Human Rights Protocol Considerations Research Group         N. ten Oever
Internet-Draft                                                ARTICLE 19
Intended status: Informational                          G. Perez de Acha
Expires: April 16, 2018                               Derechos Digitales
                                                        October 13, 2017

                 Freedom of Association on the Internet


   This document aims to scope the relation between Internet protocols
   and the right to freedom of assembly and association.  The Internet
   increasingly mediates our lives and our ability to excercise human
   rights.  Since Internet protocols play a central role in the
   management, development and use of the Internet, the relation between
   protocols and the aforementioned rights should be documented and
   adverse impacts should be mitigated.  As there have been methods of
   protest on the Internet -a form of freedom of assembly- that have
   proven to be harmful to connectivity and infrastructure, such as DDoS
   attacks, this text aims to document forms of protest, association and
   assembly that do not have a negative impact on the Internet

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 16, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 1]

Internet-Draft                     FoA                      October 2017

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Vocabulary used . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Research questions  . . . . . . . . . . . . . . . . . . . . .   4
   4.  Methodology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Literature Review . . . . . . . . . . . . . . . . . . . . . .   4
   6.  Cases and examples  . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Communicating . . . . . . . . . . . . . . . . . . . . . .   6
       6.1.1.  Mailing Lists . . . . . . . . . . . . . . . . . . . .   6
       6.1.2.  Multi-party video conferencing and risks  . . . . . .   7
     6.2.  Peer-to-peer networks and systems . . . . . . . . . . . .   8
       6.2.1.  Peer-to-peer system achitectures  . . . . . . . . . .   8
       6.2.2.  Version control . . . . . . . . . . . . . . . . . . .  10
     6.3.  Reaching out  . . . . . . . . . . . . . . . . . . . . . .  10
       6.3.1.  Spam, filter bubbles, and unrequested messaging . . .  11
       6.3.2.  Distributed Denial of Service Attacks . . . . . . . .  12
     6.4.  Grouping together (identities)  . . . . . . . . . . . . .  13
       6.4.1.  DNS . . . . . . . . . . . . . . . . . . . . . . . . .  13
       6.4.2.  ASes  . . . . . . . . . . . . . . . . . . . . . . . .  13
   7.  Discussion: The Internet as an association  . . . . . . . . .  14
   8.  Conclusions . . . . . . . . . . . . . . . . . . . . . . . . .  15
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   11. Research Group Information  . . . . . . . . . . . . . . . . .  15
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
     12.1.  Informative References . . . . . . . . . . . . . . . . .  16
     12.2.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  20
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21

1.  Introduction

   The right to freedom of assembly and association protects collective
   expression, in turn, systems and protocols than enable communal
   communication between people and servers allow these rights to
   prosper.  The Internet itself was originally designed as "a medium of
   communication for machines that share resources with each other as

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 2]

Internet-Draft                     FoA                      October 2017

   equals" [NelsonHedlun], the Internet thus forms a basic
   infrastructure for the right freedom of assembly and association.

   The manner in which communication is designed and implemented impacts
   the ways in which rights can be excercised.  For instance a
   decentralized and resilient architecture that protects anonimity and
   privacy, offers a strong protection for the exercise of such freedoms
   in the online environment.  At the same time, centralized solutions
   have enabled people to group together in recognizable places and
   helped the visbility of groups.

   draft-irtf-hrpc-research established the relationship between human
   rights and Internet protocols, and it provides guidelines for
   considerations on the human rights impact of protocols.

   This draft aims to take continue the work started in draft-irtf-hrpc-
   research by investigating the exact impact of Internet protocols on a
   specific human rights, namely the right to freedom of assembly and
   association given their importance for the Internet, in order to
   mitigate (potential) negative impacts.

2.  Vocabulary used

   Anonymity  The condition of an identity being unknown or concealed.

   Censorship resistance  Methods and measures to mitigate Internet

   Connectivity  The extent to which a device or network is able to
      reach other devices or networks to exchange data.  The Internet is
      the tool for providing global connectivity [RFC1958].  Different
      types of connectivity are further specified in [RFC4084].  The
      combination of the end-to-end principle, interoperability,
      distributed architecture, resilience, reliability and robustness
      are the enabling factors that result in connectivity to and on the

   Decentralization  Implementation or deployment of standards,
      protocols or systems without one single point of control.

