hrpc, ietf 115

11 November 2022

Welcome and introduction (5 minutes)

Scribe, Note takers : Nick Doty, Adrian Farrel
Agenda Review
Research Group status

Mallory Knodel: invited talks, drafts, and prepared other business,
draft from Sofia for an update as well

Chartered to research how protocols strengthen and threaten human
rights; UN Declaration of Human Rights. Chartered in 2015, and a video
overview is available.

Primarily worked on freedom of expression and association; separate RG
on privacy as a human right

Published RFC 8280 on research into human rights protocol
considerations, and working on a follow-up guidelines doc

23 meetings and 50 invited talks on a variety of topics

Update: Tara Tarakiyee (10 minutes)

"#FreeAlaa"

Tara: Alaa, in his own words, an open source developer, writer,
activist, and a symbol of the Egyptian revolution, and a colleague,
friend and family member. prisoner of conscience.

He has been imprisoned unfairly on trumped up charges. Alaa's crime was
sharing a social media post about prisoners dying. tried under martial
court. but imprisoned primarily for being an advocate for justice, as a
way to discourage others for standing up.

Alaa went on a limited calorie strike, full hunger strike at the
beginning of the COP27 event this week. Alaa has exposed the tyranny and
injustice of the thousands in prison. highlighted the timidity of others
refusing to take action. highlighted the importance of human rights as a
point of human progress.

Have not heard news since beginning hunger strike. has not received
access to lawyers or consular (as a UK citizen). rumor of being force
fed, a form of torture.

No specific call to action. Look at #FreeAlaa hashtag on Twitter.
Celebrate Alaa by sharing some of his words, very passionate for both
technology and human rights.

Alaa supportive of information technology, but skeptical of the
transformative impact for many, or propagandistic narratives.
Luddites were defeated, but followed by working class activists
fighting the harms of technologies and working to shift them to helping
more people

Excerpt from The birth of a Brave New World: Uber versus the Luddites

Tara: talk to people, let them know what's happening with the case. we
want to know what's happening with our friend and colleague, and for him
to get out safely. You have not yet been defeated.

Talk: Dmitri Vitaliev, eQualitie (30 minutes)

"In defence of freedom of expression and association online"

Dmitri: (remember working with Alaa on digital self-protection guide and
Arabic translation)

eQualitie, equalize the playing field between victims and powerful
corporations and governments. web security, censorship resistance,
capacity building. all tools open source, available on github.

Deflect; Ceno; emergency communications when Internet access is
difficult

Deflect project to protect independent media from cyberattacks: both
typical and more coordinated/massive from state adversaries. Deflect
network provides protection, performance (reverse proxy cache network
with locations around the world), defined by principles (don't work with
some clients; abuse complaints and a process), philanthropic service
(profits from commercial service go to supporting the service for civil
society)

Deflect: DNS puts requests into the network, requests distributed to
data centers. secure hosting, machine learning of bot detection. open
source, encourage other parties to stand up their own. it's free,
representing many years of work. 75M unique IPs served per year.

Prevent layer 7 attacks, but also legal attacks, like invalid DMCA
takedown requests which can work if you don't have partners or help.

Training a model (Baskerville) to differentiate between legitimate and
malicious requests. Private by design system, not communicating PII
across the network. Open source, ships with a default model, or can send
reports to the clearinghouse. Anomalies above a particular threshold
results in a captcha-style challenge.

Honeypot for a lot of the malicious activity happening on the Web today.

Bringing down a website is another form of censorship, destroy the
resource so that others can't access it.

Filtering, censorship and network shutdowns

Ukraine map/network: many occupied territories have been re-routed
through Russian Internet, therefore behind Russian network surveillance
and censorship.

Internet shutdown scenario 1: disconnection of very popular services,
where the state blocks down the IP space of those providers / cloud
providers / vpns.

CENO Browser: doesn't rely on a single proxy. Use Bittorrent for routing
and distributed storage. Fetch a particular resource, and distribute it
to Bittorrent hash table, regularly updated to allow dynamic activity.

