Human Rights Protocol Considerations Research Group N. ten Oever
Internet-Draft ARTICLE 19
Intended status: Informational G. Perez de Acha
Expires: September 13, 2017 Derechos Digitales
March 12, 2017

Freedom of Association on the Internet
draft-tenoever-hrpc-association-00

Abstract

This documents aims to document the relation between Internet protocols and the right to freedom of assembly and association. The Internet increasingly mediates our lives and thus the ability to excercise human rights. Since Internet protocols play a central role in the management, development and use of the Internet the relation between the two should be documented and adverse impacts on this human right should be mitigated. On the other hand there have also been methods of protest, a form of freedom of assembly, on the Internet that have been harmful to Internet connectivity and the Internet infrastructure, such as DDoS attacks. This document aims to document forms of protest, association and assembly that do not have a negative impact on the Internet infrastructure.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on September 13, 2017.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Freedom of assembly and freedom of association are two human rights that protect and enable collective action and expression [UDHR] [ICCPR]. This is important because causes and opinions take more force within a group of people that come together for the same means [Tocqueville].

The difference between the freedom of assembly and the freedom of associotiation is merely gradual one. An assembly is an intentional and temporary gathering of a collective in a private or public space for a specific purpose: demonstrations, inside meetings, strikes, processions, rallies or even sits-in [UNHRC]. The right to protest is one of the rights encompassed by freedom of assembly, but also exercised along with freedom of expression and the right to hold an opinion. Nonetheless, protest unlike assembly, implies an element of dissent that can be exercised individually, where as assembly always has a collective component [ARTICLE19].

Association on the other hand has a more formal nature. It refers to a group of individuals or any legal entities brought together in order to collectively act, express, promote, pursue or defend a field of common interests [UNGA]. This means civil society organizations, clubs, cooperatives, NGOs, religious associations, political parties, trade unions, foundations or even online associations as the Internet has been instrumental, for instance, in ‘facilitating active citizen participation in building democratic societies’ [UNHRC].

In less democratic or authoritarian countries, online association and assembly has been crucial to mobilise groups and people, where physical gatherings have been impossible or dangerous [APC]. Both rights protect the right to join or leave a group of choice. Thus any collective, gathered for peaceful purposes, is protected by these rights.

In draft-irtf-hrpc-research the relationship between human rights and Internet protocols has been shown, and guidelines for considerations of human rights impact in protocol design have been provided.

Further research is needed to understand the exact shape, extend and form of Internet protocols on human rights. This document aims to break down the relationship between Internet protocols and the right to freedom of assembly and association.

The right to privacy and the right to freedom of expression are the most discussed human rights when it comes to the Internet. Still we must recognize that communities, collaboration and joint action lie at the heart of the Internet.

Even at at linguistical level, the words “networks” and “associations” are close synonyms. Both interconnected groups and association of persons depend on “links” and “relationships” [Swire]. One could even argue that as a whole, the networked internet constitutes a big collective, and thus an assembly and an association.

On the other hand, IETF itself, defined as a ‘open global community’ of network designers, operators, vendors, and researchers, is also protected by freedom of assembly and association [RFC3233]. Discussion, comments and consensus around RFCs are possible because of the collective expression that freedom of association and assembly allow. The very word “protocol” found its way into the language of computer networking based on the need for collective agreement among network users [HafnerandLyon].

Throughtout the world -from the Arab Spring to Latin American student movements- the Internet has also played a crucial role by providing a means for the fast dissemination of information that was otherwise mediated by broadcast media, or even forbidden by the government [Pensado]. According to Hussain and Howard the Internet helped to ‘build solidarity networks and identification of collective identities and goals’, facilitate protest, ‘extend the range of local coverage to international broadcast networks’ and as platform for contestation for the future of ‘the future of civil society and information infrastructure’ [HussainHoward].

