelationship of all rights, other rights may be touched upon in the discussion, but the primary emphasis will be to discover where there are considerations that relate specicially to the freedoms of expression and of association and assembly. In the first phase there will also be a reliance on arguments based on security considerations, though the effect of other values will be considered.

2. Terminology

The terminology being used in this project was defined in [HRPC-GLOSSARY] and is applied in [HRPC-Research].

The process of developing a glossary has involved taking the variety of glossaries defined by the IETF in its various RFCs, comparing the terms both among the various RFC definitions and with terminology used in human rights field to produce a synthesized set of definitions after discussion in the research group. The goal is to produce a set of terms, using existing terminology, that can assist clear discussion among engineering experts and human rights experts. At this point in the research this vocabulary has been provisionally accepted in the research group.

The glossary also includes the definitions of some complex terms, such as Freedom of Expression and Freedom of Association, that relies of several of the other defined terms. Some of these complex defintions are still under discussion.

3. Theory

3.1. Universal Declaration of Human Rights (UDHR) and Internet Architecture

This project is focused on two rights defined in the UDHR [UDHR], Article 19 on Freedom of Expression and Article 20 of Freedom of Association.

Article 19
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Article 20
1 Everyone has the right to freedom of peaceful assembly and association.
2 No one may be compelled to belong to an association.

3.2. Link between protocols and human rights

[HRPC-Research] includes defintions of the basic human rights in terms of the engineering terminology. For example:

Detailed defintions of the included terms can be found in [HRPC-Research]

When looking at protocols the considerations can apply from several perspectives.

(Editor’s note: Several key pieces of research are discussed in this section. Readers/reviewers of the draft who have other recommended sources for relevant research that should be discussed in this document are invited to submit such for inclusion.)

3.3. Related research

This section will look at the theoretical work that has been done in the are of rights and protocols. It will include the academic research on the topic including the work of David Post [Post], Jonathan Zittrain [Zittrain] and David Clark, among others.

3.3.1. David Clark


3.3.2. Laura Denardis

In Protocol Politics [Denardis09] Denardis discusses “how values enter, or should enter, Internet protocol design.” She describes the “IETF process itself self-consciously expresses certain values.” The discussion goes on to define some examples of of IETF values, including:

To demonstrate the point, she presents a case study where engineers at the IETF “identified privacy as a value pertinent to IPv6 address design and embedded this design into design choices” with a detailed description of the issue of including Ethernet Addresses as part of the IPv6 address culminating in the design of IPv6 privacy features and changes. Interestingly she also describes how the IETF engineering community was aware of the privacy challenges, the rights challenges, before media and government discovered the problem and were working on the problem before the fire firestorm began.

The description ended with the following: “this episode is a reminder that some of the most critical Internet governance questions concern individual civil liberties and that design decisions can present an opportunity to advance libertarian and democratic values or to contain these values. IPv6 privacy design implications and value-conscious design choices reinforce the notion that Internet architecture and virtual resources cannot be understood only through the lens of technical efficiency, scarcity, or economic competition but as an embodiment of human values with social and cultural effects.”

3.3.3. David Post


3.3.4. Jonathan Zittrain


3.4. Related theoretical discussions from the research group

3.4.1. Principles from NetMundial Multistakeholder Statement

NETmundial was a bell-weather event held in October 2014, where stakeholders from academia, business, civil society, governments and the technical community came together to discuss Principles and a Roadmap for Internet governance. While the Principles did not address protocol development specifically, they did include a principle on Open Standards:

“Internet governance should promote open standards, informed by individual and collective expertise and decisions made by rough consensus, that allow for a global, interoperable, resilient, stable, decentralized, secure, and interconnected network, available to all. Standards must be consistent with human rights and allow development and innovation.” [Netmundial]

The NETmundial Roadmap on the other hand was a bit more specific on certain topics including digital security and arbitrary surveillance:

3.4.2. “Values and Networks” work by Roland Bless


3.4.3. Value laden engineering as discussed in A case study of codeing rights by Cath

This work discusses four basic architectural principles that are encoded in Internet Technology:

The work by Cath explores the relationship of the architectural principles to the human right of freedom of expression and asks whether the IETF has a repsonsiblity toward human rights. The paper shows that that there are numerous references to normative principles among the body of work of the IETF. It argues that this provides the necessary indication that ethics are within the purview of IETF considerations. The research question asked by the work is: “Should the right to freedom of speech be instantiated in the protocols and standards of the Internet Engineering Task Force?” This quetion is similar to the questions being asked in this research group.

