Human Rights Protocol Considerations Research Group N. ten Oever
Internet-Draft Article19
Intended status: Informational February 06, 2017
Expires: August 10, 2017

Anonymity, Human Rights and Internet Protocols
draft-tenoever-hrpc-anonymity-00

Abstract

Anonymity is less discussed topic in the IETF than for instance security [RFC3552] or privacy [RFC6973]. This can be attributed to the fact anonymity is a hard technical problem or that anonymizing user data is not of specific market interest. It remains a fact that ‘most internet users would like to be anonymous online at least occasionally’ [Pew].

This document aims to break down the different meanings and implications of anonymity on a mediated computer network.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on August 10, 2017.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

There seems to be a clear need for anonymity when harassment on the Internet on the increase [Pew2] and the UN Special Rapporteur for Freedom of Expression call anonymity ‘necessary for the exercise of the right to freedom of opinion and expression in the digital age’ [UNHRC2015].

Nonetheless anonymity is not getting much discussion at the IETF, providing anonymity does not seem a (semi-)objective for many protocols, even though several documents contribute to improving anonymity such as [RFC7258], [RFC7626], [RFC7858].

There are initiatives on the Internet to improve end users anonymity, most notably [torproject], but this all relies on adding encryption in the application layer.

This document aims to break down the different meanings and implications of anonymity on a mediated computer network and to see whether (some parts of) anonymity should be taken into consideration in protocol development.

2. Vocabulary Used

Concepts in this draft currently strongly hinges on [AnonTerm]

Anonymity
A state of an individual in which an observer or attacker cannot identify the individual within a set of other individuals (the anonymity set). [RFC6973]
Linkability
Linkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, …) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker can sufficiently distinguish whether these IOIs are related or not. [AnonTerm]
Pseudonymity
Dervided from pseudonym, a persistent identity which is not the same as the entity’s given name.
Unlinkability
Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, …) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not. [AnonTerm]
Undetectability
The impossibility of being noticed or discovered
Undetectability of an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not [AnonTerm]
Unobservability
Unobservability of an item of interest (IOI) means:
undetectability of the IOI against all subjects uninvolved in it and
anonymity of the subject(s) involved in the IOI even against the other subject(s) involved in that IOI. [AnonTerm]

3. Research Questions

Premise: activity on the network has the ability for is to be anonymous or authenticated

While analyzing protocols for their impact on users anonymity, would it make sense to ask the following questions:

  1. How anonymous is the end user to:
  2. How well can they distinguish my identity from somebody else (with a similar communication) (ie linkability)
  3. How does the protocol impact pseudonomity?
  4. How does the protocol, in conjunction with other protocols, impact pseudonymity?
  5. Could there be advice for prootocol developers and implementers to improve anonimity and pseudonymity?

4. Use Cases

5. Security Considerations

As this draft concerns a research document, there are no security considerations.

6. IANA Considerations

This document has no actions for IANA.

7. Research Group Information

The discussion list for the IRTF Human Rights Protocol Considerations proposed working group is located at the e-mail address hrpc@ietf.org. Information on the group and information on how to subscribe to the list is at https://www.irtf.org/mailman/listinfo/hrpc

Archives of the list can be found at: https://www.irtf.org/mail-archive/web/hrpc/current/index.html

8. Informative References

[AnonTerm] Pfitzmann, A. and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management", 2010.
[Pew] Rainie, L., Kiesler, S., Kang, R. and M. Madden, "Anonymity, Privacy, and Security Online", 2013.
[Pew2] Duggan, M., "Online Harassment", 2014.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M. and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014.
[RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, DOI 10.17487/RFC7626, August 2015.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D. and P. Hoffman, "Specification for DNS over Transport Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 2016.
[torproject] The Tor Project, ., "Tor Project - Anonymity Online", 2007.
[UNHRC2015] Kaye, D., "Anonymity, Privacy, and Security Online (A/HRC/29/32)", 2015.

Author's Address

Niels ten Oever Article19 EMail: niels@article19.org