However, some of these examples go beyond the use of Internet protocols and flow over into the applications layer or association in the offline world, whereas we’ll focus on the Internet protocols and architecture.

This can be contrasted with the example of association on the infrastructure level (albeit one can contest wether this is ‘peaceful’) of Distributed Denial of Service Attacks (DDoS) in which the infrastructure of the Internet is used to express discontent with a specific cause [Abibil] [GreenMovement]. Unfortunately more of than not DDoS are used to stifle freedom of expression, complicate the ability of independent media and human rights organizations to exercise their right to (online) freedom of association, while facilitating the ability of governments to censor dissent. This is one of the reasons protocols should seek to mitigate DDoS attacks [BCP72].

This document will further seek to map how the internet architecture impacts freedom of association and assembly.

2. Vocabulary used

Anonymity
The condition of an identity being unknown or concealed. [RFC4949]
Censorship resistance
Methods and measures to mitigate Internet censorship.
Connectivity
The extent to which a device or network is able to reach other devices or networks to exchange data. The Internet is the tool for providing global connectivity [RFC1958]. Different types of connectivity are further specified in [RFC4084]. The combination of the end-to-end principle, interoperability, distributed architecture, resilience, reliability and robustness are the enabling factors that result in connectivity to and on the Internet.
Decentralization
Implementation or deployment of standards, protocols or systems without one single point of control.
Pseudonymity
The ability to disguise one’s identity online with a different name than the “real” one, allowing for diverse degrees of disguised identity and privacy. It is strengthened when less personal data can be linked to the pseudonym; when the same pseudonym is used less often and across fewer contexts; and when independently chosen pseudonyms are more frequently used for new actions (making them, from an observer’s or attacker’s perspective, unlinkable).” [RFC6973]

3. Research questions

How does the internet architecture enables and/or inhibits freedom of association and assembly.

4. Cases and examples

4.1. Communicating

4.1.1. Mailinglists

Since the beginning of the Internet mailing lists have been a key site of assembly and association [RFC0155] [RFC1211]. In fact, mailing lists were one of the Internet’s first functionalities [HafnerandLyon].

In 1971, four years after the invention of email, the first mailing list was created to discuss the idea of using Arpanet for discussion. By this time, what had initially propelled the Arpanet project forward as a resource sharing platform was gradually replaced by the idea of a network as a means of bringing people together [Abbate]. More than 45 years after, mailing lists are pervasive and help communities to engage, have discussion, share information, ask questions, and build ties. Even as social media and discussion forums grew, mailing lists continue to be widely used [AckermannKargerZhang]. They are a crucial tool to organise groups and individuals around themes and causes [APC].

4.1.2. Multi party video conferencing and risks

‘Beginning in early 2008, Iranian security entities have engaged in operations to identify and arrest administrators of “illicit” websites and social media groups. In recent years, the detention and interrogation of members of online communities has been publicized by state media for propaganda purposes. However, the heavy-handedness of the government has also inadvertently created a situation where Iranian users are better positioned than others to avoid some surveillance activities – increasing the burden of finding pseudonymous users.’ [AndersonGuarnieri].

‘The WebRTC protocol was designed to enable responsive real-time communications over the Internet, and is instrumental in allowing streaming video and conferencing applications to run in the browser. In order to easily facilitate direct connections between computers (bypassing the need for a central server to act as a gatekeeper), WebRTC provides functionality to automatically collect the local and public IP addresses of Internet users (ICE or STUN). These functions do not require consent from the user, and can be instantiated by sites that a user visits without their awareness. The potential privacy implications of this aspect of WebRTC are well documented, and certain browsers have provided options to limit its behavior.’ [AndersonGuarnieri].

‘The disclosure of network addresses presents a specific risk to individuals that use privacy tools to conceal their real IP address to sites that they visit. Typically, when a user browses the Internet over a VPN, the only address that should be recorded by sites they visit would be that of the VPN provider itself. Using the WebRTC STUN function allows a site to additionally enumerate the addresses that are associated with the computer that the visitor is using – rather than those of intermediaries. This means that if a user is browsing the Internet on an ADSL connection over a VPN, a malicious site they visit could potentially surreptitious record the home address of the user.’ [AndersonGuarnieri].

