HRPC at IETF 114

Mallory: part of IRTF, not developing standards, but are writing
documents, typically informational RFCs. here to promote research in
this area of human rights and protocols. collaborate with research
institutions.

chartered to look at ways that the UDHR overlaps with standards
development of the Internet.

privacy is a human right, but there's also a rg dedicated to that topic:
pearg

we work in larger internet governance space, often outside of the IETF,
which brings important perspective to the work in ietf/irtf.

• drafts, academic papers, short film, data analysis/visualization
• reviews of human rights impacts of other protocols

work to date includes: short film, chartered group, RFC 8280

current work:

• guidelines for protocol designers, checklist/guidance to make it
  easier to apply 8280
• freedom of association, current draft under development

Computing Within Limits

Barath: a weird talk, reflecting on what brought me to thinking about
these questions.

traditional networking background (congestion control, routing, privacy
and security), not focused on sustainability. and now a third of my
research is on sustainability topics like agriculture and urban
planning.

"limits to growth" classic study, had been ignored or discounted by
misunderstandings. but there are core ecological limits of the world we
live in. how do those feedback loops interact with
ecological/economic/policy?

how do those limits manifest for computing? what are the impacts to
computing of limits? and what are the positive and negative
contributions that computing will make to those limits?

how do we use energy? because computing inherently uses significant
energy. some natural places to start, including personal footprints and
the energy usage for flying, food, housing, etc. in general, we should
be targeting a 2000W lifestyle, for sustainable and equitable energy
use.

where do we get energy from? often from oil, for reasons about ease of
transport and density of energy. fossil fuels depleting -- non-renewable
and finite, in addition to climate change, and have geopolitical
impacts.

can computing be made more efficient? can computing make society more
efficient?

climate change: different impacts at different degrees celsius. not much
chance to stay below dangerous levels of climate change, but still
differences between dangerous and extremely dangerous.

we can change behavior and use less energy; and we can change sources
and find more energy.

Tom Murphy, Do the Math, Energy and Human Ambition on a Finite Planet.
first principle deep dive on energy options, different criteria that we
care about. we use fossil fuels because they are very easy when
excluding the externalities of climate change.

why haven't we gotten alternative energy sources? it's happening, but
slowly. how fast would you have to build the physical infrastructure to
move to a new more sustainable mix by 2035 e.g.? industry does not
currently have capacity, often only half even in optimistic estimates.
need a crash program to cut energy use, which even then would fall short
of our goals.

Limits to Growth: under baseline, likely to lead to a resource crisis,
industrial and economic output likely to falter, maybe around the 2020s.
but if more energy resources are discovered, likely to have a delayed
economic crisis, but instead have a pollution crisis which leads to an
ecosystem crash and a sharp decline in food, life expectancy, human
welfare.

what do we do about this as individuals, computer scientists, networking
experts?

sustainable computing: how do we make computing itself sustainable, use
fewer resources, less waste, design for reuse and repair

computing for sustainability: use computing to make other things in
daily life more sustainable. in Barath's mind, this is much more
important than sustainable computing: 95% to 5%.

rough calculation of what energy the Internet uses, in operating and
building the devices. global estimate is 600 GW. efficiency has gone up
in the past ten years. computing still a small piece, compared to
agriculture, transportation, power generation, manufacturing.

don't bring just an optimization mindset. many sectors want computer
scientists and machine learning models, to optimize broken systems and
make them slightly more efficient.

in agriculture, can we find alternatives to monoculture and industrial
agriculture? rather than just slightly improving efficiency and more
entrenching irrigation, etc. use state-space planning/search problem.

power generation: microgrids and planning of renewable energy use.

at increasingly higher levels:

• consumption, production, finance and governance.
• culture, perspective, flexibility and wisdom.

"all people and institutions play their role"

Lars: IAB looking into a workshop on environmental footprint of Internet
applications and services. hope you can find people interested in that.

Niels: given interconnection of industry and government, how does that
affect what they all should do?

Barath: at the individual level, use network-style systems thinking
applied to other contexts. ecologists may be the most system-thinking in
scientists, but have often been ignored to our detriment. those who want
to change how agriculture works, they have gotten limited attention.

at the institutional level, IETF has a mandate closer to the Internet.
renewable energy use of datacenters: large companies have had messaging
about that, but important details are left out. purchasing energy for
offsets, but you might be buying use

Lars (in chat): Eve schooler and noa zilberman gave a talk at hotcarbon
a few weeks ago, and want to bring some effort on relevant metrics and
standards to ietf/irtf
https://hotcarbon.org/pdf/hotcarbon22-zilberman.pdf

Nick: emergency need to work on all things, rather than just the largest
contributions. 600GW might still be a lot. and could metrics help with
efficiency of computing but also other things that are making use of
computing?

Barath: incentives already relatively well lined up for operational
energy usage to move towards renewable energy. but in agriculture, there
is enormous low-hanging fruit.

embodied energy, manufacturing cost is a very large fraction, maybe
half. so keeping hardware running longer in a way that's still useful,
and hopefully only when renewable power available.

Adrian: things that only culture can really change.
Barath: where does IETF have leverage, where its voice changes things
outside of the IETF? influence on networking world, and some on
computing, but even less when it's further. but in providing critical
infrastructure, IETF might be listened to. climate disasters will lead
to internet outages, including planning for resilience, which will also
relie on local renewable energy.