   Pseudonymity  The ability to disguise one's identity online with a
      different name than the "real" one, allowing for diverse degrees
      of disguised identity and privacy.  It is strengthened when less
      personal data can be linked to the pseudonym; when the same
      pseudonym is used less often and across fewer contexts; and when
      independently chosen pseudonyms are more frequently used for new

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 3]

Internet-Draft                     FoA                      October 2017

      actions (making them, from an observer's or attacker's
      perspective, unlinkable)."  [RFC6973]

3.  Research questions

   1.  How does the internet architecture enable and/or inhibit freedom
       of association and assembly?

   2.  Is the Internet an assembly or association?  Should it be
       protected as such?

4.  Methodology

   In order to answer the research questions, first a number of cases
   have been collected to analyze where Internet infrastructure and
   protocols have either enabled or inhibited groups of people to
   collaborate, cooperate or communicate.  This overview does not aim to
   cover all possible ways in which people can collectively organize or
   reach out to each other using Internet infrastructure and Internet
   protocols, but rather cover typical uses in an effort of doing an
   ethnography of infrastructure [Star].  Subsequently we analyze the
   cases with the theoretical framework provided in the literature
   review and provide recommendations based on the findings.

   The scope of this research is open protocols and architectures
   developed in the IETF, thus closed and centralized Internet platforms
   such as Facebook do not fall within the scope of this research.

5.  Literature Review

   The right to freedom of assembly and association protects and enables
   collective action and expression [UDHR] [ICCPR].  These rights
   ensures everyone in a society has the opportunity to express the
   opinions they hold in common with others, which in turn facilitates
   dialogue among citizens, as well as with political leaders or
   governments [OSCE].  This is relevant because in the process of
   democratic delibration, causes and opinions are more widely heard
   when a group of people come together behind the same cause or issue

   In international law, the right to freedom of assembly and
   association protects any collective, gathered either permanently or
   temporarily for "peaceful" purposes.  We will later expand on the
   definitions and limits of "peacefulness" within these rights.  For
   now it is important to underline the propery of "freedom" because the
   rights to freedom of association and assembly is voluntary and
   uncoerced: anyone can join or leave a group of choice, which in turn
   means on should not be forced to either join, stay or leave.

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 4]

Internet-Draft                     FoA                      October 2017

   The difference between freedom of assembly and freedom of association
   is merely gradual one: the former tends to have an informal and
   ephemeral nature, whereas the latter refers to established and
   permanent bodies with specific objectives.  Nonetheless, one and the
   other are protected to the same degree.

   An assembly is an intentional and temporary gathering of a collective
   in a private or public space for a specific purpose: demonstrations,
   indoor meetings, strikes, processions, rallies or even sits-in
   [UNHRC].  The right to protest is a conglomerate of various rights,
   and the right to assembly is one of them.  Nonetheless protest,
   unlike assembly, involves an element of dissent that can be exercised
   individually whereas assembly always has a collective component
   [ARTICLE19].  Association on the other hand has a more formal and
   established nature.  It refers to a group of individuals or legal
   entities brought together in order to collectively act, express,
   pursue or defend a field of common interests [UNGA].  Within this
   category we can think about civil society organizations, clubs,
   cooperatives, NGOs, religious associations, political parties, trade
   unions or foundations.

   The right to freedom of assembly and association is crucial for the
   Internet, even if privacy and freedom of expression are the most
   discussed human rights when it comes to the online world.  The IETF
   itself, defined as a 'open global community' of network designers,
   operators, vendors, and researchers, is also protected by freedom of
   assembly and association [RFC3233].  Discussions, comments and
   consensus around RFCs are possible because of the collective
   expression that freedom of association and assembly allow.  The very
   word "protocol" found its way into the language of computer
   networking based on the need for collective agreement among network
   users [HafnerandLyon].

   The Internet is increasingly being used as a platform for protest.
   Digital technologies play an important role "by helping individuals
   and groups to organise and plan effectively and quickly, respond to
   certain events, or document and report on protests "[ARTICLE19].
   According to Hussain and Howard the Internet helped to "build
   solidarity networks and identification of collective identities and
   goals", facilitate protest, "extend the range of local coverage to
   international broadcast networks" and as platform for contestation
   for the future of "the future of civil society and information
   infrastructure" [HussainHoward].

   Protests are no longer limited to public physical spaces: squares,
   streets or parks.  Technology "makes it possible for people to
   'gather' in online spaces and engage in new forms of 'virtual'
   protest" [ARTICLE19].  Online association and assembly are crucial to

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 5]

Internet-Draft                     FoA                      October 2017

   mobilise groups and people where physical gatherings have been
   impossible or dangerous [APC].  Throughout the world -from the Arab
   Spring to Latin American student movements- the Internet has also
   played a crucial role by providing a means for the fast dissemination
   of information that was otherwise mediated by broadcast media, or
   even forbidden by the government [Pensado].

   We are aware that some of these examples go beyond the use of
   Internet protocols and flow over into the applications layer or
   examples in the offline world whereas the purpose of the following
   document is to break down the relationship between Internet protocols
   and the right to freedom of assembly and association.  Nonetheless,
   given that protocols are a part of the socio-technical ordering of
   the world, we do recognize that in some cases the line between them
   and applications, implementations, policies and offline realities are
   often blurried and hard (if not impossible) to differentiate.

