IABOpen Minutes IETF114

Chairs: Mirja Kühlewind, David Schinazi

Topics

Welcome and Status Update (10 mins) - Mirja/David

Slides: Welcome and Status Update

Document Updates

Program Updates

Mark McFadden: I hope you don't close Model-T and instead inject some
energy into it. There are 5 drafts. What the IAB sees as a symptom is
something I think the IAB could solve by providing some of the energy.
One interim meeting doesn't seem like enough to me. My input is, don't
close it, and if you do, make sure you have a place to go with those
documents and contributions.

Mirja Kühelwind: I well understand that desire and that it's not
satisfying to just close the program. But the purpose is to trigger a
conversation in the community, and we don't see the goal acheived. There
are documents that have contributed to the discussion, but a lot of
these were not considered for publication on the IAB stream. We
discussed today that we need a venue for these documents, and I know
that it is frustrating, but I don't think it will be in the IAB. I think
it will be on you to bring the docs to the right place. There are
research groups like PEARG or HRPC, or maybe go to the SEC Area and keep
the discussion there.

Dominque Lazanski: I am the author of 2 of these drafts on threat
models. I support what Mark said, but I think it's not on us
individually, but on us collectively. There is quite a lot going on in
this area. I think this needs some zest and energy from the IAB. I would
support seeing this get another chance so we have a place to discuss
these threats and threat issues.

Mirja Kühelwind: It's important to have a place to discuss with the
community, but the program is failing to do that.

Jari Arkko: I don't think that I have all the answers; I share the pain
that was expressed at the mic. It's not that we will close this and go
away, but there is an opportunity to move some docs forward and continue
the discussions on the architecture-discuss list and other venues.

Administrative Support Groups

Workshops

Liaison Updates: ITU-T (Scott Mansfield) (15 mins)

Slides: ITU-T Liaison Summary of work related to IETF - Scott
Mansfield

Data minimization: draft-arkko-iab-data-minimization-principle (Jari Arrko) (10 mins)

Slides: Data Minimization

Invited Talk: EU Digital Markets Act (Luís Cabral, Professor of Economics and International Business, Department of Economics, Stern School of Business, New York University) (20mins)

Slides: EU Digital Markets Act

Wes Hardaker: Thank you. I hope it comes true that this promotes
intererability at a layer higher than we usually see at the IETF these
days. What I am curious about is, does the DMA find a way to avoid some
of the legal loopholes, like finding a way to mandate instant messaging?

Luís Cabral: There are a lot of potential loopholes. The large
corporations have a lot more technical people who can do those kinds of
things. For example, Google might say that "if you are going to start
regulating us like this, we'll stop offering search on Google", or
something like that. I don't think it's a credible threat but tactics
like this may work in preventing the regulation from having full effect.

Stephen Farrell: Dividing interoperability will take a while. From a
regulatory process, how do you see that happening?

Luís Cabral: The DMA suggests there will be a dialogue with the
gatekeepers and some interested third parties. DMA does not spell out in
detail exactly what it means, basically it creates the possibility for
it to happen.

Stephen Farrell: Is there a mention of IETF in the docs?

Luís Cabral: I don't actually know, but it should because a lot of this
will amount to technical interoperability details (to which IETF has a
lot to contribute).

Phillip Hallam-Baker: I don't care about the companies, I care about the
users in the walled gardens, that Alice in one walled garden can get up
and move to another walled garden of her choice without losing all of
her friends and contacts.

Luís Cabral: I think this is one of the areas where the DMA is very
specific, but whether or not they can deliver it still a question: the
devil is in the details. For example, I can think of 100 ways in which
Amazon can make life difficult for third-party sellers. Support from
people with technical knowledge will be important: laywers and
economists will not be able to solve this.

Alissa Cooper: There are many ways to acheive interoperabilty, and
standards are just one of those. Does the EC have preferences about how
this interoperability is acheived? A 1:1 dialogue with each gatekeeper
is sub-optimal from our perspective. Can you glean whether they would
prefer to see standardized solutions to some of this? And the flipside
is, there are other EC pieces of legislation that are much more detailed
about this and the need for standards. Is that meaningful, that there is
no explicit language about standardization in this, or was that just
part of the political process?

Luís Cabral: The DMA was created by a bunch of people with little
knowledge of the technical details. I don't think there are any
preferences regarding technicalities because I don't think they have a
clear idea how to do things. I think this is an area where you could
make an enormous contribution. I think the goal is to end with closed
systems. I think the EC would be thrilled to have IAB contributions on
this. There are different problems on the commercial part of the
Internet. I don't think there can be a one-size-fits-all type of
regulation.

Christian Huitema: I am a bit scared by what you mentioned about sharing
data. You mentioned competition as a big issue, but there is also
surveillance. Companies are acquring data about you to sell products.
Anyone can get all the data all the time, and that seems scary.

Luís Cabral: I agree. Much of this will probably fall under the digial
service act, liability for users' actions. I don't know much about the
DSA, but I think your question probably refers more to that. I don't
think it's an issue of privacy per se, but of allowing proprietary
rights over user-level data.

Mallory Knodel: My quesion is, we've seen the GDPR play out for a few
years now, and I think some people would say they have notes. What are
the mechanisms to revise this, and how long will it take? What kinds of
advocacy would be useful here?

Luís Cabral: The DMA does have provisions for it to be revised in the
next few years. I would guess it will probably be a decade before the
dust settles. There are enormous risks. There is some evidence already
that GDPR had a negative impact on small start-ups (the information from
cookies is what allowed a lot of them to thrive).

Open Mic (5 mins)

Please take further questions to the architecture-discuss mailing list.