Minutes for HRPC at IETF-96
minutes-96-hrpc-2

2016-07-20 15:54:55+0200
------------------------

HRPC
IETF 96
Berlin

# Agenda Bash

# Context and objective

# Context of research

# Talk by Laura DeNardis

Emerging Issues in Protocols and Human Rights

ISOC Internet invariants:

    global reach

    general purpose

    permissionless innovation

    accessibility

    interoperability

    mutual agreement

    no permanent favorites

Protocols are only one component of the human rights implications

how can we address government interference/tampering with infrastructure?

We must acknowledge that infrastructure can be a proxy for state power.  As
states consider this and try to exercise that power, how can we prevent that
from being used as a force of social control?

Eliot Lear: is the distinction between "governance of the infrastructure" vs
"governance of the people" a meaningful distinction?

DeNardis: I see internet governance as "how do we keep the Internet operable,
and what are our policies around it?

Corinne Cath: can you give examples of other bodies where HR/infrastructure
intersect?

DeNardis: government action.  I just published "One Internet" An evidentiary
basis around fragmentation and implementation.  Also, we need to consider other
SDOs where civil society can't even get in the door.  Global Commission on
Internet Governance has discussion and interest about this too.

https://www.ourinternet.org/research/one-internet-evidentiary-basis-policy-making-internet-universality-and-fragmentation

Andrew Sullivan: so what effect should these considerations have on what we're
doing?  Is there a distinction to make between cases where protocol design
decisions will affect the outcome, and cases where we can't do anything about
it.  There isn't anything i can do in a protocol design about other SDOs bad
inclusion policies.  all i can do is write a better standard and hope that it
will be deployed more widely.

We invented DNSSEC precisely so that when people start tampering with it you
can detect it so that people can detect it, and dns privacy it protect the
leakage of this sensitive information.  do you have practical recommendations?

DeNardis: DNS Privacy is a perfect example of this, and strengthening
encryption instead of weakening encryption.  What are opportunities to expand
into other areas of standardization that are currently at the margins of the
internet protocols?  can we make sure there is interoperability?  can we make
sure that people like Cath can participate in these discussions?

Niels -- there will be followup to the list.

David Kaye, UN special rapporteur for freedom of expression
==============

audio, no video.

topic: his mandate in the human rights council, ways to collaborate, what
projects he's working on.

Human Rights Council, which includes a focus on Article 19, which should apply
to all individuals.

    right to hold an opinion without interference

    seek, receive, and distribute information and ideas of all kinds, through
    any media, and regardless of frontiers

surveillance, encryption, anonymity are all within Kaye's mandate as ways to
protect these rights, and this is a shared core value with the IETF.

My current project maps how private ICT sector implicates freedom of expression.

http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc

need (but have not issued) guidance to private actors, whose decisions have
implications for these rights.  due diligence here is important.

but we emphasis transparency - users understanding what happens to them

gov't action is part of it, but parts are affected by private action.

policy environment is developing recently under the framework of
"cybersecurity" that has troubling implications for human rights that have been
part of the internet for a long time.

the UN isn't out to regulate IETF or other SDOs; multistakeholder approaches
are the right approaches.

core values of the IETF are likely to be challenged by governments, i hope you
can maintain this work in the face of challenges to the protocols

Niels: what can the IETF do for you?

we're starting the process by focusing on telcos, ISPs, and NAPs.  we could
really use technologists who understand.  i'll send a call for comments soon,

Niels: i will make sure this call is visible within the IETF

Ben Schwartz: what harbingers can we look for of the kind of interference
you're warning about?

Kaye: in the ITU, governments like Russia and China (and several others) are
interested in imposing non-multistakeholder governance.

Charles Neville: when should we as technologists stop trying to set policies
for the rest of the world -- that perhaps this is something that societies may
have the right to decide for themselves?  when are these things universal?

Kaye: this is what we work on: when do human rights apply or when do
local or national customs apply?  if we go the direction of local or
national values, we're talking about walled-off internet, where
individual rights are not respected.

I hope to have an opportunity to meet with you in person in the future.  I'm
accessible by e-mail and twitter, and would like to hear from you.

-------------

Alissa Cooper
-------------
https://www.ietf.org/proceedings/96/slides/slides-96-hrpc-2.pdf

Lessons from RFC 6973

Security considerations became more formalized and systematized over time

Privacy considerations is a natural followup to this line of this
work: there is some overlap, and some not.

privacy considerations work started in 2010, but was published in the
IAB stream in 2013.

Q&A

Pete Resnick: security and i18n i have a pretty straightforward way to
map these to protocol levels.  privacy not as much, but in some ways
still similar.  some of the HR goals seem hard to map directly to
protocols, but if you switch language around it might be more useful.
for example, censorship resistance seems to be at "layer 9", but
"universal addressibility and accessibility" sounds like much more
clearly a protocol level.

Alissa: sounds good to me.

Niels: cuts the lines, asks for next speaker

Corinne Cath
============

discusses draft-tenoever-hrpc-research

Shane Kerr
==========

description of his interaction with the draft for his dns-over-http draft

Giovane C.M. Moura
==================

applied it to draft-francois-dots-ipv6-signal-option

draft was technically improved by reviewing this document; not just an
improvement for HR alone.

Niels--
is the schedule to go gather comments for one more month and then start the RG
last call for this draft ok for everyone??

Shane: In principle it seems OK, but it's summer, so you might want to
stretch it out.

Joe Hall: is the IRTF process different than IETF?

Lars Eggert: IRTF is looser -- RGs can do what they like.

Niels: we should stick with IETF standards

Hum: audible, substantial in favor of 1 month until starting RG last call.  a
few weak voices in opposition.