6.  Cases and examples

   The Internet has become a central mediator for collective action and
   collaboration.  This means the Internet has become a strong enabler
   of the rights to freedom of association and assembly.

   Here we will discuss different cases to bring out the characteristics
   and consequences of different protocols, technologies and
   architectural features.  This issue is particularly timely since an
   increasing trend of centralization and consolidation on the Internet
   can be observed.  This trend can be parallely observed on the
   application level, among Content Distribution Networks, hosting
   providers, as well as Internet access providers.  Through the
   discussion of specific case we will try to further understand how
   this impact freedom of assembly, freedom of association as well as
   the distributed nature of the Internet [RFC1287].

6.1.  Communicating

   The ability to produce, receive and spread information is an
   essential pre-requisite for discussing and organizing.  Protocols
   that enable private, open, collaborative and non-excluding
   communication models are the best fitted to foster and enable
   assembly and association rights.

6.1.1.  Mailing Lists

   Since the beginning of the Internet mailing lists have been a key
   site of assembly and association [RFC0155] [RFC1211].  In fact,
   mailing lists were one of the Internet's first functionalities

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 6]

Internet-Draft                     FoA                      October 2017

   In 1971, four years after the invention of email, the first mailing
   list was created to talk about the idea of using Arpanet for
   discussion.  By this time, what had initially propelled the Arpanet
   project forward as a resource sharing platform was gradually replaced
   by the idea of a network as a means of bringing people together
   [Abbate].  More than 45 years after, mailing lists are pervasive and
   help communities to engage, have discussion, share information, ask
   questions, and build ties.  Even as social media and discussion
   forums grew, mailing lists continue to be widely used
   [AckermannKargerZhang].  They are a crucial tool to organise groups
   and individuals around themes and causes [APC].

   Mailinglist are still in wide use, also in the IETF because they
   allow for easy association and allow people to subscribe (join) and
   unsubscribe (leave) as they please.  They also allow for association
   of specific groups on closed lists.  Finally the archival function
   allows for accountabilty.  The downsides of mailinglists are similar
   to the ones generally associated with e-mail, except that end-to-end
   encryption such as OpenPGP [RFC4880] and S/MIME [RFC5751] is not
   possible because the final recipients are not known.  There have been
   expirimental solutions to address this issues such as Schleuder
   [Schleuder], but this has not been standardized or widely deployed.

6.1.2.  Multi-party video conferencing and risks

   Multi-party video conferencing protocols such as WebRTC [RFC6176]
   [RFC7118] allow for robust, bandwidth-adaptive, wideband and super-
   wideband video and audio discussions in groups.  'The WebRTC protocol
   was designed to enable responsive real-time communications over the
   Internet, and is instrumental in allowing streaming video and
   conferencing applications to run in the browser.  In order to easily
   facilitate direct connections between computers (bypassing the need
   for a central server to act as a gatekeeper), WebRTC provides
   functionality to automatically collect the local and public IP
   addresses of Internet users (ICE or STUN).  These functions do not
   require consent from the user, and can be instantiated by sites that
   a user visits without their awareness.  The potential privacy
   implications of this aspect of WebRTC are well documented, and
   certain browsers have provided options to limit its behavior.'

   'The disclosure of network addresses presents a specific risk to
   individuals that use privacy tools to conceal their real IP address
   to sites that they visit.  Typically, when a user browses the
   Internet over a VPN, the only address that should be recorded by
   sites they visit would be that of the VPN provider itself.  Using the
   WebRTC STUN function allows a site to additionally enumerate the
   addresses that are associated with the computer that the visitor is

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 7]

Internet-Draft                     FoA                      October 2017

   using - rather than those of intermediaries.  This means that if a
   user is browsing the Internet on an ADSL connection over a VPN, a
   malicious site they visit could potentially surreptitious record the
   home address of the user.'  [AndersonGuarnieri].

   While facilitating freedom of assembly and association multi-party
   video conferencing tools might pose concrete risks for those who use
   them.  One the one hand WebRTC is providing a resilient channels of
   communications, but on the other hand it also exposes information
   about those who are using the tool which might lead to increased
   surveillance, identification and the consequences that might be
   derived from that.  This is especially concerning because the usage
   of a VPN does not protect against the exposure of IP addresses

   The risk of surveillance is also true in an offline space, but this
   is generally easy to analyze for the end-user.  Security and privacy
   expectations of the end-user could be made more clear to the user (or
   improved) which would result in a more secure and/or private
   excercise or the right to freedom of assembly or association.

6.2.  Peer-to-peer networks and systems

   At the organizational level, peer production is one of the most
   relevant innovations from Internet mediated social practices.
   According to [Benkler], it implies 'open collaborative innovation and
   creation, performed by diverse, decentralized groups organized
   principally by neither price signals nor organizational hierarchy,
   harnessing heterogeneous motivations, and governed and managed based
   on principles other than the residual authority of ownership
   implemented through contract.'  [Benkler].