Every user becomes an active node, so if you connect with your phone in
an open network, you help others who are facing censorship in their home
networks. Your IP is not part of a large corporate IP space, so less
likely to be blocked by the state. "cooperative browsing".

Decentralized caching, the next person who opens that page in the same
country doesn't have to leave the country's network to access it.
Because frequently-requested content is often important, many can access
it in the country after only a couple external accesses.

Internet shutdown scenario 2: total disconnection of external
connectivity, disconnecting the cable/connection altogether. no
connectivity means no proxy can help if it's located physically outside
the region. decentralized protocols being used for this, providing the
functionality within the geographic network. opportunities to regain, by
bringing servers closer to users or not relying on servers. e.g. Matrix
protocol.

dComms: project stood up in Ukraine in early March, after invasion.
providing guides and resources via ISPs that still had hosting
capability, including in occupied territories. Matrix chat rooms with
Element interface; public and private chat rooms. Mastodon decentralized
microblogging. Delta Chat server, chat using SMTP and PGP. Briar, uses
Tor network primarily but also Bluetooth mesh in the absence of Internet
connectivity. Offline downloads of software including Ceno browser.

Ouinet: system for distributed hash table caching. Android SDK
available. Ceno application uses this, but could apply to other
protocols.

OuiCrawl: pre-emptively crawl web resources (Wikipedia, The Guardian,
etc.) to pre-emptively web record and insert it into the distributed
network, for resources essential to those in censored networks.

Transport to bring scraped packages into the censored network, including
satellite networks where available and not dangerous because of
geolocation. Putting IP over TV satellite broadcasts for 1-way
communications. Covert channel to deliver data into a country with many
TV satellite dishes.

Trying to crowdsource which web resources people want to have in their
network, scraping those resources as web cache, delivering them inside
the censored zone. Only need a few nodes to receive it externally, can
then be connected peer to peer.

Protocol proposal: generating cache from reverse proxies, but would like
to immediately make it available for p2p Bittorrent access. Hope to
present interchangeable web caching standard in future meetings.

nadiyno.org digital security helpline to answer the most basic digital
security questions for Ukraine

electricity distribution causing blackouts and ISP shutdowns. Trying to
import more batteries to deliver to ISPs, via Global NOG Alliance.

• Colin Perkins: Lots of personalised content in the web.

  • Dimitri: Internet is not built to be cached and recreated
    somewhere else. ceno has a lot of work to decide what to cache
    or not cache.

• Colin: Do you use onion routing?

  • Dimitri: No. Focus is not privacy. Aim is content delivery for
    censorship circumvention

• Daniel Gillmor (remote): We just heard about risks to people from
  sharing specific content. Any thoughts about this. Also you seem to
  be about getting information into sensistive areas, but can you also
  get information out of these areas?

  • Dimitri: On "guilt by association" can see who is connected to
    DHT, but not who is accessing what. You could download it
    yourself (as a state operator etc) and then see who access the
    content from you. Once there is a lot of information in the
    network, this problem decreases.
  • Daniel: There is an authenticiy question as well. False and
    surveillance question.
  • Dimitri: See slide 23. Content sinatures made by "injectors"
    based on Ouinet infra. Sig validatoin is hardcoded into Ceno
    client.

• Ted Lemon: This is cool. Two attacks. 1. Is it possible for an actor
  to put bad data into cache by creating many instances so no one else
  pulls the data?

  • Dimitri: Inject IPs are hard coded into client. Injectors fetch
    and sign.
  • Ted: 2. What if eQualitie's own keys are stolen/accessed? [was
    that the question?]
  • Dimitri: Injectors are point of vulnerablity
  • Ted: Publishers do provide authentication for content, but this
    does not consider your use case. Would be nice to move the
    burden to the publisher and away from "you"

Talk: Corinne Cath, University of Cambridge (30 minutes)

"Human Rights at the IETF: what happened and where do we go next?"

