Minutes for HRPC at IETF-92
minutes-92-hrpc-1
| Meeting Minutes | Human Rights Protocol Considerations (hrpc) RG | |
|---|---|---|
| Date and time | 2015-03-27 16:50 | |
| Title | Minutes for HRPC at IETF-92 | |
| State | Active | |
| Other versions | plain text | |
| Last updated | 2015-03-27 |
minutes-92-hrpc-1
2015-03-27 11:52:06-0500 ------------------------ hrpc meeting 11:50-13:20 at IETF-92, Dallas, TX, US https://www.ietf.org/proceedings/92/slides/slides-92-hrpc-0.pdf Agenda ------ Status of the research group. Joana: october 27 I-D published. spoke at SAAG at IETF-91 26 ~45minute interviews at IETF-92 Temporary research group, after a year, there will be a review to see if this should be made more permanent. What is the purpose of the Internet? How does this map to human rights? Focusing on freedom of expression and association initially. slide 16- Andrew Sullivan: this approach conflates certain positive rights and negative rights. e.g. resilience requires that communications remain up, distributed arch requires ubiquity (positive rights). these are different from privacy and content-agnosticism (negative rights). Dave Crocker: resilience and robustness fall under connectivity. the definition of FoE is much more powerful than FoA. FoE is the right thing to show. I agree with Andrew's assesment that positive vs. negative is important. Also, on slide 11, you're missing e-mail as a bi-directional interconnectivity. Niels: FoE definition is quite abstract. Do we need to define these terms in a more detailed way? Robert Sparks: Yes, you have to get more detailed. Looking at the classification, i can't figure out where geolocation fits in. how do we distinguish how much your geoloc information leaks, from how do we know what others can do with it. Juan-Carlos Zuniga: Privacy isn't about hiding everything; it's about user being able to decide who gets access to what. I like the systematic approach, but slide 15: for FoA, how can i define this problem? FoA is not a two-person or a one-way problem. This meeting is a lot of people, but only a few people talk. is this association? we need to be clearer about this to be able to have the systematic approach. Niels: in 1908, Brecht said that radio can only be fully fulfiled if the audience is able to talk back. on the internet we seem to be closer to that. I don't think everyone needs to talk at the same time. J-C Z: people can talk back in other media; even if they only hear radio, the ther mechanisms provide feedback. Niels: to address your first question: transparency is also in the list, jabber scribe: Avri doria says she's pat of the assembly, though remotely. Larry Masinter: what about other rights that might infringe on FoE? copyright, right to be forgotten, etc. how can we address these countervailing rights? Fred Baker: FoA and FoE don't go together. FoA is about being able to be in a room together, online, it's maybe being in a group, like a mailing list or facebook friends or something, but it's not about Ladar: FoA is classically described as the ability of being in the room without being placed under suspicion. "something like metadata" Dave Crocker: slide 13 is an interesting list. have you written explanations why each item is important, and what the arguments against them might be? more detail would help get the list clearer. dkg: privacy belongs in FoA directly, not just as part of FoE. Niels: balancing rights is crucial. privacy vs. expression can come in conflict. We have ways to balance them outside of protocols. do we have a way to balance them technically? to Dave Crocker: we have a little bit more detail sorted out in the I-D Joana: FoA isn't quite as clear as it should be, so maybe we need to go back and clarify it. Niels: we did start with mailing lists, we appear to have lost the link between them. ----- back to presentation, at slide 16. Justin Richer: are you distinguishing between violations as a result of the protocol as designed, or in situations where the protocol has been perverted? Niels: i think both, though the research might want to start focusing on violations as a result of the protocol as designed. Stephane Bortzmeyer: I don't know that we can distinguish between these two as clearly as possible. In many cases you might not be able to tell. Niels: Justin, can you come up with a definition? Justin: a good example of a perversion would be a DDoS: you're technically doing everythign within the lines of the protocol, but not as it was intended to be used. Ladar: While not a protocol: an example of perversion might be the laws that were passed required every mobile phone to carry a gps chip for e-911. for the perversion, it would be activating it remotely to track everyone the whole time. Niels: in both cases, you've got a breach of intentionality. and sometimes innovation comes from the breach of original intention. Fred Baker: if i'm under DDoS, i'm not speaking, or attempting assembly. In a DDoS, the packets being used for ICMP are being used by the emitter for a purpose that is not the original purpose for ICMP. (ICMP was intended for measurement, but is being used for DDoS. Justin: there are different intentions in protocols. Dave Crocker: seconding fred, plus: this highlights differences between mechanics of protocols, administration and operations of protocols, intentions of protocol designers and specifiers, and the difference between "Policies and Procedures", which some people might call "politics". they are decreasingly in the technical space, but they're the layers above layer 7, which we cannot operate without. They factor in here essentially (we can't avoid them) and problematically (because ???) < transcription failure Andrew Sullivan: the distinction between Perverse vs. appropriate use won't help you. This assumes that we know the telos or goal of the protocol. Protocols are often used in ways that they didn't intend in the first place. To focus entirely on the protocol itself, you have to pay attention to how the protocol works *without* the intentionality of either the designer or the user. J-C Z: seconding Andrew. In privacy considerations, civic locations/address in e-911 is relevant in the privacy considerations. we have to enumerate these things so that we can understand the risks of using it in certain ways. ----- back to the slides, slide 17 Joana: please point the list to instances of protocol exploitation. https://lists.ghserv.net/mailman/listinfo/hrpc plan to continue interviews. also looking and discussion on the list. ----- slides done. Fred: making relationships explicit. in some cultures, women can only communicate through their husbands. Lee Howard: the same tools that can be used to find people and suppress individuals can also be used to find bad people and to suppress bad individuals -- i don't know how we figure out how to do one without the other. there are bad people in the world. I'd like to make sure that we're looking at both sides. I don't necessarily trust law enforcement, but i also need them. Niels: that's why transparency for these things and analysis is important. the better we understand our approaches, the better we can distinguish between the issues.