   In his book The Wealth of Networks, Benkler significantly expands on
   his definition of commons-based peer production.  According to
   Benkler, what distinguishes commons-based production is that it
   doesn't rely upon or propagate proprietary knowledge: "The inputs and
   outputs of the process are shared, freely or conditionally, in an
   institutional form that leaves them equally available for all to use
   as they choose at their individual discretion."  [Benkler] To ensure
   that the knowledge generated is available for free use, commons-based
   projects are often shared under an open license.

6.2.1.  Peer-to-peer system achitectures

   Peer-to-peer (P2P) is esentially a model of how people interact in
   real life because "we deal directly with one another whenever we wish
   to" [Vu].  Usually if we need something we ask our peers, who in turn
   refer us to other peers.  In this sense, the ideal definition of P2P

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 8]

Internet-Draft                     FoA                      October 2017

   is that "nodes are able to directly exchange resources and services
   between themselves without the need for centralized servers" and
   where each participating node typically acts both as a server and as
   a client [Vu].  In RFC 5694 P2P has been defined as peers or nodes
   that should be able to communicate directly between themselves
   without passing intermediaries, and that the system should be self-
   organizing and have decentralized control [RFC5694].  With this in
   mind, the ultimate model of P2P is a completely decentralized system,
   which is more resistant to speech regulation, immune to single points
   of failure and have a higher performance and scalability.
   Nonetheless, in practice some P2P systems are supported by
   centralized servers and some others have hybrid models where nodes
   are organized into two layers: the upper tier servers and the lower
   tier common nodes [Vu].

   Since the ARPANET project, the original idea behind the Internet was
   conceived as what we would now call a peer-to-peer system [RFC0001].
   Over time it has increasingly shifted towards a client/server model
   with "millions of consumer clients communicating with a relatively
   priviledged set of servers" [NelsonHedlun].  Whether for resource
   sharing or data sharing, P2P systems are a form of enabling freedom
   of assembly and association.  Not only they allow for effective
   dissemination of information, but they also because leverage
   computing resources by diminishing costs allowing for the formation
   of open collectives at the network level.  At the same time, in
   completely descentralized systems the nodes are autonomous and can
   join or leave the network as they want also makes the system
   unpredicable: a resource might be only sometimes available, and some
   others it might be missing or incomplete [Vu].  Lack of information
   might in turn make association or assembly more difficult.

   Additionally, when one architecturally asseses the role of P2P
   systems on can say that: "The main advantage of centralized P2P
   systems is that they are able to provide a quick and reliable
   resource locating.  Their limitation, however, is that the
   scalability of the systems is affected by the use of servers.  While
   decentralized P2P systems are better than centralized P2P systems in
   this aspect, they require a longer time in resource locating.  As a
   result, hybrid P2P systems have been introduced to take ad- vantages
   of both centralized and decentralized architectures.  Basically, to
   maintain the scalability, similar to decentralized P2P systems, there
   are no servers in hybrid P2P systems.  However, peer nodes that are
   more powerful than others can be se- lected to act as servers to
   serve others.  These nodes are often called super peers.  In this
   way, resource locating can be done by both decentralized search
   techniques and centralized search techniques (asking super peers),
   and hence the systems benefit from the search techniques of
   centralized P2P systems."  [Vu]

ten Oever & Perez de AchaExpires April 16, 2018                 [Page 9]

Internet-Draft                     FoA                      October 2017

6.2.2.  Version control

   Ever since developers needed to collaboratively write, maintain and
   discuss large code basis for the Internet there have been different
   approaches of doing so.  One approach is discussing code through
   mailing lists, but this has proven to be hard in case of maintaining
   the most recent versions.  There are many different versions and
   characteristics of version control systems.

   A version control system is a piece of software that enables
   developers on a software team to work together and also archive a
   complete history of their work [Sink].  This allows teams to be
   working simultaneously on updated.  According to Sink, broadly
   speaking, the history of version control tools can be dividied into
   three generations.  In the first one, concurrent development meant
   that only one person could be working on a file at a time.  The
   second generation tools permit simultaneous modifications as long as
   users merge the current revisions into their work before they are
   allowed to commit.  The hird generation tools allow merge and commit
   to be separated [Sink].

   Interestingly no version control system has ever been standardized in
   the IETF whereas the version control systems like Subversion and Git
   have are widely used within the community, as well as by working
   groups.  There has been a spirited discussion on whether working
   groups should use centralized forms of the Git protocol, such as
   those offered by Gitlab or Github.  Proponents argue that this
   simplifies the workflow and allows for a more transparent workflow.
   Opponents argue that the relience on a centralized service which is
   not merely using the Git protocol, but also used non-standardize
   options like an Issue-Tracker, makes the process less transparent and
   reliant on a third party.