Eliot: congrats on ANPR award, well-deserved! engineer participating,
sometimes with great trepidation. struggle with the concept of human
rights because there is no single right answer, things can be used for
harm or good. value of hrpc has not been in publications from the group
but presentations to the group. thanks to the chairs and presenters for
that. suggest we (broader community) to surface the most important
presentations to the broader community, with a description of potential
ramifications to ietf.

Colin: thanks eliot for the idea. agree, wide impact of hrpc in
ietf/irtf. agree that it's more about the people and viewpoints rather
than the specific documents. we need this diversity of views, nowhere
near diverse enough. hrpc does that in one small way. would be great to
bring in people from more axes of diversity, even if there would be
growing pains from clashes of views.

Colin: strongly agree that we have always discussed politics in the
IETF. e.g. RFC 1984, which explicitly discussed economics. finally
starting to admit that we are discussing politics.

Adrian Farrel: challenge of getting to these meetings because of
conflicting meetings. I know that I need security considerations and I
know that I don't have the expertise. IETF has a security directorate to
provide advice. Next step would be a directorate or review team who can
ask me the questions in the guidance. Someone who can help me bridge the
gap. May be too late once deep into a protocol spec: need a review of
the working groups rather than the protocols.

Niels: "landing pad", is there specific terminology, like "boundary
object"?

Corinne: avoiding academic language for this particular talk. 2-way
street/conversation, beyond the particular documents.

Mallory: thanks for the suggestions! and thanks Corinne for the
self-reflective discussion.

Mallory: directorate/review-team has been tried and not always
well-received. not just about telling people what they got wrong, but
come along and let's try to expose that trade-offs are present.
guidelines draft is about trying to make aware of the issues and
introducing hrpc as a place to get expertise.

Updates: Status (10 minutes each)

draft-irtf-hrpc-guidelines, Gurshabad Grover

Gurshabad: update to 8280, guidelines for those considering

irsg review, received two reviews and now have addressed all the
comments. hopefully draft will proceed. sent summary of changes on the
mailing list, nothing major.

draft-irtf-hrpc-association, Niels ten Oever

Nick: Niels made revisions based on comments at last IETF. I have open
pull request and some small edits. after another round of edits, I think
will be ready for RG last call.

New: Intimate Partner Violence Digital Considerations, Sofia Celi

Sofia: starting work on github. call for action, if you're interested,
let us know.

work started prompted by last ietf with presentation on intimate partner
violence and use of tech tools for that.

describe the strategies of these attackers; recommendations for protocol
developers to understand the potential implications. and security
considerations.

please join us in github/on mailing list.

Colin: not yet a submitted draft? Sofia: in progress, but not yet
submitted or in Datatracker.

https://github.com/claucece/draft-celi-ipvc/blob/main/draft-ietf-celi-ipvc.md

Colin: +1 for work in this space.

AOB (15 minutes)

GNAP, Adrian Gropper

Adrian: GNAP a successor to OAuth. authorization protocol has privacy
concerns of course. human rights consideration: does not consider
delegation or power asymmetry. forced association consideration is
directly applicable here. unrestricted delegation by the subject should
be a requirement.

proposed three mitigations of the human rights issue; all 3 are
possible. whether it should be must/should vs. voluntary.

GNAP seems like a direct example of hrpc applicability. an unintended
consequence is "hyperscale platforms" and a risk of regulatory capture.
standardizing data models has a new potential for mass surveillance.

fabien: thanks, interesting work. take work seriously as a co-editor.
need security and privacy analysis. new to put measures in place for
human rights. need some additional support, and thanks for that. one of
the main points of debate in yesterday's meeting. not sure the technical
ways to implement.

mallory: encourage cross-group conversation, CC both lists.

colin: clearly worth discussion with this group, but challenge to
connect people with very different expertise. post to the lists, and may
need small group discussion.

HRPC recharter, Mallory Knodel

Mallory: some suggestions from me and others that we could consider a
slight re-charter; recently reviewed by the IAB.

a conversation to take to the list. making policy considerations more
explicit part of the group work. feedback from today about the
ability/need for reviews.

Mallory and sofia to facilitate conversation on the list and at IETF
116.

and thanks to Tara for bringing forward the direct connection to Alaa.