Tom Hill: IoT likely to play a huge role in efficiency of agriculture.
large changes in energy usage -- war in another country, Elon Musk
tweets about things. hard to compete with exogeneous lunatic actions by
powerful others. worth looking at blockchain energy usage, research on
that subject. many of us traveled to this event on planes, should be
honest with ourselves about whether that's appropriate. should we be a
more positive example? what are big things we can do to grab more
attention?

Barath: scale of problem and voices are immense/beyond what ietf can do.
but a small group of people keep the Internet running -- sometimes not
being in headlines can be an advantage. standards for datacenters,
climate-resilient networking could be a long-term infrastructure change
that affects energy infrastructure and so on.

Mallory: trade-offs in this work, where solutions have effects in other
areas. similar to the human rights space which is often having a
conversation about trade-offs, about prioritizing certain principles
over others. principled approach to trading off principles when they
come into conflict.

hopeful we have future work here.

Understanding and responding to tech abuse

Lana Ramjit

academic background in database, but also a volunteer in survivor
advocacy, and with RAINN

tech abuse: ways in which abuser can use tech to harass

Tech abused is invisible to law enforcement. Insidious for survivors.
Computer security has a notion of attacker that are not in proximity,
which is not the case on IPV: this is an attacker that has intimate
knowledge of the partner.
Lots of problems with passwords and recovery mechanisms in the IPV case.

The attacker is not always someone that is in a romantic relatioship
with the survivor, but it could rather be a close family member or
someone that has close access.

A clinic to end Tech Abuse: https://www.ceta.tech.cornell.edu/
Some takeaways from the clinic:

• Taxonomy: Account + device compromise, ownership-based attacks,
  exposure of private information, harrasment, technology-assited
  technology (monitor through this technology).

The taxonomy is useful; attacker, though, use a combination of all of
them.

Spyware: not a common practice; but "dual-use" apps are common (like
FindMyPhone).
Tech-abuse is not sophisticated, it is usually a "pedestrian" way.

To respond to this abuse: who has access to devices/account, what is
visible to an abuser (in order to prevent escalation to abuse), know
about cascading attacks.

Things to think about:

• include these cases in the desing, threath model process. Include
  cross-platform notification (create standard for this).
• account recovery
• take back ownership of their data -> friendly safety checks lists or
  friendly log-in tables\

Tom Hill: Rights of minors -> sharing it with them. Has there been any
engagement with device manufactors?
Lana: They seem to be aware but there is no pressure of making the
change.

Shivan: user agents have historically considered an attacker with access
to the local device as "game over", but maybe we could, for example,
fuzz alternative browsing history on the local device

Sofia: if law enforcement does not believe current evidence, does adding
more data necessarily help them?
Lana: clinic often serves as technical experts, to bring more authority;
law enforcement more likely to listen to the clinic/tech expert than
they do to the survivor or a social worker. can use special vantage
point as technologist to encourage people to listen. and we can educate
law enforcement on the problem.

draft-guidelines

current progress on review of draft-guidelines?

Colin: comments raised have included:
1) UDHR, but not to how those have been reflected in particular national
guidance, which made the discussion very abstract and recommendations
very abstract as well. would benefit from more concrete examples of how
those rights are reflected in particular regions and problems that have
come up, and a concrete application to technology. would make it more
relatable to engineers.
Niels: new version in response to that concern
[unclear on latest version or what is included]
Niels: examples are in 8280, but also a longer examples section. more
about human rights, rather than particular local laws.

Mallory: list discussion. having something mapped to local laws might be
very interesting to protocol developers. but that would be a separate
document to collect all the local laws?
distill what the literature says and apply to Internet architecture: but
this would likely be a separate document.
Niels: Sandra interested, but different document.

Colin: technical recommendations lack nuance/depth, hard to relate the
specific technical issue to the human right, in a way that an engineer
writing a spec could understand and resolve. seems related to level of
abstraction of the human right.

Niels: surprised, thought authors had already responded. Colin: thought
it had been discussed at the last two meetings. Niels: authors come from
different backgrounds, and have done human rights reviews in the IETF,
and includes particular examples in each case. Colin: not that there's
no examples, just that concrete examples would make it easier to
understand. can re-send feedback if helpful. or happy to have a
high-bandwidth call later.
Mallory: also surprised, would want to join that call. as chair, didn't
realize there were pending changes.

Adrian: interested in right to delegation/representation as a human
right. not specifically in UN declaration, but a part of free
association. need a more sophisticated understanding of privacy and how
it includes delegation.

draft-association

Niels: relationship between a particular human right (free association)
and Internet protocols.

super thorough review by doc shepherd (Nick Doty)

sub-questions are answered by case studies with IETF protocols.

copy-editing/nits/adding references

document structure: should they be organized by issues, or by protocols?

title change to be clearer

reviews always welcome

shepherd to re-review and write-up
nick: understand having the structure issue by issue, even if it
re-raises the same protocol. might have some wording differences just to
make it less confusing to readers like me.
mallory: could also say more on some of those.
niels: in latest version expanding the examples and making them more
precise to answering the questions in the section.

title change seems uncontroversial.

aob

new areas of work? RG open to new work.

special thanks to the speakers.