Despite this ethical basis in Internet potocols, in Cath’s work the threat of fragmentation by countries that do not accept human rights suggests that an answer to the normative research question is negative: support for human rights should not be intitiated in the Internet in order to avoid fragmentation. This can be understood to mean that care must be taken to turning protocols into political targets. On the other hand the principles that are encoded in the Internet do make it better at enabling rights. This encourages work such as the work done for privacy consideration in the IETF and the research being done on protocol consideration for the freedoms of expression and association, as long as these are just considerations and not requirements. The paper cautions against using protocols to achieve advocacy goals.

3.5. Internet protocols as a public good

While not specifically part of the research, a background theoretical discussion in Internet rights involves discussion of whether the Internet is a public good. The economic definitons of a public good includes requirements that it be non-excludable, in that it is a good that cannot be withheld from any individual, and that it be non-rivalous, meaning that its use by some does not preclude its use by others.

Strictily speaking, the Internet does not meet these requirements. The fact that much of the world still does not have Internet access shows that it is excludable, as many are still excluded. Addtionally the fact that service providers charge for Internet access point to access not being a public good. In terms of rivalry, bandwidth and scalability issues give another indication that the Internet does not qualify as a public good, one person’s usage can interefe with another person’s usage. Some have argued that the Internet is a Common Pool Resource (CPR), as defined by Ostrum [Ostrum]. This claim has yet to be substantiated, as the Interent needs to satisfy various design principles to qualify as a CPR. Discussion of this issue is beyond the scope of this draft. (Editor’s note: Though it could be included it people felt it would be useful content for references’ sake.)

While the discussion on whether the Internet itself, as an infrastrucure, is either a public good or CPR, is open and contentious, it may be simpler to establish whether the set of core Internet protocols is a public good. This is relavant to the research in this group dealing with protocol considerations. It can be argued that for Internet protocols to be non-excludable, it has to be possible for everyone to use them. It is. Through the use of the core Internet protocols, anyone can create a network that connects into the Internet. While some protocols are encumbered by property rights and licensing requirements, a core set of protocols that are not encumberd, and thus freely avaialble to all, can be described as non-excludable. It also seems clear that one party’s proper use of the core set of Internet protocols does not have the effect of precluding use by others, so protocols can also be called non-rivalrous. One question relevant to the question of Internet protocols as a common good will involve determining whether a sufficient set of the core protocols essential to the Internet, are fully unencumbered.

Establising that Internet protocols are a public good adds an economic development consideration to the discussions and provides possible avenues for basing human rights protocol consideraton on more that just security, allowing other bases for discussion of the trades off in considerations when designing or deploying a protocol. The question still needs further exploriation to determine whether Internet protocols as a public good has any effect on the protocol considerations to be recommended by this group.

4. Methodology

Some compnents of the methodology are defined in detail in Research into Human Rights Protocol Considerations [HRPC-Research].

The purpose of the work is to map the potential relations between human rights and protocols so that considerations can be derived.

4.1. Case Studies

The case studies and their initial status is being documented in [HRPC-Research].

In each of the case studies, the behavior of the protocols is analysed for its positive and negative effects. In some case these effects are due to the design of the protocol itself, in others they may be due to existing or absent features. In protocls with optional features, whether a feature is implemented or deployed, can be a factor in the protocol’s impact on human rights.

The analysis on the following protocols are currently being discussed on HRPC list and being described in [HRPC-Research].

Covering issues concerning the network visibility of source and destination, address translation and mobility

4.2. Methodological Issues

The current methodology is based on discourse analysis and ethnographic research methods. This method is explained in [HRPC-Research]. While this is a good basis for initial discovery, further analysis is needed on whether the hypotheses formed as a result of the case studies can be abstracted to general consideration statements. Study is also needed to determine whether evidence for similar effects can be shown as a result of applying the general considerations to a wider set of protocols. A full analysis also requires that some attempt be made to test any candidate considerations for other effects and for unintended consequences.

5. Possible areas for protocol considerations

Using the definitions derived for the rights of freedom of expression and freedom of association and assembly, and the protocol attributes discovered in the use cases, a set of questions is being developed that enable a protocol designer to consider whether their design has any positive or negative effects on the human rights in question. The questions should also give guidance in terms of protocol atributes that can aid in creating new protocols that enable as opposed to hinder human rights.

[HRPC-Research] includes a first take on such questions. This work is still at an early stage. There have been recommendations in the list that the form of the questions be based on best practices for questionnaire development. The questions will need to be tested as outlined above in the section on methodological issues, to determine whether they are fit for general purpose in an engineering context.

5.1. Emergent Issues/Questions

This section records some of the question opened in discussion of the group that open broader questions that those centered on protocol considerations. Often the question involved the manner in which the protocols are deployed or used.