4.1.3. Reaching out

In the 1990s as the internet became more and more commercial, spam came to be defined as irrelevant or unsolicited messages that were porsted many times to multiple news groups or mailing lists [Marcus]. Here the question of consent is crucial. In the 2000s a large part of the discussion revolved around the fact that certain corporations -protected by the right to freedom of association- considered spam to be a form of “comercial speech”, thus encompassed by free expression rights [Marcus]. Nonetheless, if we consider that the rights to assembly and association also mean that “no one may be compelled to belong to an association” [UDHR], spam infringes both rights if an op-out mechanism is not provided and people are obliged to receive unwanted information, or be reached by people they do not know.

This leaves us with an interesting case: spam is currently handled mostly by mailproviders on behalf of the user, next to that countries are increasingly adopting opt-in regimes for mailinglists and commercial e-mail, with a possibility of serious fines in case of violation.

This protects the user from being confronted with unwanted messages, but it also makes it legally and technically very difficult to communite a message to someone who did not explicitly ask for this. In the public offline spaces we regularly get exposed to flyers, invitations or demonstrations where our opinions get challenged, or we are invited to consider different viewpoints. There is no equivalent on the Internet with the technical and legal regime that currently operates in it. In other words, it is nearly impossible impossibility to provide information, in a proportionate manner, that someone is not explicility expecting or asking for. This reinforces a concept that is regularly discussed on the application level, called ‘filter bubble’: “The proponents of personalization offer a vision of a custom-tailored world, every facet of which fits us perfectly. It’s a cozy place, populated by our favorite people and things and ideas.” [Pariser]. “The filter bubble’s costs are both personal and cultural. There are direct consequences for those of us who use personalized filters. And then there are societal consequences, which emerge when masses of people begin to live a filter bubbled-life (…). Left to their own devices, personalization filters serve up a kind of invisible autopropaganda, indoctrinating us with our own ideas, amplifying our desire for things that are familiar and leaving us oblivious to the dangers lurking in the dark territory of the uknown.” [Pariser]. It seem that the ‘filter bubble’-effect can also be observed at the infrastructure level, which actually strenghtens the impact and thus hampers the effect of collective expression.

There have been creative alternative for this problem, such as when a message was distributed to the server logs of millons of servers through the ‘masscan’-tool [Cox].

4.2. Working together (peer production)

At the organizational level, peer production is one of the most relevant innovations from Internet mediated social practices. According to Benkler, it implies ‘open collaborative innovation and creation, performed by diverse, decentralized groups organized principally by neither price signals nor organizational hierarchy, harnessing heterogeneous motivations, and governed and managed based on principles other than the residual authority of ownership implemented through contract.’ [Benkler].

4.2.1. Version control

Ever since developers needed to collaboratively write, maintain and discuss large code basis for the Internet there have been different approaches of doing so. One approach is discussing code through mailing lists, but this has proven to be hard in case of maintaining the most recent versions. There are many different versions and characteristics of version control systems.

Centralization - differences (and gradients) between free (as in beer) and free (as in freedom). Git vs Github.

4.3. Grouping together (identities)

Collective identities are also protected by freedom of association and assembly rights. Acording to Melucci these are ‘shared definitions produced by several interacting individuals who are concerned with the orientation of their action as well as the field of opportunities and constraints in which their action takes place.’ [Melucci]

4.3.1. DNS

Advantages and disadvantages

4.3.2. ISPs

Access, diversity and forced association

5. Acknowledgements

6. Security Considerations

As this draft concerns a research document, there are no security considerations.

7. IANA Considerations

This document has no actions for IANA.

8. Research Group Information

The discussion list for the IRTF Human Rights Protocol Considerations Research Group is located at the e-mail address hrpc@ietf.org. Information on the group and information on how to subscribe to the list is at https://www.irtf.org/mailman/listinfo/hrpc

Archives of the list can be found at: https://www.irtf.org/mail-archive/web/hrpc/current/index.html

9. Informative References

[Abbate] Janet Abbate, ., "Inventing the Internet", Cambridge: MIT Press (2013): 11. , 2013.
[Abibil] Danchev, D., "Dissecting 'Operation Ababil' - an OSINT Analysis", 2012.
[AckermannKargerZhang] Ackerman, M., Karger, D. and A. Zhang, "Mailing Lists: Why Are They Still Here, What’s Wrong With Them, and How Can We Fix Them?", Mit. edu (2017): 1. , 2017.
[AndersonGuarnieri] Anderson, C. and C. Guarnieri, "Fictitious Profiles and webRTC's Privacy Leaks Used to Identify Iranian Activists", 2016.
[APC] Association for Progressive Communications and . Gayathry Venkiteswaran, "Freedom of assembly and association online in India, Malaysia and Pakistan. Trends, challenges and recommendations.", 2016.
[ARTICLE19] ARTICLE 19, "The Right to Protest Principles: Background Paper", 2016.
[BCP72] IETF, "Guidelines for Writing RFC Text on Security Considerations", 2003.
[Benkler] Benkler, Y., "Peer Production and Cooperation", 2009.
[Cox] Cox, J., "Chaos Communication Congress Hackers Invaded Millions of Servers With a Poem", 2016.
[GreenMovement] Villeneuve, N., "Iran DDoS", 2009.
[HafnerandLyon] Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late. The Origins of the Internet", First Touchstone Edition (1998): 93. , 1998.
[HussainHoward] Hussain, M. and P. Howard, "What Best Explains Successful Protest Cascades? ICTs and the Fuzzy Causes of the Arab Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013.
[ICCPR] United Nations General Assembly, "International Covenant on Civil and Political Rights", 1976.
[Marcus] Marcus, J., "Commercial Speech on the Internet: Spam and the first amendment", 1998.
[Melucci] Melucci, A., "The Process of Collective Identity", Temple University Press, Philadelphia , 1995.
[Pariser] Pariser, E., "The Filter Bubble: How the New Personalized Web Is Changing What We Read and How We Think", Peguin Books, London. , 2012.
[Pensado] Jaime Pensado, ., "Student Activism. Utopian Dreams.", ReVista. Harvard Review of Latin America (2012). , 2012.
[RFC0155] North, J., "ARPA Network mailing lists", RFC 155, DOI 10.17487/RFC0155, May 1971.
[RFC1211] Westine, A. and J. Postel, "Problems with the maintenance of large mailing lists", RFC 1211, DOI 10.17487/RFC1211, March 1991.
[RFC1958] Carpenter, B., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996.
[RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, RFC 3233, DOI 10.17487/RFC3233, February 2002.
[RFC4084] Klensin, J., "Terminology for Describing Internet Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, May 2005.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M. and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013.
[Swire] Peter Swire, ., "Social Networks, Privacy, and Freedom of Association: Data Empowerment vs. Data Protection", North Carolina Law Review (2012) 90 (1): 104. , 2012.
[Tocqueville] de Tocqueville, A., "Democracy in America", n.d..
[UDHR] United Nations General Assembly, "The Universal Declaration of Human Rights", 1948.
[UNGA] Hina Jilani, ., "Human rights defenders", A/59/401 , 2004.
[UNHRC] Maina Kiai, ., "Report of the Special Rapporteur on the rights to freedom of peaceful assembly and of association", A/HRC/20/27 , 2012.

Authors' Addresses

Niels ten Oever ARTICLE 19 EMail: niels@article19.org
Gisela Perez de Acha Derechos Digitales EMail: gisela@derechosdigitales.org