   The IETF has not made a decision on the use of centralized instances
   of git, such as Github or Gitlab.  There have been two efforts to
   standardize the workflow vis a vis these third party services, but
   these haven't come to fruition:

6.3.  Reaching out

   In meatspace, handing out pamphlets and reaching out to unknown
   people is the most common way for growing a cause and seeking
   collective support.  The characteristics of the Internet
   infrastructure and online space make reaching out more difficult.

ten Oever & Perez de AchaExpires April 16, 2018                [Page 10]

Internet-Draft                     FoA                      October 2017

6.3.1.  Spam, filter bubbles, and unrequested messaging

   In the 1990s as the internet became more and more commercial, spam
   came to be defined as irrelevant or unsolicited messages that were
   porsted many times to multiple news groups or mailing lists [Marcus].
   Here the question of consent is crucial.  In the 2000s a large part
   of the discussion revolved around the fact that certain corporations
   -protected by the right to freedom of association- considered spam to
   be a form of "comercial speech", thus encompassed by free expression
   rights [Marcus].  Nonetheless, if we consider that the rights to
   assembly and association also mean that "no one may be compelled to
   belong to an association" [UDHR], spam infringes both rights if an
   op-out mechanism is not provided and people are obliged to receive
   unwanted information, or be reached by people they do not know.

   This leaves us with an interesting case: spam is currently handled
   mostly by mailproviders on behalf of the user, next to that countries
   are increasingly adopting opt-in regimes for mailinglists and
   commercial e-mail, with a possibility of serious fines in case of

   While this protects the user from being confronted with unwanted
   messages, it also makes it legally and technically very difficult to
   communicate a message to someone who did not explicitly ask for this.
   In public offline spaces we regularly get exposed to flyers,
   invitations or demonstrations where our opinions get challenged, or
   we are invited to consider different viewpoints.  There is no
   equivalent on the Internet with the technical and legal regime that
   currently operates in it.  In other words, it is nearly impossible to
   provide information, in a proportionate manner, that someone is not
   explicility expecting or asking for.  This reinforces a concept that
   is regularly discussed on the application level, called 'filter
   bubble': "The proponents of personalization offer a vision of a
   custom-tailored world, every facet of which fits us perfectly.  It's
   a cozy place, populated by our favorite people and things and ideas."
   [Pariser].  "The filter bubble's costs are both personal and
   cultural.  There are direct consequences for those of us who use
   personalized filters.  And then there are societal consequences,
   which emerge when masses of people begin to live a filter bubbled-
   life (...).  Left to their own devices, personalization filters serve
   up a kind of invisible autopropaganda, indoctrinating us with our own
   ideas, amplifying our desire for things that are familiar and leaving
   us oblivious to the dangers lurking in the dark territory of the
   uknown."  [Pariser].

   It seems that the 'filter bubble'-effect can also be observed at the
   infrastructure level, which actually strenghtens the impact and thus
   hampers the effect of collective expression.  This could be

ten Oever & Perez de AchaExpires April 16, 2018                [Page 11]

Internet-Draft                     FoA                      October 2017

   interpretated as an argument for the injection of unrequested
   messages, spam or other unrequested notifications.  But the big
   difference between the proliferation of such messages offline and
   online is the investment that is needed.  It is not hard for a single
   person to message a lot of people, whereas if that person needed to
   go house by house the scale and impact of their actions would be much
   smaller.  Inversely if it were a common practice to expose people to
   unwanted messages online, users would be drowned in such messages,
   and no expression would be possible anymore.  Allowing illimited
   sending of unsolicited messages would be a blow against freedom of
   speech: when everyone talks, nobody listens.

   Here the argument is very similar to DDoS attacks: whereas one could
   argue for legitimate uses in limited specific cases, these would be
   drowned out by a malicious use which constitutes an attack on the
   internet infrastructure and thus the assembly or association itself.

6.3.2.  Distributed Denial of Service Attacks

   One of the most common examples of an association at the
   infrastructure level are the Distributed Denial of Service Attacks
   (DDoS) in which the infrastructure of the Internet is used to express
   discontent with a specific cause [Abibil] [GreenMovement].
   Unfortunately DDoS are often used to stifle freedom of expression as
   they complicate the ability of independent media and human rights
   organizations to exercise their right to (online) freedom of
   association, while facilitating the ability of governments to censor
   dissent.  This is one of the reasons protocols should seek to
   mitigate DDoS attacks [BCP72].

   As described in draft-irtf-hrpc-research: "Uses of DDoS might or
   might not be legitimate for political reasons, but the IETF has no
   means or methods to assess this, and in general enabling DDoS would
   mean a deterioration of the network and thus freedom of expression".
   This is argued from the vector of freedom of expression, but if we
   would analyze it from the perspective of freedom of association the
   argument could be as follows: If the Internet is an association, any
   attack should be prevented and mitigated because it prevents the
   possibility of exercising a right to collective expression, which is
   consistent with [BCP72].  More will be said on this topic in the last
   section of the present text.

   On the other hand, it must be taken into consideration that DDoS
   attacks are a form of forced assembly when done without the agreement
   -or even knowledge- of the involved parts.  This point was also
   described in draft-irtf-hrpc-research: "When it comes to comparing
   DDoS attacks to protests in offline life, it is important to remember
   that only a limited number of DDoS attacks involved solely willing

ten Oever & Perez de AchaExpires April 16, 2018                [Page 12]

Internet-Draft                     FoA                      October 2017

   participants.  In most cases, the clients are hacked computers of
   unrelated parties that have not consented to being part of a DDoS
   (for exceptions see Operation Abibil [Abibil] or the Iranian Green
   Movement DDoS [GreenMovement]).

6.4.  Grouping together (identities)

   Collective identities are also protected by freedom of association
   and assembly.  Acording to Melucci these are 'shared definitions
   produced by several interacting individuals who are concerned with
   the orientation of their action as well as the field of opportunities
   and constraints in which their action takes place.'  [Melucci] In
   this sense, assemblies and associations are an important base in the
   maintenance and development of culture, as well as preservation of
   minority identities [OSCE].

6.4.1.  DNS

   Domain names allow hosts to be identified by human parsable
   information.  Whereas an IP address might not be the expression of an
   identity, a domain name can be, and often is.  On the other hand the
   grouping of a certain identity under a specific domain or even a Top
   Level Domain brings about risks because connecting an identity to a
   hierarchically structured identifier systems creates a central attack
   surface.  Some of these risks are the surveillance of the services
   running on the domain, domain based censorship [RFC7754], or
   impersonation of the domain through DNS cache poisoning.  Several
   technologies have been developed in the IETF to mitigated these risks
   such as DNS over TLS [RFC7858], DNSSEC [RFC4033], and TLS [RFC5246].
   These mitigations would, when implemented, not make censorship
   impossible, but rather make it visible.  The use of a centralized
   authority always makes censorship through a registry or registrar
   possible, as well as by using a fake resolver or using proposed
   standards such as DNS Response Policy Zones [RPZ].

   The structuring of DNS as a hierarchical authority structure also
   brings about specific characteristic, namely the possibility of
   centralized policy making on the management and operation of domain
   names, which is what (in part) happens at ICANN.  The impact of ICANN
   processes on human rights will not be discussed here.

6.4.2.  ASes

   In order for edge-users to connect to the Internet, a user needs to
   be connected to an Automous System (AS) which, in turn, has peering
   or transit relations with other AS'es.  This means that in the
   process of accessing the Internet the edge-user needs to accept the
   policies and practices of the intermediary that provides them access

ten Oever & Perez de AchaExpires April 16, 2018                [Page 13]

Internet-Draft                     FoA                      October 2017

   to the other networks.  In other words, for users to be able to join
   the 'network of networks', they always need to connect through an

   While accessing the Internet through an intermediary, the user is
   forced to accept the policies, practices and principles of a network.
   This could impede the rights of the edge-user, depending on the
   implemented policies and practices on the network and how (if at all)
   they are communicated to them.  For example: filtering, blocking,
   extensive logging or other invasive practices that are not clearly
   communicated to the user.

   In some cases it also means that there is no other way for the edge-
   user to connect to the network of networks, and is thus forced into
   accepting the policies of a specific network, because it is not
   trivial for an edge-user to operate an AS and engage in peering
   relation with other ASes.  This design, combined with the increased
   importance of the Internet to make use of basic services, forces
   edge-user to engage in association with a specific network eventhough
   the user does not consent with the policies of the network.

7.  Discussion: The Internet as an association

   It is undeniable that communities, collaboration and joint action lie
   at the heart of the Internet.  Even at at linguistical level, the
   words "networks" and "associations" are close synonyms.  Both
   interconnected groups and assemblies of people depend on "links" and
   "relationships" [Swire].  Taking this definition and the previous
   analysis into consideration, we argue that the Internet constitutes a
   an assembly and an association.  What are the implications of this?
   Does it mean that every network is an assembly and has absolute
   freedom to implement its own rules?  Or does the importance of a
   functioning 'larger' assembly (the Internet) has prevails over the
   preferences of the smaller ones (individual AS'es)?  The demands that
   have been set for ASes is very limited and are based on routing
   principles: an AS must be used for exchanging external routing
   information with other ASes through BGP, should therefore use BGP and
   IP and have a routing policy [RFC1930].  So in order to be able to
   connect to the Internet as an AS, which means to engage in peering or
   transit relations, there are basic rules one needs to adhere to.  But
   theses rules do not say anything on how the AS will or should treat
   traffic on its network.  In this regard, we must take into
   consideration that even things that are private, need to live up to
   standards because they have public consequences.  If we take the
   example of ASes, we could say they are private infrastructure
   (therefore souvereign with the ability to set their own policies),
   but jointly they form a type of public infrastructure, from the
   moment the receive an Autonomous Systems Number.

ten Oever & Perez de AchaExpires April 16, 2018                [Page 14]

Internet-Draft                     FoA                      October 2017

   The Internet is made of up interconnected ASes (one would argue that
   this doesn't include IXPs, but most modern IXPs will have an ASN for
   their route server (and possibly a separate ASN for their management
   infrastructure), which jointly form an assembly and an association.
   This assembly and association should be protected.  This means that
   rights and obligations that sterm from this organizational form,
   should also be protected and respected.

8.  Conclusions

   The Internet has an impact on the ability for people to excercise
   their right to freedom of association and assembly.  The Internet,
   since its inception has enabled people to jointly communicate,
   collaborate and collaborate.  The same could also be argued with
   relation to freedom of expression, some have argued that the text in
   article 19 of the [UDHR] reads like a description of the Internet:

   [the] freedom to hold opinions without interference and to seek,
   receive and impart information and ideas through any media and
   regardless of frontiers.  [UDHR]

   The difference between freedom of expression and freedom of
   association and assembly is that the Internet itself takes the form
   on an association and assembly; it reproduces its features of
   collaboration.  Recognizing this is a crucial step in determining
   architectural features of the Internet and its usage.

9.  Security Considerations

   As this draft concerns a research document, there are no security

10.  IANA Considerations

   This document has no actions for IANA.

11.  Research Group Information

   The discussion list for the IRTF Human Rights Protocol Considerations
   Research Group is located at the e-mail address [1].
   Information on the group and information on how to subscribe to the
   list is at

   Archives of the list can be found at:

ten Oever & Perez de AchaExpires April 16, 2018                [Page 15]

Internet-Draft                     FoA                      October 2017

12.  References

12.1.  Informative References

   [Abbate]   Janet Abbate, ., "Inventing the Internet", Cambridge: MIT
              Press (2013): 11. , 2013, <

   [Abibil]   Danchev, D., "Dissecting 'Operation Ababil' - an OSINT
              Analysis", 2012, <

              Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists:
              Why Are They Still Here, What's Wrong With Them, and How
              Can We Fix Them?", Mit. edu (2017): 1. , 2017,

              Anderson, C. and C. Guarnieri, "Fictitious Profiles and
              WebRTC's Privacy Leaks Used to Identify Iranian
              Activists", 2016,

   [APC]      Association for Progressive Communications and . Gayathry
              Venkiteswaran, "Freedom of assembly and association online
              in India, Malaysia and Pakistan. Trends, challenges and
              recommendations.", 2016,

              ARTICLE 19, "The Right to Protest Principles: Background
              Paper", 2016,
              Protest-Background-paper-Final-April-2016.pdf page 7>.

   [BCP72]    IETF, "Guidelines for Writing RFC Text on Security
              Considerations", 2003, <

   [Benkler]  Benkler, Y., "Peer Production and Cooperation", 2009,

ten Oever & Perez de AchaExpires April 16, 2018                [Page 16]

Internet-Draft                     FoA                      October 2017

              Crawford, D., "The WebRTC VPN "Bug" and How to Fix", 2015,

              Villeneuve, N., "Iran DDoS", 2009,

              Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late.
              The Origins of the Internet", First Touchstone Edition
              (1998): 93. , 1998, <>.

              Hussain, M. and P. Howard, "What Best Explains Successful
              Protest Cascades? ICTs and the Fuzzy Causes of the Arab
              Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013,

   [ICCPR]    United Nations General Assembly, "International Covenant
              on Civil and Political Rights", 1966,

   [Marcus]   Marcus, J., "Commercial Speech on the Internet: Spam and
              the first amendment", 1998, <

   [Melucci]  Melucci, A., "The Process of Collective Identity", Temple
              University Press, Philadelphia , 1995.

              Minar, N. and M. Hedlun, "A Network of Peers: Models
              Through the History of the Internet", Peer to Peer:
              Harnessing the Power of Disruptive Technologies, ed: Andy
              Oram , 2001, <

   [OSCE]     OSCE Office for Democratic Institutions and Human Rights,
              "Guidelines on Freedom of Peaceful Assembly", page 24 ,
              2010, <>.

   [Pariser]  Pariser, E., "The Filter Bubble: How the New Personalized
              Web Is Changing What We Read and How We Think", Peguin
              Books, London. , 2012.

ten Oever & Perez de AchaExpires April 16, 2018                [Page 17]

Internet-Draft                     FoA                      October 2017

   [Pensado]  Jaime Pensado, ., "Student Activism. Utopian Dreams.",
              ReVista. Harvard Review of Latin America (2012). , 2012,

   [RFC0001]  Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001,
              April 1969, <>.

   [RFC0155]  North, J., "ARPA Network mailing lists", RFC 155,
              DOI 10.17487/RFC0155, May 1971, <https://www.rfc-

   [RFC1211]  Westine, A. and J. Postel, "Problems with the maintenance
              of large mailing lists", RFC 1211, DOI 10.17487/RFC1211,
              March 1991, <>.

   [RFC1287]  Clark, D., Chapin, L., Cerf, V., Braden, R., and R. Hobby,
              "Towards the Future Internet Architecture", RFC 1287,
              DOI 10.17487/RFC1287, December 1991, <https://www.rfc-

   [RFC1930]  Hawkinson, J. and T. Bates, "Guidelines for creation,
              selection, and registration of an Autonomous System (AS)",
              BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996,

   [RFC1958]  Carpenter, B., Ed., "Architectural Principles of the
              Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996,

   [RFC3233]  Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58,
              RFC 3233, DOI 10.17487/RFC3233, February 2002,

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements",
              RFC 4033, DOI 10.17487/RFC4033, March 2005,

   [RFC4084]  Klensin, J., "Terminology for Describing Internet
              Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084,
              May 2005, <>.

   [RFC4880]  Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
              Thayer, "OpenPGP Message Format", RFC 4880,
              DOI 10.17487/RFC4880, November 2007, <https://www.rfc-

ten Oever & Perez de AchaExpires April 16, 2018                [Page 18]

Internet-Draft                     FoA                      October 2017

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
              FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246,
              DOI 10.17487/RFC5246, August 2008, <https://www.rfc-

   [RFC5694]  Camarillo, G., Ed. and IAB, "Peer-to-Peer (P2P)
              Architecture: Definition, Taxonomies, Examples, and
              Applicability", RFC 5694, DOI 10.17487/RFC5694, November
              2009, <>.

   [RFC5751]  Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
              Mail Extensions (S/MIME) Version 3.2 Message
              Specification", RFC 5751, DOI 10.17487/RFC5751, January
              2010, <>.

   [RFC6176]  Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer
              (SSL) Version 2.0", RFC 6176, DOI 10.17487/RFC6176, March
              2011, <>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013, <https://www.rfc-

   [RFC7118]  Baz Castillo, I., Millan Villegas, J., and V. Pascual,
              "The WebSocket Protocol as a Transport for the Session
              Initiation Protocol (SIP)", RFC 7118,
              DOI 10.17487/RFC7118, January 2014, <https://www.rfc-

   [RFC7754]  Barnes, R., Cooper, A., Kolkman, O., Thaler, D., and E.
              Nordmark, "Technical Considerations for Internet Service
              Blocking and Filtering", RFC 7754, DOI 10.17487/RFC7754,
              March 2016, <>.

   [RFC7858]  Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
              and P. Hoffman, "Specification for DNS over Transport
              Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
              2016, <>.

   [RPZ]      Vixie, P. and V. Schyver, "DNS Response Policy Zones
              (RPZ)", 2017, <

ten Oever & Perez de AchaExpires April 16, 2018                [Page 19]

Internet-Draft                     FoA                      October 2017

              Nadir, "Schleuder - A gpg-enabled mailinglist with
              remailing-capabilities.", 2017,

   [Sink]     Sink, E., "Version Control by Example", 2011,

   [Star]     Star, S., "The Ethnography of Infrastructure", American
              Behavioral Scientist, Volume 43 (3), 377-391. , 1999,

   [Swire]    Peter Swire, ., "Social Networks, Privacy, and Freedom of
              Association: Data Empowerment vs. Data Protection", North
              Carolina Law Review (2012) 90 (1): 104. , 2012,
              < or

              de Tocqueville, A., "Democracy in America", n.d., <http://
              democracy_in_america_vol_2.pdf p. 304>.

   [UDHR]     United Nations General Assembly, "The Universal
              Declaration of Human Rights", 1948,

   [UNGA]     Hina Jilani, ., "Human rights defenders", A/59/401 , 2004,
              view_doc.asp?symbol=A/59/401 para. 46>.

   [UNHRC]    Maina Kiai, ., "Report of the Special Rapporteur on the
              rights to freedom of peaceful assembly and of
              association", A/HRC/20/27 , 2012,

   [Vu]       Vu, Quang Hieu, ., Lupu, Mihai, ., and . Ooi, Beng Chin,
              "Peer-to-Peer Computing: Principles and Applications",
              2010, <>.

12.2.  URIs


ten Oever & Perez de AchaExpires April 16, 2018                [Page 20]

Internet-Draft                     FoA                      October 2017

Authors' Addresses

   Niels ten Oever


   Gisela Perez de Acha
   Derechos Digitales


ten Oever & Perez de AchaExpires April 16, 2018                [Page 21]