6. Next Steps

As discussed in the methodoloy section, a set of tests needs to be undertaken to determine whether the protocol attributes that have been isolated from the various use cases can be abstracted and tested in situation other than in those test cases.

Once this is done, the set of considerations can be drafted and discussed by the research group.

The current revision of [HRPC-Research] includes a first set of possible considerations.

6.1. Next steps for this document

The document will next be udated after IETF 95.

7. Acknowledgements

A section that include the many contributors of text as as commenters and those who are assisitng this project in existing. Some of the names: Niels ten Oever, Joana Varon, Catherine Cath, Daniel Kahn Gillmor, … more to be added … and the all the particpants in the research group.

8. IANA considerations

There shouldn’t be any.

9. Security Considerations

There shouldn’t be any.

10. Informative References

, "
[Blumenthal] Blumenthal, M. and D. Clark, "Rethinking the design of the Internet The end-to-end arguments vs. the brave new world", ACM Transactions on Internet Technology, Vol. 1, No. 1, August 2001, pp 70-109. , 2001.
[Cath] Cath, C., "A case study of codeing rights", 2015.
[Clark] Clark, D., "The Design Philosophy of the DARPA Internet Protocols", Proc SIGCOMM 88, ACM CCR Vol 18, Number 4, August 1988, pp. 106-114. , 1988.
[Denardis09] Denardis, L., "Protocol Politics", 2013.
[Denardis14] Denardis, L., The Global War for Internet Goverance", 2014.
[HRPC-GLOSSARY] ten Oever, N., Doria, A. and D. Gillmor, "Human Rights Protocol Considerations Glossary", 2015.
[HRPC-Method] Varon, J. and C. Cath, "Human Rights Protocol Considerations Methodology", 2015.
[HRPC-Research] ten Oever, N. and C. Cath, "Research into Human Rights Protocol Considerations", 2015.
[Liddicoat] Liddicoat, J. and A. Doria, "Human Rights and Internet Protocols", n.d..
[Netmundial]NETmundial Multistakeholder Statement", 2014.
[Ostrum] Ostrum,, E., "Governing the Commons", 1990.
[Post] Post, D., "Internet Infrastructure and IP Censorship", 2015.
[RFC1958] Carpenter, B., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996.
[RFC1984] IAB and IESG. , "IAB and IESG Statement on Cryptographic Technology and the Internet", BCP 200, RFC 1984, DOI 10.17487/RFC1984, August 1996.
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996.
[RFC2639] Hastings, T. and C. Manros, "Internet Printing Protocol/1.0: Implementer's Guide", RFC 2639, DOI 10.17487/RFC2639, July 1999.
[RFC2919] Chandhok, R. and G. Wenger, "List-Id: A Structured Field and Namespace for the Identification of Mailing Lists", RFC 2919, DOI 10.17487/RFC2919, March 2001.
[RFC3365] Schiller, J., "Strong Security Requirements for Internet Engineering Task Force Standard Protocols", BCP 61, RFC 3365, DOI 10.17487/RFC3365, August 2002.
[RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August 2010.
[RFC5891] Klensin, J., "Internationalized Domain Names in Applications (IDNA): Protocol", RFC 5891, DOI 10.17487/RFC5891, August 2010.
[RFC5892] Faltstrom, P., "The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)", RFC 5892, DOI 10.17487/RFC5892, August 2010.
[RFC5893] Alvestrand, H. and C. Karp, "Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)", RFC 5893, DOI 10.17487/RFC5893, August 2010.
[RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Asymmetric Key Package Content Type", RFC 6162, DOI 10.17487/RFC6162, April 2011.
[RFC6783] Levine, J. and R. Gellens, "Mailing Lists and Non-ASCII Addresses", RFC 6783, DOI 10.17487/RFC6783, November 2012.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M. and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014.
[RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014.
[RFC7232] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI 10.17487/RFC7232, June 2014.
[RFC7234] Fielding, R., Nottingham, M. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Caching", RFC 7234, DOI 10.17487/RFC7234, June 2014.
[RFC7235] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Authentication", RFC 7235, DOI 10.17487/RFC7235, June 2014.
[RFC7236] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations", RFC 7236, DOI 10.17487/RFC7236, June 2014.
[RFC7237] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Method Registrations", RFC 7237, DOI 10.17487/RFC7237, June 2014.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014.
[UDHR] United Nations General Assembly, "The Universal Declaration of Human Rights", 1948.
[Zittrain] Zittrain, J., "The Future of the Internet And How to Stop It", 2008.

Author's Address

Avri Doria APC EMail: